I have a general question regarding the use of KeyList and Domain. According to the man page: Domain (string) A comma-separated list of domains whose mail should be signed by this filter. Mail from other domains will be verified rather than being signed.
The value of this parameter may also be a filename from which domain names will be read. The "#" character in such a file is assumed to indicate a comment. An absolute path must be used (i.e. the first character must be a "/"). In either case, the domain name(s) may contain the special char- acter "*" which is treated as a wildcard character matching zero or more characters in a domain name. KeyList (string) Gives the location of a file listing rules for signing with mul- tiple keys. If present, overrides any KeyFile setting in the conifguration file. The file named here should contain a set of lines of the form sender-pattern:signing-domain:keypath where sender-pattern is a pattern to match against message senders (with the special character "*" interpreted as "zero or more characters"), signing-domain is the domain to announce as the signing domain when generating signatures, and keypath is the path to the PEM-formatted private key to be used for signing messages which match the sender-pattern. The selector used in the signature will be the filename portion of keypath. If the file referenced by keypath cannot be opened, the filter will try again by appending ".pem" and then ".private" before giving up. So if I see that right then I must define twice for what domains I want DKIM-Milter to sign the messages. Right? Once in the KeyList and once in Domain. Is that not somehow redundant? What is the benefit in doing so? Assuming this KeyList file: [EMAIL PROTECTED]:first.com:/etc/mail/dkim-filter/keys/first.com/mail [EMAIL PROTECTED]:second.com:/etc/mail/dkim-filter/keys/second.com/mail [EMAIL PROTECTED]:third.com:/etc/mail/dkim-filter/keys/third.com/mail Assuming this Domain entry: first.com Then DKIM-Milter will NOT sign any mail for second.com and third.com because it is not listed in Domain. Right? >From my viewpoint this could be optimized. Either allow me to specify >exclusively the domains in KeyList (omitting/ignoring Domain entry) or allow >me to specify a file for Domain (which is according to the documentation >possible, but I can not just point Domain to the same file as the KeyList file >because the format for Domain and KeyList do not match). It would be very >convenient to save myself from maintaining the same information in two >different places. Has any one found a way to avoid this double-maintenance of information/configuration? // Steve -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
