# opendkim-setter

Generate and maintain DKIM-keys for domains on your setup. This setup relies on the same structure as for [dnssec-signer](see: https://git.giaever.org/joachimmg/dnssec-signer)


# Configuration and installation

Please see the `dnssec-signer`-tool, as this is very similar.

This is a basic configuration that can easily be adapted to suit a standard setup

## Configuration files

Please read them carefully, and read up on OpenDKIM before you continue, so you understand whats going on. This isn't a tutorial.

## FILE: /etc/opendkim.conf
```
# Comments remove, read file you got when installing opendkim

# Log to syslog
Syslog			yes
# For debugging purpose
# LogWhy			true

UMask			002
UserID			opendkim

# Map domains in From addresses to keys used to sign messages
SigningTable		refile:/etc/opendkim/signing.table
KeyTable 		/etc/opendkim/key.table

# Host to ignore when verifying signatures
ExternalIgnoreList	/etc/opendkim/trusted.hosts
InternalHosts		/etc/opendkim/trusted.hosts

# Commonly-used options;
Canonicalization	relaxed/simple
Mode			sv
SubDomains		yes

AutoRestart		yes
AutoRestartRate		10/1M
Background		yes

DNSTimeout		5
SignatureAlgorithm	rsa-sha256

OversignHeaders		From
```

### FILE: /etc/opendkim/signing.table
```
*@domain.tld		domain.tld
*@domain2.tld		domain2.tld
```

### FILE: /etc/opendkim/key.table
```
domain.tld 		domain.tld:DDMMYY:/etc/opendkim/keys/domain.tld/DDMMYY.private
domain2.tld		domain2.tld:DDMMYY:/etc/opendkim/keys/domain2.tld/DDMMYY.private
```

### FILE: /etc/opendkim/trusted.hosts
```
127.0.0.1
::1
localhost
domain.tld
mail.domain.tld
```
Possibly add more domains here, if you are sending through multiple hosts. For my case, every domain sends through `mail.domain.tld`.