Re: Signing multiple domains best practice
At 15:19 17-02-10, James R. Marcus wrote:
>Here are my settings:
>
>AllowSHA1Only no
>AutoRestartCount 0
>Background Yes
>BaseDirectory /var/run/opendkim
>Diagnostics yes
>Domain edhance.com
>InternalHosts /etc/postfix/opendkim/InternalHosts.conf
>KeepTemporaryFiles yes
>KeyFile /var/db/dkim/example.private
You don't need KeyFile as you are using KeyList. The Domain setting
is also not required because of KeyList.
>KeyList /var/db/dkim/keylist
>LogWhy yes
>Mode sv
>PidFile /var/run/opendkim/opendkim.pid
>ReportAddress jmarcus_at_edhance.com
>Selector edhancerelay
The Selector setting will be ignored.
>Socket inet:20209_at_localhost
>Syslog Yes
>SyslogFacility mail
>
>
>[root_at_relay1 dkim]# cat keylist
># sender-pattern:signing-domain:keypath
># *:example.com:selector
>*:edhance.com:edhancerelay:/var/db/dkim/edhancerelay
>*:studentsonly.com:studentsonlyrelay:/var/db/dkim/studentsonlyrelay
That should be:
*_at_edhance.com:edhance.com:/var/db/dkim/edhancerelay
*_at_studentsonly.com:studentsonly.com:/var/db/dkim/studentsonlyrelay
The selector for the first domain will be edhancerelay. The selector
for the second domain will be studentsonlyrelay.
Please note that the KeyList setting _will_ be obsoleted in the next
release of OpenDKIM.
Regards,
-sm
Received on Wed Feb 17 2010 - 23:57:56 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:19:46 PST