Hello, At 22:47 11-05-2008, Zbigniew Szalbot wrote: >Thanks for all the helpful hints and advice! >I beg your patience with me. Can you help me generate an appropriate >DNS entry for DKIM? > >1/ I do NOT use domainkeys, nor do I plan to do so. >2/ I ONLY use DKIM and all mail sent from lists.lc-words.com is >signed with DKIM signature. > >If I drop the "o=-" entry, that will just mean that some of the >lists.lc-words.com mail may be signed with domainkeys, right?
The (DomainKeys) sending domain policy for lc-words.com is retrieved from _domainkey.lc-words.com. The "o" in there defines your outbound signing policy. As you are not signing with DomainKeys, there is no need for a "o" entry. If you drop that entry, there is no statement being made about whether you sign with DomainKeys or not. Note that DomainKeys is _not_ DKIM. >If so, what should the correct DNS entry for DKIM look like? >I did look at http://www.elandsys.com/resources/sendmail/dkim.html >where they suggest >mail._domainkey.example.com. IN TXT "k=rsa; In that example, "mail" is the selector. The syntax is selector._domainkey.signingdomain. The public key is also required in that record. >entry, so in my case should it be >_domainkey.lists.lc-words.com IN TXT "krsa; >? In your (DKIM) case, if the signing domain is lists.lc-words.com, then the entry would be lcwords._domainkey.lists.lc-words.com where "lcwords" is the selector. >I currently have: >_domainkey.lists.lc-words.com. 2640 IN TXT "o=-\;" You can remove that TXT record. >Anyway, I used the auto-response mechanism for checking DKIM and >here's what I got: >DKIM Test: pass (1024-bit key) This means that the DKIM signature is successfully verified. Your lcwords._domainkey.lists.lc-words.com record is correct. >DKIM Author Signing Practice: no DNS record This is the policy part of DKIM where the author domain can publish its signing practice. Note that this is still a draft specification which means that it may be changed in a later draft. You can publish the following TXT record: _asp._domainkey.lists.lc-words.com dkim=all which means that the lists.lc-words.com domain signs all outgoing mail with DKIM. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
