Ok, I think I'm getting it.
My understanding is that the DK signature is generated from the header
and the body, so any additions/alterations would invalidate the
signature. So I tend to agree with you.
If that's the case, though, then what DynDNS told me is wrong. I'm
hesitant to question them, as they're pretty sharp with this stuff too.
I'm wondering how this *could* work. Maybe certain (routing related)
header entries aren't included in the signature. That would almost need
to be the case, given server farms and requirements of very large
companies. Otherwise, key (especially private) distribution could be a
nightmare.
Anywise, no sense in speculating. I should be seeing failures in a day
or two if this indeed doesn't work. Stay tuned...
Erik Espinoza wrote:
DomainKeys only works if your server talks directly to the destination
server. If you force all your mail via your isp server using
smtproutes, then their server will add some headers which will in turn
invalidate all your DomainKey signatures.
On 8/4/06, Eric Shubes <[EMAIL PROTECTED]> wrote:
Erik Espinoza wrote (on 5/26/06):
> You may want to add that DomainKeys can't be used in
> conjunction with a smart host. So if you define a ':mail.isp.com' in
> smtproutes, then DomainKeys will always fails.
>
> Erik
>
Why would that be?
(Maybe I don't understand what a smart host is)
I'm using dyndns.org's mailhop outbound service for some destination
domains (because I'm on a pseudo-dynamic ip address). I specify this
using smtproutes.
I asked dyndns.org about domainkeys with mailhop outbound, and here's
how the emails went:
>>> I relay *some* of my email through mailhop outbound.
>>> I recently (today) configured domainkeys for my domain.
>>> My server signs all outgoing email, including that which is
>>> routed through mailhop.
>>> Will routing through mailhop outbound cause a problem with
>>> domainkeys?
>>> I haven't experienced a specific problem yet, but I'd like to
>>> know whether or not to expect this to be a problem.
>>>
>>
>> It should not be a problem. Your email is validated at the receiving
>> end based on your domainkey and your signature. Since the email still
>> originates from you and your signature matches your domainkey, your
>> mail should be fine. You may want to contact Yahoo for more
>> information regarding domainkeys.
I just now turned off the test status on my domain, so it'll be some
time before I see a problem if there is one. I'll post to the list if
this indeed doesn't work.
--
-Eric 'shubes'
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
