DKIM for Multiple Domains
From D3xt3r01.tk
Jump to navigationJump to search
WHY
Because one mail server can host multiple domains and you want it to sign it for all/some domains, not only one ! Google in fact only accepts mail from me if I sign them ! I assume you already have it set up for 1 domain and have the knowledge to edit files and read configs. An important useful also is ABILITY TO GOOGLE !
HOW
/etc/mail/dkim-filter # Because here is where I store my certs
# Generate a new key for a new domain
/usr/bin/dkim-genkey -r -s mydkim -D /etc/mail/dkim-filter -d mydomain1.com # you should now have a "default.txt" and a "default.private" file
mv mydkim.txt mydkim.mydomain1.com.txt # so we have it later too, this is the stuff we publish in named's zone file !
Also, add these lines to your domains zone file
_adsp._domainkey TXT "dkim=all"
_ssp._domainkey IN TXT "t=y; dkim=unknown"
Also do this to find out your keylist file !
grep -i keylist /path/to/your/dkim-filter.conf
Mine is "KeyList /etc/mail/dkim-filter/keylist" so I set this up:
mv /etc/mail/dkim-filter/mydkim.private /etc/mail/dkim-filter/keys/mydomain1.com/mydkim
*@mydomain1.com:d3xt3r01.tk:/etc/mail/dkim-filter/keys/mydomain1.com/mydkim
Be sure to have this in your main.cf
#don't forget to check dkim-filter.conf for the sock file path !
smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock
non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock
Restart dkim and postfix and be done with it !
/etc/init.d/postfix restart
/etc/init.d/dkim-filter restart