-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jan 08, 2008 at 10:09:23AM -0800, Murray S. Kucherawy wrote:
> The use of the "SubDomains" option is intended to generate signatures for > arbitrary subdomains using a key advertised by the parent domain. That is, > mail from "x.example.com" will be signed using "d=example.com". It's > intended as blanket coverage for subdomains you may not know are in use. > > If that isn't what you want, then I believe you have more stringent > requirements than the DKIM subdomain signing concept supports, and you > should include "x.example.com" explicitly in your signing domains list (and > advertise a specific policy for it). This particular clarification is something that is not inferred by the documentation (at least not the man pages). It might be worthy of adding somewhere, even if it's just a * at the end of the relevant section, because the docs don't make it clear that UseSubdomains tells dkim-filter to not look up keys for the subdomain but instead only look up the key for the parent domain. - -- Regards... Todd Exponential problems need logarithmic solutions. --Eddy Dreger Linux kernel 2.6.22-14-generic 5 users, load average: 1.04, 1.05, 1.04 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHhAEpY2VBGxIDMLwRAk/uAJ9AkACek6RNGNqaGjhzKpVx7D4tkwCeOCq6 /urduU8i7Ylmt77gWBHHGHQ= =py4f -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
