Hello. Imagine the DKIM standard would be revised and extended a bit (to get rid of DMARC and ARC, even, could it be) to
- sign the entire message as for now, - but include a "cramped=1" tag that signals that all receivers are actually covered by the DKIM signature, so - for any "RCPT TO:<>" not in any of To:, Cc: -- or even for _any_ "RCPT TO:<>" -- a dedicated message is to be sent to the MX of the hostname of the RCPT, with an additional hypothetic DKIM-RCPT: header (only the signed "RCPT-TO:<>") prepended to the otherwise unchanged message. >From looking at all the milter related messages and the protocol description and even the C header file content that Wietse has posted over the time that i am on this list, it seems impossible to implement this in a milter easily, or at all -- the milter could only strip all but one RCPT-TO, for any other RCPT-TO it had to reconstruct the message, and feed it into say even sendmail(1) via -t, recipient by recipient -- and how could it avoid being reinvoked for each of them. So am i right the best possibility to implement a DKIM that has been revised in such a manner would be to implement a filter thing that speaks a bit SMTP so that users could create "postfix -> filter -> another-postfix-for-sending-out" chain? Or which other possibilities exist to create a normalized message, add a signature header, and then (possibly) splice it per RCPT-TO? --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
