The MTA option does not need to be a domain name, just used it in this example, could be eg. "sendmail".
My point was that it should be more clear in the manual of when to use it. So that John Doe does not use it in the wrong context. (From a usability point of view) When I first started to use dkim-filter, I thought that you should use this option in all cases or else the filter would not work. Like if it was a way for DKIM to know who it was "working" for. // Rickard On Thu, Jul 17, 2008 at 12:07 PM, SM <[EMAIL PROTECTED]> wrote: > At 02:02 17-07-2008, Rickard Bondesson wrote: >>You can with the MTA option specify which MTA it should sign messages >>for. The manual for dkim-filter says: >> >>"-m mta[,...] >>A comma-separated list of MTA names (a la the sendmail(8) Dae- >>monPortOptions Name parameter) whose mail should be signed by >>this filter. There is no default." >> >>Just by reading this will tell John Doe that he should put this option >>in his configuration file if he wants to be enabled to sign his >>messages. >> >>Eg. >>MTA exempel2.tset.se > > The MTA is not a domain name. It is the name assigned to that "MTA" > definition. > >>If: >>DAEMON_OPTIONS(`Name=exempel2.tset.se, Addr=mta.exempel2.tset.se, Port=smtp') >> >>Everything is fine except that this will enable signing of messages >>that are delivered from an external part according to the following >>scenario. >> >>The external part sends a message with the spoofed sender >>[EMAIL PROTECTED] to [EMAIL PROTECTED] >> >>exempel2.tset.se receives and signs this message since it "apparently" >>is from our domain and we have activated the MTA option. The MTA >>option will override the rule below, : >>"external host gw.iis.se attempted to send as exempel2.tset.se" >>, since it will sign everything that comes through the server and has >>it "origin" within its own domain. > > According to the above, a message going through mta.exempel2.tset.se > on port 25 will be signed. > >>We have now successfully authenticated us as the "admin", by letting >>the server do the job for us. What is the point of using the MTA >>option? It should be clearer what this option will do to the behaviour >>of the system. > > If you are doing SMTP AUTH, then let dkim-filter use that information > for determining whether the message should be signed. > > If you are using sendmail, you can define a MTA name for the > submission port. All messages submitted through that port gets > signed if you specify it with -m or in your dkim-filter configuration file. > > The MTA option is one of the many ways you have to tell dkim-filter > which messages should be signed. > > Regards, > -sm > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > dkim-milter-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
