Re: Signing multiple domains best practice

From: SM <sm_at_resistor.net>
Date: Tue, 16 Feb 2010 15:49:41 -0800

Hi James,
At 14:53 16-02-10, James R. Marcus wrote:
>I just changed my default email to jmarcus_at_studentsonly.com. On my
>relay I created a new key and added it to the keylist, restarted
>opendkim and reloaded postfix. I sent a email to my self at gmail
>and the header had my edhance key in the header. My selector in
>opendkim.conf is set to the edhance key.

There is a selector and a domain name (d=). The two are used to
construct a the DNS query which retrieves the public key.

>Should I sign StudentsOnly email with an Edhance key?

Sign it with the key for StudentsOnly.

>I would prefer to use a different key, how do I configure opendkim
>to sign with the correct key?

In opendkim.conf:

KeyList /path/keylist.txt

In keylist.txt:

*_at_edhance.com:edhance.com:/path/private.key
*_at_studentsonly.com:studentsonly.com:/path/private.key

You can use the same public and private key or else have different
keys. Opendkim will use the filename as the selector. You could
rename the "private.key" file to match he name you want to use as the selector.

Regards,
-sm
Received on Tue Feb 16 2010 - 23:50:27 PST