Re: AlwaysSignHeaders results in "fail"

From: <>
Date: Mon, 18 Jun 2012 23:52:29 +0200

> On Mon, 18 Jun 2012, Murray S. Kucherawy wrote:
> > The "*" notation in SignHeaders was only added in OpenDKIM 2.3.0.
> > That's probably the cause for the error you're getting. I'll
> > double-check that later today.
> I downloaded 2.0.1 and tried your configuration against it, and yes
> indeed, the "*" feature wasn't supported back then and causes a processing
> error when trying to configure libopendkim to do what you're after.
> You can do it with 2.0.1, but you have to set SignHeaders to list all of
> the header fields you want to sign, including yours but also including all
> the other suggested ones. It's kind of a big list (see RFC6376 Section
> 5.4.1). Without the "*" feature, you need to replace the built-in list
> with a complete list, which means you have to copy the default list by
> hand.
> So much has been added and/or fixed since then though that upgrading
> really is a very good idea.

Taken from dkim.c v2.0.1:

/* recommended list of headers to sign, from RFC4871 section 5.5 */
const u_char *dkim_should_signhdrs[] =

I would use/list all these headers for the SignHeaders option plus my header.

Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro!
Received on Mon Jun 18 2012 - 21:52:45 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST