Re: Signing Table Wildcard?

From: Todd Lyons <>
Date: Mon, 5 Sep 2011 06:51:48 -0700

On Sun, Sep 4, 2011 at 2:53 PM, Steve Jenkins <> wrote:
>>> See the opendkim.conf(5) man page under "SigningTable".
> Ah - OK, now I know * wasn't working for me when it KNEW
> it was for me before. I used the RPM version of OpenDKIM on this new
> server (natch), and the default conf file I use didn't have refile: in
> the SigningTable option.

Good catch. I had forgotten about that because my main systems use
mysql lookups. I still have an old system that uses local key files
and verified that SigningTable uses refile: style lookups, and the
signing table file has * in it for the match.

Looking in the man page referenced by Murray, it clearly states why:

If this table specifies a regular expression file ("refile"),
then the keys are wildcard patterns that are matched against the
address found in the From: header field. Entries are checked in
the order in which they appear in the file.

For all other database types, the full user_at_host is checked
first, then simply host, then user_at_.domain (with all superdo-
mains checked in sequence, so "" would first
check "", then "", then
""), then .domain, then user@*, and finally *.

In other words, without the refile: lookup type being specified, it
treats an asterisk as simply an asterisk, not as a wildcard symbol.

If Americans could eliminate sugary beverages, potatoes, white bread,
pasta, white rice and sugary snacks, we would wipe out almost all the
problems we have with weight and diabetes and other metabolic
diseases. -- Dr. Walter Willett, Harvard School of Public Health
Received on Mon Sep 05 2011 - 13:51:58 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:20 PST