On 3/19/20 7:49 PM, Chris Bennett wrote: > On Wed, Mar 18, 2020 at 10:45:06PM +0100, Martijn van Duren wrote: >> That's because filter-dkimsign doesn't support multiple domains, and >> unless someone can give me a good reason to do so it probably is going >> to stay that way. >> >> I know that some mail providers add an additional positive score to >> your spam rating if you have DKIM, but I reckon this is BS, because >> DKIM is nothing more than a glorified debugging tool to tell you which >> server butchered the content of your mail if every server in the chain >> adds a DKIM signature. To be precise: it only tells you that a >> particular domain owner (d-option) knows what server(s) a particular key >> (s-option) belongs to, so that if a signature fails it it could only >> have happened before the last server which has a valid signature. >> >> Could you explain why you (think you) need to have multiple domain >> support? >> You (currently?) can't. If you want multiple conditions on different >> filters you would need to create multiple listening sockets (e.g. >> multiple ips or ports) and apply the correct match-rules based on the >> socket. >> >> martijn@ >> > > OK, thanks for clearing that up. I learned a lot using it. I would also > like to use multiple domains, but I don't see any reason to ask you to > do any more work than you want to. > Thanks for your work. I appreciate it. And trying to use multiple > domains was a good lesson in strange results. :-} > > Chris Bennett > I've had multiple people tell me that they want to have multiple domain support, but either they misunderstood the workings of DKIM, or it's a case of "but it gives me the warm and fuzzies".
So please, be as clear as you can be on why you want to use it and how you want to use it; and either we can improve your understanding of the spec and your setup (and help people on the list at the same time) or you make a valid case (maybe I did miss something) and I might be motivated to add it. In other words, I'm not definitively saying no, but it will only complicate the code even further with all the additional risks; there must be a damn good reason to go down that path.
