DKIM for Multiple Domains

From D3xt3r01.tk
Jump to navigationJump to search

WHY

Because one mail server can host multiple domains and you want it to sign it for all/some domains, not only one ! Google in fact only accepts mail from me if I sign them ! I assume you already have it set up for 1 domain and have the knowledge to edit files and read configs. An important useful also is ABILITY TO GOOGLE !

HOW

/etc/mail/dkim-filter # Because here is where I store my certs
# Generate a new key for a new domain
/usr/bin/dkim-genkey -r -s mydkim -D /etc/mail/dkim-filter -d mydomain1.com # you should now have a "default.txt" and a "default.private" file
mv mydkim.txt mydkim.mydomain1.com.txt # so we have it later too, this is the stuff we publish in named's zone file !

Also, add these lines to your domains zone file

_adsp._domainkey        TXT     "dkim=all"
_ssp._domainkey IN TXT "t=y; dkim=unknown"

Also do this to find out your keylist file !

grep -i keylist /path/to/your/dkim-filter.conf

Mine is "KeyList /etc/mail/dkim-filter/keylist" so I set this up:

mv /etc/mail/dkim-filter/mydkim.private /etc/mail/dkim-filter/keys/mydomain1.com/mydkim
*@mydomain1.com:d3xt3r01.tk:/etc/mail/dkim-filter/keys/mydomain1.com/mydkim

Be sure to have this in your main.cf

#don't forget to check dkim-filter.conf for the sock file path !
smtpd_milters     = unix:/var/run/dkim-filter/dkim-filter.sock
non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock

Restart dkim and postfix and be done with it !

/etc/init.d/postfix restart
/etc/init.d/dkim-filter restart