Motivation
The private shopping website GILT, send periodical update emails from giltgroupe.bounce.ed10.net however all of the mails are signed with domain keys of giltgroupe.com.
mailed-by giltgroupe.bounce.ed10.net
signed-by giltgroupe.com
My Story
I couldn't manage to sign x.com with y.com 's domain key using dk-filter under Debian Lenny with postfix.
If I try to init dk-filter service with following arguments:
DAEMON_OPTS="$DAEMON_OPTS -d x.com,y.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf"
dk-filter service signs with domain x.com (d=x.com)
If I change the daemon arg.s as following:
DAEMON_OPTS="$DAEMON_OPTS -d x.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf"
then emails sent From y.com is not being signed.
the dk-keys.conf file is as follows:
*:/var/dk-filter/y.com/mail
I managed to do same thing with DKIM, works perfect. However DK doesn't seem to work. I don't have any problem signing y.com's emails with y.com's key and x.com's emails x.com's key, which indicates there is no configuration problem.
Do you have any experience/advice to make it possible to sign emails from multiple domains by a specific chosen domain?
Best Answer
I'm finding that with dkim this works fine as you can specify a domain to "sign" from. ie. email is from y.com, but in the DKIM-Signature: d=x.com. With dk-filter, though, each signing-domain remains the host domain in the from: address. ie. From: name@y.com == DomainKeys-Signature: d=y.com, even if you're using the KEY from x.com.
So even though you may be able to sign y.com's emails from x.com's key, the signing-domain will always be y.com and as such you still need to create separate s._domainkey entries for EACH domain.