Re: KeyTable/SigningTable Question

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 4 Mar 2013 10:49:20 -0800 (PST)

On Mon, 4 Mar 2013, Baird, Josh wrote:
> I have a situation where I need to sign for multiple domains, but each
> domain will use the same key/selector. Therefore, my SigningTable looks
> like this:
>
> fc-mail1._domainkey.dom.com dom.com:fc-mail1:/etc/opendkim/keys/fc-mail1.private
> fc-mail1._domainkey.sub.dom.com sub.dom.com:fc-mail1:/etc/opendkim/keys/fc-mail1.private
>
> Are two entries required here since I am signing for two domains
> (dom.com and sub.dom.com) even though the keys/selectors are the same?
>
> My KeyTable looks like:
>
> *_at_dom.com fc-mail1._domainkey.dom.com
> *_at_sub.dom.com fc-mail1._domainkey.sub.dom.com
>
> Does this configuration seem correct?

It works, but you can simplify it slightly to:

KeyTable:
         *_at_dom.com fc-mail1
         *_at_sub.dom.com fc-mail1

SigningTable:
         fc-mail1 %:fc-mail1:/etc/opendkim/keys/fc-mail1.private

See the man page for opendkim.conf(5) for details.

-MSK
Received on Mon Mar 04 2013 - 18:49:42 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 04 2013 - 18:54:01 PST