elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve sign.dkim.signature.for.new.domain.html

This commit is contained in:
Zhang Huangbin 2014-10-11 15:40:30 +08:00
parent 14e080d226
commit 0d25917c08
3 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO.md
View File

@ -2,6 +2,7 @@
# New
* Use same DKIM PEM file for all mail domains.
* How to enable per-recipient policy lookup in Amavisd (@lookup_sql_dsn).
* How to enable DNSBL in Postfix.
* ~~ How to sign DKIM signature on sent emails for new mail domain. mention how

42
howto/1-sign.dkim.signature.for.new.domain.md
View File

@ -11,6 +11,44 @@ Let's say your first mail domain added during iRedMail installation is
`mydomain.com`, and new mail domain is `newdomain.com`, please follow below
steps to enable DKIM signing for outgoing emails of this domain.
## Use existing DKIM key for new mail domain
if you already have a working DKIM and valid DKIM DNS record, it's ok to
use this existing DKIM key. This way, you don't need to ask your customer
who owns this new domain to add DKIM DNS record.
* Find below setting in Amavisd config file `amavisd.conf`:
```
dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
@dkim_signature_options_bysender_maps = ( {
...
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
...
});
```
Add one line in `@dkim_signature_options_bysender_maps`, after `"mydomain.com"`
line like below:
```
@dkim_signature_options_bysender_maps = ( {
...
"mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
"newdomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
...
});
```
* Restart Amavisd service.
## Generate new DKIM key for new mail domain
If you or your customer prefer to use their own DKIM key, you can generate
a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
tutorial to [add DKIM DNS record](setup_dns.html#dkim-record-for-your-mail-domain-name).
* Generate new DKIM key for new domain.
```shell
@ -52,7 +90,9 @@ Add one line after `"mydomain.com"` line like below:
* Restart Amavisd service.
## Use one DKIM key for all mail domains
Again, don't forget to ask your customer to add DKIM DNS record.
## Use one DKIM key for all mail domains without updating Amavisd config file
For compatibility with dkim_milter the signing domain can include a '*'
as a wildcard - this is not recommended as this way amavisd could produce

36
html/sign.dkim.signature.for.new.domain.html
View File

@ -21,6 +21,39 @@ should update Amavisd config file to sign DKIM signature for it.</p>
<p>Let's say your first mail domain added during iRedMail installation is
<code>mydomain.com</code>, and new mail domain is <code>newdomain.com</code>, please follow below
steps to enable DKIM signing for outgoing emails of this domain.</p>
<h2 id="use-existing-dkim-key-for-new-mail-domain">Use existing DKIM key for new mail domain</h2>
<p>if you already have a working DKIM and valid DKIM DNS record, it's ok to
use this existing DKIM key. This way, you don't need to ask your customer
who owns this new domain to add DKIM DNS record.</p>
<ul>
<li>Find below setting in Amavisd config file <code>amavisd.conf</code>:</li>
</ul>
<pre><code>dkim_key('mydomain.com', &quot;dkim&quot;, &quot;/var/lib/dkim/mydomain.com.pem&quot;);
@dkim_signature_options_bysender_maps = ( {
...
&quot;mydomain.com&quot; =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
...
});
</code></pre>
<p>Add one line in <code>@dkim_signature_options_bysender_maps</code>, after <code>"mydomain.com"</code>
line like below:</p>
<pre><code>@dkim_signature_options_bysender_maps = ( {
...
&quot;mydomain.com&quot; =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
&quot;newdomain.com&quot; =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
...
});
</code></pre>
<ul>
<li>Restart Amavisd service.</li>
</ul>
<h2 id="generate-new-dkim-key-for-new-mail-domain">Generate new DKIM key for new mail domain</h2>
<p>If you or your customer prefer to use their own DKIM key, you can generate
a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
tutorial to <a href="setup_dns.html#dkim-record-for-your-mail-domain-name">add DKIM DNS record</a>.</p>
<ul>
<li>Generate new DKIM key for new domain.</li>
</ul>
@ -59,7 +92,8 @@ steps to enable DKIM signing for outgoing emails of this domain.</p>
<ul>
<li>Restart Amavisd service.</li>
</ul>
<h2 id="use-one-dkim-key-for-all-mail-domains">Use one DKIM key for all mail domains</h2>
<p>Again, don't forget to ask your customer to add DKIM DNS record.</p>
<h2 id="use-one-dkim-key-for-all-mail-domains-without-updating-amavisd-config-file">Use one DKIM key for all mail domains without updating Amavisd config file</h2>
<p>For compatibility with dkim_milter the signing domain can include a '*'
as a wildcard - this is not recommended as this way amavisd could produce
signatures which have no corresponding public key published in DNS.