Re: Signing Table Wildcard?

From: Steve Jenkins <>
Date: Mon, 5 Sep 2011 09:02:10 -0700

On Mon, Sep 5, 2011 at 6:51 AM, Todd Lyons <> wrote:
> On Sun, Sep 4, 2011 at 2:53 PM, Steve Jenkins <> wrote:
>>>> See the opendkim.conf(5) man page under "SigningTable".
>> Ah - OK, now I know * wasn't working for me when it KNEW
>> it was for me before. I used the RPM version of OpenDKIM on this new
>> server (natch), and the default conf file I use didn't have refile: in
>> the SigningTable option.
> Good catch.  I had forgotten about that because my main systems use
> mysql lookups.  I still have an old system that uses local key files
> and verified that SigningTable uses refile: style lookups, and the
> signing table file has * in it for the match.
> Looking in the man page referenced by Murray, it clearly states why:
> If this table specifies a regular  expression  file  ("refile"),
> then the keys are wildcard patterns that are matched against the
> address found in the From: header field.  Entries are checked in
> the order in which they appear in the file.
> For  all  other  database  types,  the full user_at_host is checked
> first, then simply host, then user_at_.domain  (with  all  superdo-
> mains  checked  in  sequence,  so  "" would first
> check  "",  then  "",  then
> ""), then .domain, then user@*, and finally *.
> In other words, without the refile: lookup type being specified, it
> treats an asterisk as simply an asterisk, not as a wildcard symbol.

Phew. I thought I was losing it. :)

I think refile should be the default in the packaged conf file then.
It's commented out anyway, but when they uncomment it, it's likely
gonna be for multiple keys support, in which case refile is probably
what they're gonna want. Comments?

Received on Mon Sep 05 2011 - 16:02:23 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:20 PST