Re: how to setup opendkim for signing all outgoing mails

From: Matthias Weiss <>
Date: Tue, 8 May 2012 13:49:05 +0200


Thanx for the answer!

> >So we have the situation where the generated emails have different "From"
> >entries, always the same envelope "MAIL FROM" and always the same "Sender"
> >address entry. We also want to sign *all* of our mails with opendkim.
> You could use the IdentityHeader setting.

I tried this and used the "Sender" header field (I don't have any other one
awailable as opendkim aparently can't access the envelope "MAIL FROM" field.
If I set "IdentityHeader Sender" then the "i=" tag is set correctly but it
missmatches the domain tag "d=". In the "d=" tag opendkim sets the domain part
from the "From" sender address.
Further, this also relies on the "Sender" header entry to be available, which
I want to avoid.

> SenderHeaders is used for DKIM verification

Oh, I my understanding of the manual entry

"...This is mainly used when verifying a message to determine the origin
domain (for policy checks), and when signing for deciding which signing
request(s) to make..."

is that it can be used for both, for verfication and signing.

> If there is an error in your website configuration, you could enforce
> policy checks to prevent such messages from being sent out. You can
> also use a wildcard to sign everything. That should match any domain
> in the "From:" header field.

Yes, I've tried setting "Domain *" but then the "d=" tag is set to the
domain part from the "From" sender address. Which I don't want.

Received on Tue May 08 2012 - 11:48:36 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST