Improve sign.dkim.signature.for.new.domain.html
This commit is contained in:
parent
14e080d226
commit
0d25917c08
1
TODO.md
1
TODO.md
|
@ -2,6 +2,7 @@
|
|||
|
||||
# New
|
||||
|
||||
* Use same DKIM PEM file for all mail domains.
|
||||
* How to enable per-recipient policy lookup in Amavisd (@lookup_sql_dsn).
|
||||
* How to enable DNSBL in Postfix.
|
||||
* ~~ How to sign DKIM signature on sent emails for new mail domain. mention how
|
||||
|
|
|
@ -11,6 +11,44 @@ Let's say your first mail domain added during iRedMail installation is
|
|||
`mydomain.com`, and new mail domain is `newdomain.com`, please follow below
|
||||
steps to enable DKIM signing for outgoing emails of this domain.
|
||||
|
||||
## Use existing DKIM key for new mail domain
|
||||
|
||||
if you already have a working DKIM and valid DKIM DNS record, it's ok to
|
||||
use this existing DKIM key. This way, you don't need to ask your customer
|
||||
who owns this new domain to add DKIM DNS record.
|
||||
|
||||
* Find below setting in Amavisd config file `amavisd.conf`:
|
||||
|
||||
```
|
||||
dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
|
||||
|
||||
@dkim_signature_options_bysender_maps = ( {
|
||||
...
|
||||
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
...
|
||||
});
|
||||
```
|
||||
|
||||
Add one line in `@dkim_signature_options_bysender_maps`, after `"mydomain.com"`
|
||||
line like below:
|
||||
|
||||
```
|
||||
@dkim_signature_options_bysender_maps = ( {
|
||||
...
|
||||
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
"newdomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
...
|
||||
});
|
||||
```
|
||||
|
||||
* Restart Amavisd service.
|
||||
|
||||
## Generate new DKIM key for new mail domain
|
||||
|
||||
If you or your customer prefer to use their own DKIM key, you can generate
|
||||
a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
|
||||
tutorial to [add DKIM DNS record](setup_dns.html#dkim-record-for-your-mail-domain-name).
|
||||
|
||||
* Generate new DKIM key for new domain.
|
||||
|
||||
```shell
|
||||
|
@ -52,7 +90,9 @@ Add one line after `"mydomain.com"` line like below:
|
|||
|
||||
* Restart Amavisd service.
|
||||
|
||||
## Use one DKIM key for all mail domains
|
||||
Again, don't forget to ask your customer to add DKIM DNS record.
|
||||
|
||||
## Use one DKIM key for all mail domains without updating Amavisd config file
|
||||
|
||||
For compatibility with dkim_milter the signing domain can include a '*'
|
||||
as a wildcard - this is not recommended as this way amavisd could produce
|
||||
|
|
|
@ -21,6 +21,39 @@ should update Amavisd config file to sign DKIM signature for it.</p>
|
|||
<p>Let's say your first mail domain added during iRedMail installation is
|
||||
<code>mydomain.com</code>, and new mail domain is <code>newdomain.com</code>, please follow below
|
||||
steps to enable DKIM signing for outgoing emails of this domain.</p>
|
||||
<h2 id="use-existing-dkim-key-for-new-mail-domain">Use existing DKIM key for new mail domain</h2>
|
||||
<p>if you already have a working DKIM and valid DKIM DNS record, it's ok to
|
||||
use this existing DKIM key. This way, you don't need to ask your customer
|
||||
who owns this new domain to add DKIM DNS record.</p>
|
||||
<ul>
|
||||
<li>Find below setting in Amavisd config file <code>amavisd.conf</code>:</li>
|
||||
</ul>
|
||||
<pre><code>dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
|
||||
|
||||
@dkim_signature_options_bysender_maps = ( {
|
||||
...
|
||||
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
...
|
||||
});
|
||||
</code></pre>
|
||||
|
||||
<p>Add one line in <code>@dkim_signature_options_bysender_maps</code>, after <code>"mydomain.com"</code>
|
||||
line like below:</p>
|
||||
<pre><code>@dkim_signature_options_bysender_maps = ( {
|
||||
...
|
||||
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
"newdomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
|
||||
...
|
||||
});
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Restart Amavisd service.</li>
|
||||
</ul>
|
||||
<h2 id="generate-new-dkim-key-for-new-mail-domain">Generate new DKIM key for new mail domain</h2>
|
||||
<p>If you or your customer prefer to use their own DKIM key, you can generate
|
||||
a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
|
||||
tutorial to <a href="setup_dns.html#dkim-record-for-your-mail-domain-name">add DKIM DNS record</a>.</p>
|
||||
<ul>
|
||||
<li>Generate new DKIM key for new domain.</li>
|
||||
</ul>
|
||||
|
@ -59,7 +92,8 @@ steps to enable DKIM signing for outgoing emails of this domain.</p>
|
|||
<ul>
|
||||
<li>Restart Amavisd service.</li>
|
||||
</ul>
|
||||
<h2 id="use-one-dkim-key-for-all-mail-domains">Use one DKIM key for all mail domains</h2>
|
||||
<p>Again, don't forget to ask your customer to add DKIM DNS record.</p>
|
||||
<h2 id="use-one-dkim-key-for-all-mail-domains-without-updating-amavisd-config-file">Use one DKIM key for all mail domains without updating Amavisd config file</h2>
|
||||
<p>For compatibility with dkim_milter the signing domain can include a '*'
|
||||
as a wildcard - this is not recommended as this way amavisd could produce
|
||||
signatures which have no corresponding public key published in DNS.
|
||||
|
|
Loading…
Reference in New Issue