Re: Signing multiple domains best practice
Here are my settings:
AllowSHA1Only no
AutoRestartCount 0
Background Yes
BaseDirectory /var/run/opendkim
Diagnostics yes
Domain edhance.com
InternalHosts /etc/postfix/opendkim/InternalHosts.conf
KeepTemporaryFiles yes
KeyFile /var/db/dkim/example.private
KeyList /var/db/dkim/keylist
LogWhy yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
ReportAddress jmarcus_at_edhance.com
Selector edhancerelay
Socket inet:20209_at_localhost
Syslog Yes
SyslogFacility mail
[root_at_relay1 dkim]# cat keylist
# sender-pattern:signing-domain:keypath
# *:example.com:selector
*:edhance.com:edhancerelay:/var/db/dkim/edhancerelay
*:studentsonly.com:studentsonlyrelay:/var/db/dkim/studentsonlyrelay
Header:
Delivered-To: marcus.james_at_gmail.com
Received: by 10.216.156.147 with SMTP id m19cs179398wek;
Wed, 17 Feb 2010 15:12:02 -0800 (PST)
Received: by 10.220.124.194 with SMTP id v2mr2357551vcr.234.1266448321201;
Wed, 17 Feb 2010 15:12:01 -0800 (PST)
Return-Path: <jmarcus_at_studentsonly.com>
Received: from relay1.edhance.com (relay1.edhance.com [67.110.143.100])
by mx.google.com with SMTP id 26si7575213vws.44.2010.02.17.15.11.59;
Wed, 17 Feb 2010 15:12:00 -0800 (PST)
Received-SPF: pass (google.com: domain of jmarcus_at_studentsonly.com designates 67.110.143.100 as permitted sender) client-ip=67.110.143.100;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jmarcus_at_studentsonly.com designates 67.110.143.100 as permitted sender) smtp.mail=jmarcus_at_studentsonly.com; dkim=pass header.i=_at_edhance.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by relay1.edhance.com (Postfix) with ESMTP id 702C65724D
for <marcus.james_at_gmail.com>; Wed, 17 Feb 2010 18:11:59 -0500 (EST)
X-Virus-Scanned: amavisd-new at edhance.com
Received: from relay1.edhance.com ([127.0.0.1])
by localhost (relay1.edhance.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id q0HrSYuOVRJl for <marcus.james_at_gmail.com>;
Wed, 17 Feb 2010 18:11:59 -0500 (EST)
Received: from exch1.studentsonly.com (exch1.studentsonly.com [10.10.200.21])
by relay1.edhance.com (Postfix) with ESMTP id 0036D5724B;
Wed, 17 Feb 2010 18:11:58 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=edhance.com;
s=edhancerelay; t=1266448319;
bh=EOCGvR0/BvTED06dCVl/s2mWCI2GTPOGBa+DLp4tz94=;
h=From:To:CC:Date:Subject:Message-ID:Content-Type:MIME-Version;
z=From:=20"James=20R.=20Marcus"=20<jmarcus_at_studentsonly.com>|To:=20
James=20Marcus=20<marcus.james_at_gmail.com>|CC:=20James=20Marcus=20<
marcus.james_at_gmail.com>|Date:=20Wed,=2017=20Feb=202010=2018:11:57=
20-0500|Subject:=20this=20is=20atest|Thread-Topic:=20this=20is=20a
test|Thread-Index:=20AcqwJpqTszb3HlOrSI+l8XbUD8BDgg=3D=3D|Message-
ID:=20<303A0E1F-FE9E-49D7-8D96-9FD30E015F14_at_edhance.com>|Accept-La
nguage:=20en-US|Content-Language:=20en-US|X-MS-Has-Attach:=20|X-MS
-TNEF-Correlator:=20|acceptlanguage:=20en-US|Content-Type:=20multi
part/alternative=3B=0D=0A=09boundary=3D"_000_303A0E1FFE9E49D78D969
FD30E015F14edhancecom_"|MIME-Version:=201.0;
b=qMA/61L65QA+yf0gSbnfG0jEnHDu0bHsbCjMrI5Cd2RzsrF5HyYVvcYgpW8wKw3yS
hc16yaFQpt0VAMs7oa16Hjx7JW4Cy5hh4DjivF6ZblcCrNRICkkUH1Vr3CODRaIGxO
SMsetAKz0sOgcVCBXSOajE2rSNI1U4ZIDgNfdMm0=
Received: from exch1.studentsonly.com ([fe80::558d:fd4f:e878:175c]) by
exch1.studentsonly.com ([fe80::558d:fd4f:e878:175c%10]) with mapi; Wed, 17
Feb 2010 18:11:59 -0500
From: "James R. Marcus" <jmarcus_at_studentsonly.com>
To: James Marcus <marcus.james_at_gmail.com>
CC: James Marcus <marcus.james_at_gmail.com>
Date: Wed, 17 Feb 2010 18:11:57 -0500
Subject: this is atest
Thread-Topic: this is atest
Thread-Index: AcqwJpqTszb3HlOrSI+l8XbUD8BDgg==
Message-ID: <303A0E1F-FE9E-49D7-8D96-9FD30E015F14_at_edhance.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_303A0E1FFE9E49D78D969FD30E015F14edhancecom_"
MIME-Version: 1.0
--_000_303A0E1FFE9E49D78D969FD30E015F14edhancecom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Feb 16, 2010, at 6:49 PM, SM wrote:
> Hi James,
> At 14:53 16-02-10, James R. Marcus wrote:
>> I just changed my default email to jmarcus_at_studentsonly.com. On my
>> relay I created a new key and added it to the keylist, restarted
>> opendkim and reloaded postfix. I sent a email to my self at gmail
>> and the header had my edhance key in the header. My selector in
>> opendkim.conf is set to the edhance key.
>
> There is a selector and a domain name (d=). The two are used to
> construct a the DNS query which retrieves the public key.
>
>> Should I sign StudentsOnly email with an Edhance key?
>
> Sign it with the key for StudentsOnly.
>
>> I would prefer to use a different key, how do I configure opendkim
>> to sign with the correct key?
>
> In opendkim.conf:
>
> KeyList /path/keylist.txt
>
> In keylist.txt:
>
> *_at_edhance.com:edhance.com:/path/private.key
> *_at_studentsonly.com:studentsonly.com:/path/private.key
>
> You can use the same public and private key or else have different
> keys. Opendkim will use the filename as the selector. You could
> rename the "private.key" file to match he name you want to use as the selector.
>
> Regards,
> -sm
>
:: James R. Marcus | Director, IT Operations
:: Edhance | jmarcus_at_edhance.com
:: v: 617-475-5360 | m: 914-772-8533
:: web: www.edhance.com
Received on Wed Feb 17 2010 - 23:22:51 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:19:46 PST