For an email with From [email protected] I want 2 DKIM signatures on the
outgoing message:
* d=mycustdom.it (customer's domain key)
* d=myesp.it (ESP/provider's domain key)
* Any best practices you've found around the SigningTable mapping, for example:
Any real-world configuration examples, opendkim.conf snippets, or SQL schema
patterns used in production would be really appreciated.
Do you really need two signatures? Only the domain matching the 'header From:'
will be used for alignment. Any other signature will be ignored and does not
add benefit for delivery.
You can use wildcards in opendkim and do not need sql. You only need a single
key/cert that can be used for multiple domains. With wildcards OpenDkim will
create a signature matching whatever domain is in the 'header From:' line with
the single key given in the KeyTable. You do not need to hand list any of the
domains in configuration.
You create the DNS TXT record for that one cert that MTA's will look up on your
primary domain. For each additional domain create a CNAME to your primary
domain TXT record.
$ORIGIN example1.com.
selector_name._domainkey IN TXT ("v=DKIM1; k=rsa; s=email; ... ")
$ORIGIN example2.com.
selector_name._domainkey IN CNAME selector_name._domainkey.example1.com.
/etc/opendkim/SigningTable:
* catchall
/etc/opendkim/KeyTable
catchall %:selector_name:/etc/opendkim/keys/key_xxxxxxxx.private
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
