Richard, > I couldn't find any real information about how to setup Amavis > with DKIM and multiple domains.
Doesn't the: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-am-sign answer your needs? The basic idea is to have one dkim_key(...) declaration for each domain in your amavisd.conf (and a corresponding public key in DNS, and private key on a file). Amavisd will then choose a suitable signing key based on a sender address. More control on what signing key to chose and on its options can be exercised through @dkim_signature_options_bysender_maps . > The sweetest way would be able to read the information from a > mysql database, but as far as i could find this is not supported. This is not currently supported, but there is a demand for it, so I'm having it in view. As a workaround, you could write a script to retrieve the information for SQL and prepare a file with key declarations and reload amavisd when adding new domains: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-impatient-from-milter > Or is there a way to have 1 certificate for all my domains? You may use the same private key for multiple domains if you want, just specify the same private key file with each dkim_key() declaration. Each domain would still need to receive its copy of a public key in its DNS zone. That is if you want the signatures to be author-domain signatures. On the other hand, if you just want to apply a signature of your umbrella domain as a third-party signature (like what a mailing list site would do), you can use just one key, and force it upon all originating/authenticated mail regardless of a sender address using @dkim_signature_options_bysender_maps. Alrik Bronsema wrote: > As far as I know, the procedure for setting up DKIM for multiple domains is > the same as for one domain. Only you have to add a TXT record in the DNS of > every domain. The domains should also probably be listed in > @local_domains_maps. Listing a domain in @local_domains_maps is not necessary for signing. All that matters is that 'originating' flag is set (either implicitly through @mynetworks, or explicitly through originating=>1 in some policy bank), and that a signing key corresponding to a sender domain can be found. Mark ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
