Re: Sign all outgoing mail with DKIM

From: Eugene Vivdich <eugene_at_seine.me>
Date: Fri, 26 Jun 2015 22:10:04 +0300

Hi,
Finally I don't think that only me need to sign all the outgoing email, but
here is working solution:

opendkim.conf
Domain *
KeyTable /etc/mail/key.table
SigningTable refile:/etc/mail/signing.table <<<<<<<<<<
Wildcards require a regular expression file, or "refile".
Selector mail

signing.table (perms: 644 opendkim:opendkim)
* signallkey

key.table (perms: 644 opendkim:opendkim)
signallkey example.com:mail:/etc/mail/example.com.key

example.com.key (perms: 600 opendkim:opendkim)

and check file permissions!
Have a great weekends.

---
eugene
-----Исходное сообщение----- 
From: Eugene Vivdich
Sent: Thursday, June 18, 2015 10:59 AM
To: opendkim-users_at_lists.opendkim.org
Subject: Re: Sign all outgoing mail with DKIM
I'm still confused with signing all outgoing email.
Could someone take a look on this thread and tell how to change this file:
KeyList  with this line: "*:feedmailpro.com:/etc/mail/dkim.key" from old
opendkim version
to new files:
KeyTable and SigningTable.
What should I put in that files?
I'm trying to reproduce this faq
http://serverfault.com/questions/52830/dkim-sign-outgoing-mail-from-any-domain-with-postfix-and-ubuntu
but on the latest opendkim version.
Thanks,
---
eugene
-----Исходное сообщение----- 
From: Eugene Vivdich
Sent: Friday, June 12, 2015 8:50 PM
To: R.E.Sonneveld_at_sonnection.nl ; opendkim-users_at_lists.opendkim.org
Subject: Re: Sign all outgoing mail with DKIM
Yes, I'm sure,
This can be an author's organization, an
   operational relay, or one of their agents.
Let's say I want to add DKIM to all outgoing as operational relay, mail as
I'm absolutely sure that this all my existing customers, I'm logging all the
mail for 2-5 years, I don't want to abuse them to add TXT record to their
DNS, I just want to be sure they can send email via our SMTP server. I don't
want to create a key for every of them, I just wan to generate sasl_username
and pass. Yes, It's a hosing/VPN with email services included (Like any
other ISP who let his customers to send email via his SMTP).
---
eugene
-----Исходное сообщение----- 
From: Rolf E. Sonneveld
Sent: Friday, June 12, 2015 8:10 PM
To: Eugene Vivdich ; opendkim-users_at_lists.opendkim.org
Subject: Re: Sign all outgoing mail with DKIM
On 06/12/2015 05:33 PM, Eugene Vivdich wrote:
> Hi Andreas,
> I even read in man that key could not be specified.
> But still have no luck to configure this.
> Maybe I wrote wrong issue, but to tell in a few words:
> * I have mail server for outgoing mail with postfix installed
> * I'm using dovecot-auth to authenticate users with their sasl_username 
> from MySQL DB
> * I do not have domains table in DB and I'm not care about this, so user 
> can set ANY From: address.
> * I want to sign ALL outgoing mail for all domains (I even doesn't know 
> them) with my key like the guy in my first example from the url:
are you sure that you want to take (some) responsibility for _all_ this
mail by signing it with your key? See page 1. of
https://tools.ietf.org/html/rfc6376:
> Abstract
>
>     DomainKeys Identified Mail (DKIM) permits a person, role, or
>     organization that owns the signing domain to claim some
>     responsibility for a message by associating the domain with the
>     message.
/rolf

Received on Fri Jun 26 2015 - 19:10:23 PST