On Tue, 8 Jan 2008, Alin N?~Cstac wrote:
I think the problem is generated by the signing dkim-filter daemon,
which should have set [EMAIL PROTECTED] in DKIM-Signature when
following conditions are satisfied:
- the originator address is [EMAIL PROTECTED]
- "SubDomains Yes" is present in dkim-filter.conf
- the selector TXT record doesn't have t=s
That last one would mean the signing filter has to query the key record
it's using to sign. That shouldn't really be necessary (and it's
expensive).
The use of the "SubDomains" option is intended to generate signatures for
arbitrary subdomains using a key advertised by the parent domain. That
is, mail from "x.example.com" will be signed using "d=example.com". It's
intended as blanket coverage for subdomains you may not know are in use.
If that isn't what you want, then I believe you have more stringent
requirements than the DKIM subdomain signing concept supports, and you
should include "x.example.com" explicitly in your signing domains list
(and advertise a specific policy for it).-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
