Generate and maintain DKIM-keys for domains on your setup. This setup relies on the same structure as for dnssec-signer
Please see the
dnssec-signer-tool, as this is very similar.
This is a basic configuration that can easily be adapted to suit a standard setup
Please read them carefully, and read up on OpenDKIM before you continue, so you understand whats going on. This isn't a tutorial.
# Comments remove, read file you got when installing opendkim # Log to syslog Syslog yes # For debugging purpose # LogWhy true UMask 002 UserID opendkim # Map domains in From addresses to keys used to sign messages SigningTable refile:/etc/opendkim/signing.table KeyTable /etc/opendkim/key.table # Host to ignore when verifying signatures ExternalIgnoreList /etc/opendkim/trusted.hosts InternalHosts /etc/opendkim/trusted.hosts # Commonly-used options; Canonicalization relaxed/simple Mode sv SubDomains yes AutoRestart yes AutoRestartRate 10/1M Background yes DNSTimeout 5 SignatureAlgorithm rsa-sha256 OversignHeaders From
*@domain.tld domain.tld *@domain2.tld domain2.tld
domain.tld domain.tld:DDMMYY:/etc/opendkim/keys/domain.tld/DDMMYY.private domain2.tld domain2.tld:DDMMYY:/etc/opendkim/keys/domain2.tld/DDMMYY.private
127.0.0.1 ::1 localhost domain.tld mail.domain.tld
Possibly add more domains here, if you are sending through multiple hosts. For my case, every domain sends through