What I am trying to achieve – Bottomline:
mails to go in inbox rather spam folder.
I have a server which is running postfix (mail server) and I have 3 domains.
Mail server is used for both incoming and outgoing mails..
I am signing with opendkim and have DNS records in place.
After a long observation, I've realized that messages are going in spam due to incorrect mailed-by and signed-by assignment.
consider, my mail server to be mailserver.example.com and 3 other domains are example1.com, example2.com and example3.com
when someone sends an email from admin@example1.com , it should display:
admin@example1.com via mailserver.example.com
mailed-by: mailserver.example.com
signed-by: example1.com
I have observed that mailjet and amazon emails hardly go into spam, the fact is, 'maybe' because the originating hostname / ip reverse resolves to what mailed-by and signed-by are.
Config files:
/etc/opendkim/Keytable
mvs._domainkey.example1.com example1.com:selc:/etc/opendkim/keys/example1_com/selc.private
mvs._domainkey.example2.com example2.com:selc:/etc/opendkim/keys/example2_com/selc.private
/etc/opendkim.conf
Domain example1.com
KeyFile /etc/opendkim/keys/example1_com/selc
Selector selc
Domain example2.com
KeyFile /etc/opendkim/keys/example2_com/selc
Selector selc
Canonicalization simple
Mode sv
Syslog yes
LogWhy yes
UMask 022
UserID opendkim:opendkim
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
Socket inet:34562@localhost
X-Header no
and finally
/etc/opendkim/SigningTable
example1.com selc._domainkey.example1.com
example2.com selc._domainkey.example2.com
Where am I missing?
Best Answer
First of all, please remove these values (they aren't needed if you use KeyTable):
Setup your KeyTable like that:
Setup your SigningTable like that (note wildcard matching and mykey1 and mykey2 from KeyTable):
And finally change your opendkim.conf to include SigningTable via refile: prefix (regular expressions support):
And domain record for reference (note recordname1 and recordname2 from KeyTable):
Additionally, please, check if you have your node hostname (from which you are sending mail) in InternalHosts file:
Again, you can use refile: prefix to be able to add something like:
if you have multiple hosts and do not want to include all of them by hand. If you accept only local mail, you should add localhost here.
You should check log file for DKIM notices about skipping signing if your host is missing in the InternalHosts file.
Example of opendkim.conf: