Re: Signing multiple domains best practice

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: SM <sm_at_resistor.net>
Date: Wed, 17 Feb 2010 15:57:24 -0800

At 15:19 17-02-10, James R. Marcus wrote:
>Here are my settings:
>
>AllowSHA1Only no
>AutoRestartCount 0
>Background Yes
>BaseDirectory /var/run/opendkim
>Diagnostics yes
>Domain edhance.com
>InternalHosts /etc/postfix/opendkim/InternalHosts.conf
>KeepTemporaryFiles yes
>KeyFile /var/db/dkim/example.private

You don't need KeyFile as you are using KeyList. The Domain setting
is also not required because of KeyList.

>KeyList /var/db/dkim/keylist
>LogWhy yes
>Mode sv
>PidFile /var/run/opendkim/opendkim.pid
>ReportAddress jmarcus_at_edhance.com
>Selector edhancerelay

The Selector setting will be ignored.

>Socket inet:20209_at_localhost
>Syslog Yes
>SyslogFacility mail
>
>
>[root_at_relay1 dkim]# cat keylist
># sender-pattern:signing-domain:keypath
># *:example.com:selector
>*:edhance.com:edhancerelay:/var/db/dkim/edhancerelay
>*:studentsonly.com:studentsonlyrelay:/var/db/dkim/studentsonlyrelay

That should be:

*_at_edhance.com:edhance.com:/var/db/dkim/edhancerelay
*_at_studentsonly.com:studentsonly.com:/var/db/dkim/studentsonlyrelay

The selector for the first domain will be edhancerelay. The selector
for the second domain will be studentsonlyrelay.

Please note that the KeyList setting _will_ be obsoleted in the next
release of OpenDKIM.

Regards,
-sm
Received on Wed Feb 17 2010 - 23:57:56 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:46 PST