At 02:02 17-07-2008, Rickard Bondesson wrote: >You can with the MTA option specify which MTA it should sign messages >for. The manual for dkim-filter says: > >"-m mta[,...] >A comma-separated list of MTA names (a la the sendmail(8) Dae- >monPortOptions Name parameter) whose mail should be signed by >this filter. There is no default." > >Just by reading this will tell John Doe that he should put this option >in his configuration file if he wants to be enabled to sign his >messages. > >Eg. >MTA exempel2.tset.se
The MTA is not a domain name. It is the name assigned to that "MTA" definition. >If: >DAEMON_OPTIONS(`Name=exempel2.tset.se, Addr=mta.exempel2.tset.se, Port=smtp') > >Everything is fine except that this will enable signing of messages >that are delivered from an external part according to the following >scenario. > >The external part sends a message with the spoofed sender >[EMAIL PROTECTED] to [EMAIL PROTECTED] > >exempel2.tset.se receives and signs this message since it "apparently" >is from our domain and we have activated the MTA option. The MTA >option will override the rule below, : >"external host gw.iis.se attempted to send as exempel2.tset.se" >, since it will sign everything that comes through the server and has >it "origin" within its own domain. According to the above, a message going through mta.exempel2.tset.se on port 25 will be signed. >We have now successfully authenticated us as the "admin", by letting >the server do the job for us. What is the point of using the MTA >option? It should be clearer what this option will do to the behaviour >of the system. If you are doing SMTP AUTH, then let dkim-filter use that information for determining whether the message should be signed. If you are using sendmail, you can define a MTA name for the submission port. All messages submitted through that port gets signed if you specify it with -m or in your dkim-filter configuration file. The MTA option is one of the many ways you have to tell dkim-filter which messages should be signed. Regards, -sm ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
