On Tue, 21 Aug 2007, Janet N wrote:
> The problem is my organization uses a selector name that get auto
> generated and it's name are different than the private key name. How do
> I get around this, can I use a KeyFile to achieved what I want?
As you stated, the KeyList entries are of this form:
sender-pattern:signing-domain:keypath
...and the selector used when that match hits is the filename portion of
"keypath".
Therefore, if you want a different selector name than the filename of the
key, the easiest thing I can think of is a symbolic link. To use your
specific example:
> Domain example.com,test.com,shrek.com
> KeyFile /etc/mail/keys/private.pem
> Selector 5982340
You could:
cd /etc/mail/keys
ln -s private.pem 5982340
...and then have a KeyList of:
[EMAIL PROTECTED]:example.com:/etc/mail/keys/5982340
[EMAIL PROTECTED]:test.com:/etc/mail/keys/5982340
[EMAIL PROTECTED]:shrek.com:/etc/mail/keys/5982340
This would sign all mail whose sender matches any of the sender-patterns
with a "d=" matching the sender's domain, use "s=5982340" for the
selector, and use the private key stored in /etc/mail/keys/5982340 (which
is a symlink to /etc/mail/keys/private.pem).
If this is too complicated or impractical for your environment, feel free
to open a feature request to get the format of the KeyList modified.
-MSK
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
