Authentication-Results headers from the DKIM milter

Gary Mills mills@cc.umanitoba.ca
Mon Apr 12 01:44:45 UTC 2010


In March, I reported that I would be contacting the developers of
dkim-milter to see if they would be amenable to a precedence option
for authentication types.  The problem appears when a message is
signed with both DomainKeys and DKIM techniques because the milter
will add two `Authentication-Results' headers to the message.  DCC
can only handle one substitute header type.

I discovered that dkim-milter-2.8.3 was the last version and that
it was succeeded by opendkim-2.0.1.  With the `--with-domainkeys'
configure option, it too produces the two headers:

    Authentication-Results: setup01.cc.umanitoba.ca; dkim=pass (1024-bit key)
            header.i=@sendmail.net; dkim-adsp=pass
    Authentication-Results: setup01.cc.umanitoba.ca; domainkeys=pass (testing) header.from=sa-test@sendmail.net

I submitted an RFE to the opendkim project that suggested the milter
only append one `Authentication-Results' header, possibly by picking
the strongest one that passed validation.  The developer is willing
to incorporate this suggestion but asks another question:

    Would it work to have the DK and DKIM results both in the same
    Authentication-Results header field?

How well would this work with DCC?  Would it be better to have only
one selected authentication method, or both of them?  I'm assuming
that there would be a configuration setting to define the precedence
if the milter only selects one.

-- 
-Gary Mills-        -Unix Group-        -Computer and Network Services-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.