Hi Jason, On Thu, Dec 15, 2016 at 1:37 PM, Jason White via luv-main <luv-main@luv.asn.au> wrote:
Is there a way to configure OpenDKIM to sign messages from hosts that have SASL credentials, regardless of which network they're on?
Did you find a solution?
B.1.3 Roaming Users Roaming users often find themselves in circumstances where it is convenient or necessary to use an SMTP server other than their home server; examples are conferences and many hotels. In such circumstances, a signature that is added by the submission service will use an identity that is different from the user's home system. Ideally, roaming users would connect back to their home server using either a VPN or a SUBMISSION server running with SMTP AUTHentication on port 587. If the signing can be performed on the roaming user's laptop, then they can sign before submission, although the risk of further modification is high. If neither of these are possible, these roaming users will not be able to send mail signed using their own domain key. --- I thought of the same, signing on the laptop or using VPN (so you have a fixed address). Both of them may be considered if everything else fails. However, I read the opendkim.conf manpage back and forth and cannot find a way of trusting SASL submissions. However, there is dkimproxy (I have not used yet, I have to say). It looks to me as it could do the job for you, if you want to "mask" all mail authenticated by SASL. Cheers Peter