Signing multiple domains with dk-milter

How can I sign multiple domains using dk-milter so that each domain would have it's own different domainkeys signature.

I've already done this for DKIM using openDKIM (http://stevejenkins.com/blog/2010/09/how-to-get-dkim-domainkeys-identified-mail-working-on-centos-5-5-and-postfix-using-opendkim/) and now I have a different signature for each domain. So no I need to do the same for DomainKeys using the same signatures as DKIM. Doing if for one domain is simple, but for multiple domains I can not find a solution. Each domain already has the public key in the DNS entry from DKIM, so it differs, stopping me from using a single a single signature for all domains if that would be possible.

Here is my dk-milter config file:

USER="dk-milt"
PORT="inet:10035@localhost"
SIGNING_DOMAIN="domain.com"
SELECTOR_NAME="default"
KEYFILE="/etc/mail/domainkeys/keys/domain.com/default"
SIGNER=yes
VERIFIER=yes
CANON=simple
REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
EXTRA_ARGS="-h -l -D -i /etc/mail/domainkeys/internal_hosts"
MILTER_GROUP="dk-milt"

Thanks

USER="opendkim-milt" PORT="inet:10035@localhost" SIGNING_DOMAIN="/etc/mail/dkim/trusted-hosts" SELECTOR_NAME="default" KEYFILE="/etc/mail/domainkeys/keylist" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D -k -i /etc/mail/dkim/trusted-hosts" SYSCONFIG="/etc/sysconfig/dk-milter" MILTER_GROUP="opendkim-milt"

Best Answer

I finally managed to do it.

I installed dk-milter using 1.0.2 rpm that I found. Then I followed the steps described here http://www.tai.ro/2010/04/03/postfix-with-dkim-domainkeys-spf-and-sender-id/ and I created this configuration for dk-milter:

This is the same in /etc/init.d/dk-milter and /etc/syconfig/dk-milter I used the same user as for opendkim just so that I can read the files directly from dkim directory (the directory must have 700 in orver for the keys to be considered valid)

The only file I have left in the domainkeys directory is keylist that contains rows like this: *@domain.tld:/var/db/domainkeys/domain.tld/default. And I will probably move this to the dkim directory so that I only use that one.

Now when I need to add a domain I need to follow the next steps: 1. add the directory domain.tld in /etc/mail/dkim/keys/ and generate the keys in that directory then change their owner to opendkim-milt like decribed in the tutorial for dkim 2. add the corresponding lines to /etc/mail/dkim/keyTable signingTable trusted-hosts and /etc/mail/domainkeys/keylist 3. add the public domain key to the DNS entry (from default.txt) and modify it so that it's used for both (just let "k=rsa ; p=...") 4. restart opendkim, dk-milter and postfix services

Everything works great now. Thanks

Best Answer

Related Solutions

Emails is marked as spam

How to setup same DKIM setings for multiple servers

Related Topic