DKIM Deployment

[Jose-Marcio Martins da Cruz <>]

Hello,

I've just felt on a problem with CNAMES, not related to DKIM, but which 
can have some implications.

Well, the *default* sendmail configuration has confDONT_EXPAND_CNAMES. 
Brian Costales Bat Book recommends to change the default configuration 
to True, which most people don't, as this isn't the default value.

So, consider a hostname defined as (hopefully, there aren't too many) :

lists-one.domain.com.     CNAME   lists.domain.com.
lists.domain.com.         A       1.2.3.4

When sendmail receives this, with the default configuration option it 
will replace the contents of headers (To:, CC: and probably others too) 
referencing list-one.domain.com to lists.domain.com.

And this can break DKIM signature.

Did someone other than me already found this ?

Regards

José-Marcio

--