On the DNS side, you setup your DKIM key as a TXT field.
Name is of the form <selector>._domainkey[.<subdomain> .
Value is of the form "k=rsa;p=<publickey>".
selector is mandatory. The DKIM signature will specify which selector
to use. It allow for exemple signature rotation. You can set a DKIM
key with selector "summer2016" and a TTL of 3 years then you can start
using a new DKIM key with selector "fall2016" at anytime, simply by
using the new selector.
subdomain is optional and you shouldn't specify the full domain. The
recipient of mail al...@blue.exemple.org will request
selector._domainkey.blue.exemple.org and the DNS will reply with TXT
entry selector._domainkey.blue from DNS zone for exemple.org.
for the value, a decent key size will be a lot longer than the maximum
allowed size for a single DNS value. So you need to split it into
chunk of less than 256 character. Using nsd, it will look like that:
name IN TXT ("k=rsa;p=start_of_key" "following_part_of_key")
You can use dig to check your work with the following syntax:
dig +short sandshrew._domainkey.casting.mattic.org TXT
To answer your question, no. This maillist is for miscellaneous
question related to openbsd. So you can expect people to answer
question about how to setup an authoritative DNS nameserver but
general question about DKIM are a bit out of scope.
2016-08-30 8:50 GMT+02:00 Kasper Haitsma <kaspe...@mailnull.com>:
> Is this the right maillist, to ask about DKIM (if not, please point me
> to the correct one)
>
> regards,
> Kasper
>
--
Cordialement, Coues Ludovic
+336 148 743 42
