From: Ben L. <BL...@ch...> - 2006-06-13 09:03:01
|
Greetings list, Is there something different about the TXT record used for DKIM versus DomainKeys? In the INSTALL file for dkim-milter, it says: It should be in this form: "g=; k=rsa; t=y; p=MFwwDQYJ...AwEAAQ==" ...using, of course, your own public key's base64 data. ...but I'm finding that this won't verify unless it's rearranged like so: "t=y; k=rsa; p=MFwwDQYJ...AwEAAQ==" or am I imagining things? Also, the documentation says: (5) Start dkim-filter. You will need at least the "-p" option. The current recommended set of command line options is: -l -p SOCKETSPEC -d DOMAIN -s KEYPATH -S SELECTOR but from the looks of things, the -s should be -k, and the -S should be -s. The given example matches params from dk-filter. Nit-picking, I know. Lastly, the ./Build script doesn't seem to strip the dkim-filter binary before placing it on the system. Maybe this is intentional, but I thought it might be unusual. Any insights would be appreciated. |
From: Murray S. K. <ms...@se...> - 2006-06-13 14:21:08
|
On Tue, 13 Jun 2006, Ben Lentz wrote: > Greetings list, > Is there something different about the TXT record used for DKIM > versus DomainKeys? In the INSTALL file for dkim-milter, it > says: > > It should be in this form: > > "g=; k=rsa; t=y; p=MFwwDQYJ...AwEAAQ==" > > ...using, of course, your own public key's base64 data. > > ...but I'm finding that this won't verify unless it's > rearranged like so: > "t=y; k=rsa; p=MFwwDQYJ...AwEAAQ==" The "g=" in the INSTALL file is wrong. Under DomainKeys it's right; "g=;" is the same as leaving it off which matches all users. Under DKIM it's wrong; "g=" means "match no users" while "g=*", the default, means "match all users". Someone else mentioned this privately and it's already been updated for the next release. > Also, the documentation says: > (5) Start dkim-filter. You will need at least the "-p" option. > The current > recommended set of command line options is: > > -l -p SOCKETSPEC -d DOMAIN -s KEYPATH -S SELECTOR > > but from the looks of things, the -s should be -k, and the -S > should be -s. The given example matches params from dk-filter. > Nit-picking, I know. You are, but you're absolutely right. :-) I'll update that too. > Lastly, the ./Build script doesn't seem to strip the > dkim-filter binary before placing it on the system. Maybe this > is intentional, but I thought it might be unusual. That's correct, it doesn't by default. If you want installed binaries, do "make install-strip" instead of "make install". |