How does opendkim determine on whose behalf to sign message?

From: Miha Vrhovnik <>
Date: Fri, 10 Sep 2010 18:38:17 +0200


First some background info.
I've set opendkim to sign messages, the keys and domain list are fetched from db, and that part seems to be working just fine. Opendkim is set as milter in postfix configuration.

The problem I'm having is the way opendkim is choosing on how to sign a message. It seems that it's taking the from field which I found strange as this can easily be faked. and it means that there is a giant hole that can be exploited e.g The message content can be different from the actual message sender (MAIL FROM command issued to the )
Shouldn't the decision on for which domain to sign message be taken from the MAIL FROM, or at least mail from should equal the From header in message itself.

I know that sender (MAIL FROM) can also be faked, but the way I've set up postfix is that the sender must be a valid alias for a login name, or relaying is denied, so there is no issue with fakes.


It's time to get rid of your current e-mail client ...
... and start using si.Mail.
It's small & free. ( )
Received on Fri Sep 10 2010 - 16:38:39 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:48 PST