Murray S. Kucherawy wrote:
The use of the "SubDomains" option is intended to generate signatures for arbitrary subdomains using a key advertised by the parent domain. That is, mail from "x.example.com" will be signed using "d=example.com". It's intended as blanket coverage for subdomains you may not know are in use.If that isn't what you want, then I believe you have more stringent requirements than the DKIM subdomain signing concept supports, and you should include "x.example.com" explicitly in your signing domains list (and advertise a specific policy for it).
I have dkim-milter-2.4.2.What I really want is a "dkim=strict; handling=deny" SSP record. Problem is dkim-milter-2.4.2 fails to verify subdomains signed with one of domain's selector and I believe is due to the lack of "[EMAIL PROTECTED]" tag in DKIM-Signature header. However I didn't analysed the source code, so it is more like a educated guess.
Since dkim-milter gives me the option to sign subdomain messages, verification of such messages should succeed, don't you think? More so if the signer and verifier use the exact same DKIM software and therefore it couldn't be due to different interpretation of the DKIM specification.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
