ddx - Re: [ddx] DKIM and CNames
Subject: DKIM Deployment
List archive
- From: Dave CROCKER <>
- To:
- Cc:
- Subject: Re: [ddx] DKIM and CNames
- Date: Fri, 23 Apr 2010 07:22:51 -0700
- Organization: Brandenburg InternetWorking
a receiving sendmail "replaces" the contents of message header fields? It should not do that.
or are you saying that a sending sendmail will replace the contents? Presumably you are saying that this happens after DKIM signing, when it should happen before.
d/
On 4/23/2010 7:04 AM, Jose-Marcio Martins da Cruz wrote:
Hello,
I've just felt on a problem with CNAMES, not related to DKIM, but which
can have some implications.
Well, the *default* sendmail configuration has confDONT_EXPAND_CNAMES.
Brian Costales Bat Book recommends to change the default configuration
to True, which most people don't, as this isn't the default value.
So, consider a hostname defined as (hopefully, there aren't too many) :
lists-one.domain.com. CNAME lists.domain.com.
lists.domain.com. A 1.2.3.4
When sendmail receives this, with the default configuration option it
will replace the contents of headers (To:, CC: and probably others too)
referencing list-one.domain.com to lists.domain.com.
And this can break DKIM signature.
Did someone other than me already found this ?
Regards
José-Marcio
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
- DKIM and CNames, Jose-Marcio Martins da Cruz, 04/23/2010
- Re: [ddx] DKIM and CNames, Serge Aumont, 04/23/2010
- Re: [ddx] DKIM and CNames, Dave CROCKER, 04/23/2010
- Re: [ddx] DKIM and CNames, Jose-Marcio Martins da Cruz, 04/23/2010
Archive powered by MHonArc 2.6.16.