Alexey Loukianov wrote:
> Quinn Comendant wrote:
>> And Alexey mentioned once he would add a feature to disable
>> DomainKeys in the "right way" -- did this ever get added? On the main
>> site?
> Currently, the "right way" to disable DK without unlinking/relinking qq
> handlers is to remove DKVERIFY and DKSIGN completely from tcp.smtp.
>
> Take care not to set DKDEBUG environment variable in case both DKVERIFY
> and DKSIGN are unset, as this will happily lead you to a SIGFAULT in
> qmail-dk due to a bug in debug-logging code I found today.
>
> Disabling qmail-dk in such way seems to me to be a Right Way (TM) as the
> behavior of QT without DK-envvars set will not differ in any way from
> original qMail (except for slightly increased CPU, disk and RAM
> requirements due to qmail-dk acting as a pipe between qmail-smtpd and
> real qq handler). You can always get rid of this by unlinking/relinking
> qq handler symlink in a well-known-to-this-list way.
>
Beware (from qmail-dk man page):
If neither DKSIGN nor DKVERIFY are set, then DKSIGN will be set to
/var/qmail/control/domainkeys/%/default. If such a private key exists, it
will be used to sign the domain.
I misread this as /var/qmail/control/domainkeys/%/private, leading me to
believe that message might still be signed. Shouldn't be a problem with the
toaster as the default for the toaster is 'private', not 'default'.
P.S. I'd be nice if the toaster's default was something like 'selector'
instead of 'private'. 'private' is a bit confusing.
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
