Hi, On Mon, May 12, 2008 at 2:47 PM, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: > I beg your patience with me. Can you help me generate an appropriate DNS > entry for DKIM?
> 1/ I do NOT use domainkeys, nor do I plan to do so. > 2/ I ONLY use DKIM and all mail sent from lists.lc-words.com is signed with > DKIM signature. > If I drop the "o=-" entry, that will just mean that some of the > lists.lc-words.com mail may be signed with domainkeys, right? Yes. There is no tag for stating a policy that the site does not sign any messages. > If so, what should the correct DNS entry for DKIM look like? > I did look at http://www.elandsys.com/resources/sendmail/dkim.html > where they suggest > mail._domainkey.example.com. IN TXT "k=rsa; > entry, so in my case should it be > _domainkey.lists.lc-words.com IN TXT "krsa; > ? TXT RR for pubkey is generated with dkim-genkey(8), and I seems that you've already got one for ``lcwords._domainkey.lists.lc-words.com''. > I currently have: > _domainkey.lists.lc-words.com. 2640 IN TXT "o=-\;" DKIM Signatures rfc (rfc4871) does not use _domainkey TXT RR as policy statement. It's only for DomainKeys. ``_asp._domainkey.'' is for that purpose (as in draft-ietf-dkim-ssp). e.g. _asp._domainkey.example.com. IN TXT "dkim=all" means messages from example.com is always signed. Regards, -- Hirohisa Yamaguchi [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
