DKIM setup with multiple domains: Difference between revisions
From D3xt3r01.tk
Jump to navigationJump to search
m New page: ==HOW== I'm using gentoo in this setup. DKIM-milter 2.8.x ( I think it should work for any minor version of dkim-milter ) mail-filter/dkim-milter-2.8.3-r1 USE="-diffheaders -ipv6" Cre... |
m →HOW |
||
Line 11: | Line 11: | ||
mkdir keys | mkdir keys | ||
mkdir keys/ | mkdir keys/domain1.tld | ||
dkim-genkey -r -s mydkim -d | dkim-genkey -r -s mydkim -d domain1.tld | ||
mv mydkim.private keys/ | mv mydkim.private keys/domain1.tld/ | ||
mv mydkim.txt mydkim. | mv mydkim.txt mydkim.domain1.tld.txt | ||
chmod 600 keys/ | chmod 600 keys/domain1.tld/mydkim | ||
mkdir keys/ | mkdir keys/domain2.tld | ||
dkim-genkey -r -s mydkim -d | dkim-genkey -r -s mydkim -d domain2.tld | ||
mv mydkim.private keys/ | mv mydkim.private keys/domain2.tld/ | ||
mv mydkim.txt mydkim. | mv mydkim.txt mydkim.domain2.tld.txt | ||
chmod 600 keys/ | chmod 600 keys/domain2.tld/mydkim | ||
mkdir keys/ | mkdir keys/domain3.tld | ||
dkim-genkey -r -s mydkim -d | dkim-genkey -r -s mydkim -d domain3.tld | ||
mv mydkim.private keys/ | mv mydkim.private keys/domain3.tld/ | ||
mv mydkim.txt mydkim. | mv mydkim.txt mydkim.domain3.tld.txt | ||
chmod 600 keys/ | chmod 600 keys/domain3.tld/mydkim | ||
chown -R milter:milter keys | chown -R milter:milter keys | ||
</source> | </source> | ||
You should now have the content of the *.txt in bind's zone files for each coresponding domain along with | |||
_adsp._domainkey.domain.tld | |||
The /etc/mail/dkim-filter/dkim-filter.conf should look like this: | |||
ADSPDiscard yes | |||
ADSPNoSuchDomain yes | |||
AllowSHA1Only no | |||
AlwaysAddARHeader no | |||
AuthservIDWithJobId yes | |||
AutoRestart yes | |||
AutoRestartCount 0 | |||
AutoRestartRate 10/1h | |||
BodyLengths yes | |||
Canonicalization simple/simple | |||
Domain domain1.tld,domain2.tld,domain3.tld # all domains separated by coma | |||
KeyFile /etc/mail/dkim-filter/mydkim # it'll get ignored anyway | |||
KeyList /etc/mail/dkim-filter/keylist | |||
Mode sv | |||
MTA MSA | |||
On-Default reject | |||
On-BadSignature reject | |||
On-DNSError tempfail | |||
On-InternalError accept | |||
On-NoSignature accept | |||
On-Security discard | |||
QueryCache yes | |||
RemoveOldSignatures yes | |||
Selector mydkim | |||
Socket local:/var/run/dkim-filter/dkim-filter.sock | |||
SubDomains yes | |||
Syslog yes | |||
SyslogFacility mail | |||
SyslogSuccess yes | |||
TemporaryDirectory /var/tmp | |||
UMask 000 | |||
UserID milter | |||
X-Header yes | |||
Statistics /var/run/dkim-filter/dkim-filter.stats | |||
One example of /etc/mail/dkim-filter/keylist would be: | |||
*@domain1.tld:domain1.tld:/etc/mail/dkim-filter/keys/domain1.tld/mydkim | |||
*@domain2.tld:domain2.tld:/etc/mail/dkim-filter/keys/domain2.tld/mydkim | |||
*@domain3.tld:domain3.tld:/etc/mail/dkim-filter/keys/domain3.tld/mydkim | |||
It's pretty straight forward. | It's pretty straight forward. |
Revision as of 23:55, 22 September 2009
HOW
I'm using gentoo in this setup. DKIM-milter 2.8.x ( I think it should work for any minor version of dkim-milter )
mail-filter/dkim-milter-2.8.3-r1 USE="-diffheaders -ipv6"
Create the private/public keys for each domain
cd /etc/mail/dkim-filter
mkdir keys
mkdir keys/domain1.tld
dkim-genkey -r -s mydkim -d domain1.tld
mv mydkim.private keys/domain1.tld/
mv mydkim.txt mydkim.domain1.tld.txt
chmod 600 keys/domain1.tld/mydkim
mkdir keys/domain2.tld
dkim-genkey -r -s mydkim -d domain2.tld
mv mydkim.private keys/domain2.tld/
mv mydkim.txt mydkim.domain2.tld.txt
chmod 600 keys/domain2.tld/mydkim
mkdir keys/domain3.tld
dkim-genkey -r -s mydkim -d domain3.tld
mv mydkim.private keys/domain3.tld/
mv mydkim.txt mydkim.domain3.tld.txt
chmod 600 keys/domain3.tld/mydkim
chown -R milter:milter keys
You should now have the content of the *.txt in bind's zone files for each coresponding domain along with
_adsp._domainkey.domain.tld
The /etc/mail/dkim-filter/dkim-filter.conf should look like this:
ADSPDiscard yes ADSPNoSuchDomain yes AllowSHA1Only no AlwaysAddARHeader no AuthservIDWithJobId yes AutoRestart yes AutoRestartCount 0 AutoRestartRate 10/1h BodyLengths yes Canonicalization simple/simple Domain domain1.tld,domain2.tld,domain3.tld # all domains separated by coma KeyFile /etc/mail/dkim-filter/mydkim # it'll get ignored anyway KeyList /etc/mail/dkim-filter/keylist Mode sv MTA MSA On-Default reject On-BadSignature reject On-DNSError tempfail On-InternalError accept On-NoSignature accept On-Security discard QueryCache yes RemoveOldSignatures yes Selector mydkim Socket local:/var/run/dkim-filter/dkim-filter.sock SubDomains yes Syslog yes SyslogFacility mail SyslogSuccess yes TemporaryDirectory /var/tmp UMask 000 UserID milter X-Header yes Statistics /var/run/dkim-filter/dkim-filter.stats
One example of /etc/mail/dkim-filter/keylist would be:
*@domain1.tld:domain1.tld:/etc/mail/dkim-filter/keys/domain1.tld/mydkim *@domain2.tld:domain2.tld:/etc/mail/dkim-filter/keys/domain2.tld/mydkim *@domain3.tld:domain3.tld:/etc/mail/dkim-filter/keys/domain3.tld/mydkim
It's pretty straight forward.