DKIM on postfix relay server

amavisdkimpostfixsmtp

I have a postfix/amavis relay server, with the domain name mail.example.com. It will be a relay for dozens of VPS's, which will have domains like hostname.example.net.

So i have actually two questions. Is it possible to use dkim to sign the mails originating from the VPS's over the postfix relay on the relay server? Or have the mails to be signed on the VPS's where they are actually from?

Would an amavis configuration like this be ok?

# DKIM key
dkim_key('example.com', 'dkim',       '/var/dkim/DKIMkey.pem');

# Cover subdomains in @dkim_signature_options_bysender_maps= ():
@dkim_signature_options_bysender_maps = ( {

# Cover subdomains example.net.
'.example.net'                => { d => 'example.com' },
});

Or have I misunderstood the whole concept? Do I even need to sign subdomains if they are going over an relay server, or is it enough to just sign the relay server domain?

Best Answer

I have resolved this question with OpenDKIM by using SigningTable, KeyTable and TrustedHost parameters.

  • /etc/opendkim/KeyTable – a list of keys available for signing
  • /etc/opendkim/SigningTable - a list of domains and accounts allowed to sign
  • /etc/opendkim/TrustedHosts – a list of servers to trust when signing or verifying

The guide I used can be found on this blog

Related Topic