On Tue, 29 Apr 2008, Zbigniew Szalbot wrote: > Actually no. Is rsa-sha256 preferred?
The specs require it unless you have a good reason to force rsa-sha1. See RFC4871 section 3.3. > Yes, but no logging is taking place. See below. If you turn on logging with Syslog, the log information is sent to your syslog daemon generally using nothing lower than "info" level. The logging facility is "mail" by default, but your configuration file can change it. Once you have that working, the output of LogWhy will tell you why mail is or isn't getting signed. > I am not sure. Emails sent exactly the same way (from a local webclient) > for the szalbot.homedns.org domain do get signed. Here's an example: That's possibly the interesting point. If sent from a local webclient (which perhaps invokes sendmail via command line), the injection source will be 127.0.0.1. If you route mail through the filter from other points, those sources aren't trusted by default. You have to tell the filter it's okay to sign mail from those places as well, otherwise the filter would sign any mail it sees that claims to come from your domain, opening a hole for signing forgeries. Check the dkim-filter(8) man page for the "-i" switch, or the dkim-filter.conf(5) man page for the InternalHosts setting. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
