DKIM setup with multiple domains: Difference between revisions

From D3xt3r01.tk
Jump to navigationJump to search
m New page: ==HOW== I'm using gentoo in this setup. DKIM-milter 2.8.x ( I think it should work for any minor version of dkim-milter ) mail-filter/dkim-milter-2.8.3-r1 USE="-diffheaders -ipv6" Cre...
 
Line 11: Line 11:
mkdir keys
mkdir keys


mkdir keys/d3xt3r01.tk
mkdir keys/domain1.tld
dkim-genkey -r -s mydkim -d d3xt3r01.tk
dkim-genkey -r -s mydkim -d domain1.tld
mv mydkim.private keys/d3xt3r01.tk/mydkim
mv mydkim.private keys/domain1.tld/
mv mydkim.txt mydkim.d3xt3r01.tk.txt
mv mydkim.txt mydkim.domain1.tld.txt
chmod 600 keys/d3xt3r01.tk/mydkim
chmod 600 keys/domain1.tld/mydkim


mkdir keys/eniasan.ro
mkdir keys/domain2.tld
dkim-genkey -r -s mydkim -d eniasan.ro
dkim-genkey -r -s mydkim -d domain2.tld
mv mydkim.private keys/eniasan.ro/mydkim
mv mydkim.private keys/domain2.tld/
mv mydkim.txt mydkim.eniasan.ro.txt
mv mydkim.txt mydkim.domain2.tld.txt
chmod 600 keys/eniasan.ro/mydkim
chmod 600 keys/domain2.tld/mydkim


mkdir keys/velour-services.ro
mkdir keys/domain3.tld
dkim-genkey -r -s mydkim -d velour-services.ro
dkim-genkey -r -s mydkim -d domain3.tld
mv mydkim.private keys/velour-services.ro/mydkim
mv mydkim.private keys/domain3.tld/
mv mydkim.txt mydkim.velour-services.ro.txt
mv mydkim.txt mydkim.domain3.tld.txt
chmod 600 keys/velour-services.ro/mydkim
chmod 600 keys/domain3.tld/mydkim


chown -R milter:milter keys
chown -R milter:milter keys
</source>
</source>
You should now have the content of the *.txt in bind's zone files for each coresponding domain along with
  _adsp._domainkey.domain.tld
The /etc/mail/dkim-filter/dkim-filter.conf should look like this:
  ADSPDiscard yes
  ADSPNoSuchDomain yes
  AllowSHA1Only no
  AlwaysAddARHeader no
  AuthservIDWithJobId yes
  AutoRestart yes
  AutoRestartCount 0
  AutoRestartRate 10/1h
  BodyLengths yes
  Canonicalization simple/simple
  Domain domain1.tld,domain2.tld,domain3.tld # all domains separated by coma
  KeyFile /etc/mail/dkim-filter/mydkim # it'll get ignored anyway
  KeyList /etc/mail/dkim-filter/keylist
  Mode sv
  MTA MSA
  On-Default              reject
  On-BadSignature        reject
  On-DNSError            tempfail
  On-InternalError        accept
  On-NoSignature          accept
  On-Security            discard
  QueryCache yes
  RemoveOldSignatures yes
  Selector mydkim
  Socket local:/var/run/dkim-filter/dkim-filter.sock
  SubDomains yes
  Syslog yes
  SyslogFacility mail
  SyslogSuccess yes
  TemporaryDirectory /var/tmp
  UMask 000
  UserID milter
  X-Header yes
  Statistics            /var/run/dkim-filter/dkim-filter.stats
One example of /etc/mail/dkim-filter/keylist would be:
  *@domain1.tld:domain1.tld:/etc/mail/dkim-filter/keys/domain1.tld/mydkim
  *@domain2.tld:domain2.tld:/etc/mail/dkim-filter/keys/domain2.tld/mydkim
  *@domain3.tld:domain3.tld:/etc/mail/dkim-filter/keys/domain3.tld/mydkim


It's pretty straight forward.
It's pretty straight forward.

Revision as of 23:55, 22 September 2009

HOW

I'm using gentoo in this setup. DKIM-milter 2.8.x ( I think it should work for any minor version of dkim-milter )

 mail-filter/dkim-milter-2.8.3-r1 USE="-diffheaders -ipv6"

Create the private/public keys for each domain

cd /etc/mail/dkim-filter
mkdir keys

mkdir keys/domain1.tld
dkim-genkey -r -s mydkim -d domain1.tld
mv mydkim.private keys/domain1.tld/
mv mydkim.txt mydkim.domain1.tld.txt
chmod 600 keys/domain1.tld/mydkim

mkdir keys/domain2.tld
dkim-genkey -r -s mydkim -d domain2.tld
mv mydkim.private keys/domain2.tld/
mv mydkim.txt mydkim.domain2.tld.txt
chmod 600 keys/domain2.tld/mydkim

mkdir keys/domain3.tld
dkim-genkey -r -s mydkim -d domain3.tld
mv mydkim.private keys/domain3.tld/
mv mydkim.txt mydkim.domain3.tld.txt
chmod 600 keys/domain3.tld/mydkim

chown -R milter:milter keys

You should now have the content of the *.txt in bind's zone files for each coresponding domain along with

 _adsp._domainkey.domain.tld

The /etc/mail/dkim-filter/dkim-filter.conf should look like this:

 ADSPDiscard		yes
 ADSPNoSuchDomain	yes
 AllowSHA1Only		no
 AlwaysAddARHeader	no
 AuthservIDWithJobId	yes
 AutoRestart		yes
 AutoRestartCount	0
 AutoRestartRate	10/1h
 BodyLengths		yes
 Canonicalization	simple/simple
 Domain		domain1.tld,domain2.tld,domain3.tld # all domains separated by coma
 KeyFile		/etc/mail/dkim-filter/mydkim # it'll get ignored anyway
 KeyList		/etc/mail/dkim-filter/keylist
 Mode			sv
 MTA			MSA
 On-Default              reject
 On-BadSignature         reject
 On-DNSError             tempfail
 On-InternalError        accept
 On-NoSignature          accept
 On-Security             discard
 QueryCache		yes
 RemoveOldSignatures	yes
 Selector		mydkim
 Socket			local:/var/run/dkim-filter/dkim-filter.sock
 SubDomains		yes
 Syslog		yes
 SyslogFacility	mail
 SyslogSuccess		yes
 TemporaryDirectory	/var/tmp
 UMask			000
 UserID		milter
 X-Header		yes
 Statistics            /var/run/dkim-filter/dkim-filter.stats

One example of /etc/mail/dkim-filter/keylist would be:

 *@domain1.tld:domain1.tld:/etc/mail/dkim-filter/keys/domain1.tld/mydkim
 *@domain2.tld:domain2.tld:/etc/mail/dkim-filter/keys/domain2.tld/mydkim
 *@domain3.tld:domain3.tld:/etc/mail/dkim-filter/keys/domain3.tld/mydkim


It's pretty straight forward.