From: Todd L. <tl...@iv...> - 2007-10-04 20:18:22
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Oct 04, 2007 at 09:35:50PM +0200, Tony Earnshaw wrote: >> While putting together a system that can both sign and verify, >> originally I had it set to do both in the same daemon process. After >> asking about it somewhere (in the #sendmail IRC channel IIRC), I decided >> to split it into a verify process at the beginning of the milter chain >> (only preceded by clamav milter) and a sign process at the end of the >> milter chain. I ended up figuring out how to do it with not too much >> difficulty, but it might be worth adding a section "Here is how some >> have implemented split signing/verifying". >You're obviously not running a Red Hat derivative OS with my rpm, >because if yu were, you would not have this problem. Correct, this is on a Gentoo machine. However, I wasn't looking for any procedure bound to an architecture. I was suggesting a Best Practices. Just because _we_ don't need it, doesn't mean it wouldn't be nice for first time sysadmins to encounter as they're wading through the dkim process for the first time. I do it both the same on my RedHat and Gentoo machines. Set a single variable in /etc/sysconfig/dkim-milter or /etc/conf.d/dkim-milter. That variable contains space separated dkim-milter config files. The init script loops through the names and starts dkim-filter one at a time with each config file. May be easier to just setup a dedicated sign and dedicated verify variable, but if one wanted to split up configs even further, say per domain, each one doing split sign/verify, then the loop becomes a bit more attractive. - -- Regards... Todd when you shoot yourself in the foot, just because you are so neurally broken that the signal takes years to register in your brain, it does not mean that your foot does not have a hole in it. --Randy Bush Linux kernel 2.6.17-6mdv 8 users, load average: 0.04, 0.14, 0.15 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHBUqJY2VBGxIDMLwRAolBAJwMyMry0o0PwFkfZbX0r6Ggg0YeGACeLi9u WlenkTpu6I8Ch3ZE5XCgSkg= =p51u -----END PGP SIGNATURE----- |