DKIM for Multiple Domains

From D3xt3r01.tk
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

WHY

Because one mail server can host multiple domains and you want it to sign it for all/some domains, not only one ! Google in fact only accepts mail from me if I sign them ! I assume you already have it set up for 1 domain and have the knowledge to edit files and read configs. An important useful also is ABILITY TO GOOGLE !

HOW

/etc/mail/dkim-filter # Because here is where I store my certs
# Generate a new key for a new domain
/usr/bin/dkim-genkey -r -s mydkim -D /etc/mail/dkim-filter -d mydomain1.com # you should now have a "default.txt" and a "default.private" file
mv mydkim.txt mydkim.mydomain1.com.txt # so we have it later too, this is the stuff we publish in named's zone file !

Also, add these lines to your domains zone file 

_adsp._domainkey        TXT     "dkim=all"
_ssp._domainkey IN TXT "t=y; dkim=unknown"

Also do this to find out your keylist file ! 

grep -i keylist /path/to/your/dkim-filter.conf

Mine is "KeyList /etc/mail/dkim-filter/keylist" so I set this up: 

mv /etc/mail/dkim-filter/mydkim.private /etc/mail/dkim-filter/keys/mydomain1.com/mydkim
*@mydomain1.com:d3xt3r01.tk:/etc/mail/dkim-filter/keys/mydomain1.com/mydkim

Be sure to have this in your main.cf 

#don't forget to check dkim-filter.conf for the sock file path !
smtpd_milters     = unix:/var/run/dkim-filter/dkim-filter.sock
non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock

Restart dkim and postfix and be done with it ! 

/etc/init.d/postfix restart
/etc/init.d/dkim-filter restart
Retrieved from "https://wiki.d3xt3r01.tk//index.php?title=DKIM_for_Multiple_Domains&oldid=375"