DKIM keys stored in sql?
Quanah Gibson-Mount via amavis-users
amavis-users at amavis.org
Wed May 7 23:24:10 CEST 2014
--On May 7, 2014 at 10:33:53 PM +0200 Mark Martinec via amavis-users
<amavis-users at amavis.org> wrote:
> Tom,
>
>> We would like to provide DKIM signing for a large number of customer
>> domains (many thousand) - loading them from the conf file isn't very
>> practical. We prefer to load them from a sql table.
>>
>> We are currently using opendkim for this purpose, but would prefer to
>> consolidate this into amavisd-new.
>>
>> Is there some way to do this in amavisd- new that I am missing? Or is
>> it a planned feature ?
>
> Currently I don't have a satisfying answer to this question.
> There are some tools in place, but some customization is still needed.
>
> The main reason why amavisd does not take private signing keys from
> an SQL or LDAP database is privilege separation. An application
> (amavisd) that is regularly processing untrusty information should
> better not have a direct access to secret information (signing keys),
> if at all it can be avoided.
Thankfully, OpenDKIM was built to use LDAP for DKIM keys, and does so quite
well. I use it rather than amavis for signing for this very reason.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the amavis-users
mailing list