Re: filter-dkims support for multiple domains
On 31 Aug 09:02, Uwe Werler wrote: > On 30 Aug 19:22, Martijn van Duren wrote: > > Hello, > > > > I've always said that I would not add support for multiple domains in > > filter-dkimsign until someone could point me to a good reason to do so. > > Recently this was done by Maarten de Vries who pointed out to me that > > there is such a requirement in DMARC (RFC7489 section 3.1) stating that > > the DKIM signature must be aligned with the From-header. > > Unforunately the from-header is a mailbox-list; I decided to only use > > the first mailbox in the list, which should cover most use-cases. > > > > As expected, this diff is more intrusive then I would've liked, but > > works so far in my testing. It works by using a single selector and > > trying to do a strict match on domain first, falling back to a relaxed > > match if none is found and ultimately going for the first domain in the > > list. > > > > I would like to ask everyone who wants this feature to test this and > > report back to me. I plan to create a new release in a week or 2 turning > > it into a less voluntary test. :-) > > > > Source-code can be found here (svn): > > http://imperialat.at/dev/filter-dkimsign/ > > This is still OpenBSD only, but Maarten can probably supply people with > > an arch-compatible version. > > > > martijn@ > > > > > > Hi Martin, > > just tried it at my server with two domains and it works like a charm. Will > migrate my 3rd domain to the same key/selector later and will test further. > > I'm happy to see that change coming in now. > > Thanks for you effort! > > -- > > With kind regards / Með bestu kveðju / Mit freundlichen Grüßen > > Uwe Werler > Hi Martijn, migrated my 3rd domain now and all works like expected! Thank you very much for your work! -- With kind regards / Með bestu kveðju / Mit freundlichen Grüßen Uwe Werler
Re: filter-dkims support for multiple domains
On 30 Aug 19:22, Martijn van Duren wrote: > Hello, > > I've always said that I would not add support for multiple domains in > filter-dkimsign until someone could point me to a good reason to do so. > Recently this was done by Maarten de Vries who pointed out to me that > there is such a requirement in DMARC (RFC7489 section 3.1) stating that > the DKIM signature must be aligned with the From-header. > Unforunately the from-header is a mailbox-list; I decided to only use > the first mailbox in the list, which should cover most use-cases. > > As expected, this diff is more intrusive then I would've liked, but > works so far in my testing. It works by using a single selector and > trying to do a strict match on domain first, falling back to a relaxed > match if none is found and ultimately going for the first domain in the > list. > > I would like to ask everyone who wants this feature to test this and > report back to me. I plan to create a new release in a week or 2 turning > it into a less voluntary test. :-) > > Source-code can be found here (svn): > http://imperialat.at/dev/filter-dkimsign/ > This is still OpenBSD only, but Maarten can probably supply people with > an arch-compatible version. > > martijn@ > > Hi Martin, just tried it at my server with two domains and it works like a charm. Will migrate my 3rd domain to the same key/selector later and will test further. I'm happy to see that change coming in now. Thanks for you effort! -- With kind regards / Með bestu kveðju / Mit freundlichen Grüßen Uwe Werler
filter-dkims support for multiple domains
Hello, I've always said that I would not add support for multiple domains in filter-dkimsign until someone could point me to a good reason to do so. Recently this was done by Maarten de Vries who pointed out to me that there is such a requirement in DMARC (RFC7489 section 3.1) stating that the DKIM signature must be aligned with the From-header. Unforunately the from-header is a mailbox-list; I decided to only use the first mailbox in the list, which should cover most use-cases. As expected, this diff is more intrusive then I would've liked, but works so far in my testing. It works by using a single selector and trying to do a strict match on domain first, falling back to a relaxed match if none is found and ultimately going for the first domain in the list. I would like to ask everyone who wants this feature to test this and report back to me. I plan to create a new release in a week or 2 turning it into a less voluntary test. :-) Source-code can be found here (svn): http://imperialat.at/dev/filter-dkimsign/ This is still OpenBSD only, but Maarten can probably supply people with an arch-compatible version. martijn@
