You can with the MTA option specify which MTA it should sign messages for. The manual for dkim-filter says:
"-m mta[,...] A comma-separated list of MTA names (a la the sendmail(8) Dae- monPortOptions Name parameter) whose mail should be signed by this filter. There is no default." Just by reading this will tell John Doe that he should put this option in his configuration file if he wants to be enabled to sign his messages. Eg. MTA exempel2.tset.se If: DAEMON_OPTIONS(`Name=exempel2.tset.se, Addr=mta.exempel2.tset.se, Port=smtp') Everything is fine except that this will enable signing of messages that are delivered from an external part according to the following scenario. The external part sends a message with the spoofed sender [EMAIL PROTECTED] to [EMAIL PROTECTED] exempel2.tset.se receives and signs this message since it "apparently" is from our domain and we have activated the MTA option. The MTA option will override the rule below, : "external host gw.iis.se attempted to send as exempel2.tset.se" , since it will sign everything that comes through the server and has it "origin" within its own domain. We have now successfully authenticated us as the "admin", by letting the server do the job for us. What is the point of using the MTA option? It should be clearer what this option will do to the behaviour of the system. // Rickard Bondesson ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
