Re: opendkim 2.1.3 and signing subdomains

From: Murray S. Kucherawy <>
Date: Fri, 27 Aug 2010 13:21:39 -0700 (PDT)

On Fri, 27 Aug 2010, Richard Rognlie wrote:
>>> And those signatures happily verify
>> That part's a bit odd. What software is doing the verifying?
> OpenDKIM 2.1.3

I'll try to simulate this manually sometime this weekend or Monday to
reproduce what you're seeing.

>>> I see mention of something in SignatureTable about the i= clause, but
>>> for the life of my I can't parse what it's saying, nor can I find an
>>> example anywhere...
>>> values in this data set should include one field that refers
>>> to a name found in the KeyTable (see above) that identifies
>>> which key should be used in generating the signature, and an
>>> optional second field naming the signer of the message that will
>>> be included in the "i=" tag in the generated signature.
>> So the SignatureTable might look like:
>> *
>> ...and you'd always have "" in your signatures.
> which is not the domain I want as the i= clause. I want i= to be
> the sender. (which in the above case, is,
> but in the *_at_* case is @mumble.gamer.znet)

So you'd want something like:

*_at_* testdkim:@%

...where "%" is replaced by the domain name portion of the thing that
matched "*_at_*", correct?

>> The feature isn't actually available in 2.1.3. It's available in 2.2.0.
>> What documentation are you reading?
> I thought 2.1.3 (since that's the only version available from the download
> page on sorceforge)

Right, but that documentation doesn't mention the sender selection

> I ass-u-me-d that would be
> the same. There's no indication on that page which version it refers
> to.

That stuff is pulled from the development head. There were reasons for
doing this but I imagine they weren't very good ones because I've since
forgotten them. I've changed it to pull from the current release branch

Received on Fri Aug 27 2010 - 20:22:02 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:48 PST