From 438df044ee0f9027929acc82bf4c084294453113 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Wed, 14 Oct 2015 00:07:35 +0800 Subject: [PATCH] If DNS provider doesn't support long DKIM value, you should generate a new one with key length '1024'. --- .../2-sign.dkim.signature.for.new.domain.md | 13 ++++++++----- en_US/installation/0-setup.dns.md | 4 ++++ html/setup.dns.html | 3 +++ html/sign.dkim.signature.for.new.domain.html | 17 ++++++++++++----- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/en_US/howto/2-sign.dkim.signature.for.new.domain.md b/en_US/howto/2-sign.dkim.signature.for.new.domain.md index cfda0497..2cc89efa 100644 --- a/en_US/howto/2-sign.dkim.signature.for.new.domain.md +++ b/en_US/howto/2-sign.dkim.signature.for.new.domain.md @@ -62,12 +62,15 @@ tutorial to [add DKIM DNS record](setup.dns.html#dkim-record-for-your-mail-domai # amavisd-new genrsa /var/lib/dkim/new_domain.com.pem 2048 ``` -Note: if you're running CentOS, you may need to specify its config file on -command line. For example: +> * if you're running CentOS, you may need to specify its config file on +> command line. For example: +> +> `# amavisd -c /etc/amavisd/amavisd.conf genrsa /var/lib/dkim/new_domain.com.pem 2048` -``` -# amavisd -c /etc/amavisd/amavisd.conf genrsa /var/lib/dkim/new_domain.com.pem 2048 -``` +> * Some DNS provider doesn't support long value for TXT type DNS record, you +> need to create a shorter key with key length `1024`. For example: +> +> `# amavisd-new genrsa /var/lib/dkim/new_domain.com.pem 1024` * Find below setting in Amavisd config file `amavisd.conf`: diff --git a/en_US/installation/0-setup.dns.md b/en_US/installation/0-setup.dns.md index a0e1a1e5..3a19f050 100644 --- a/en_US/installation/0-setup.dns.md +++ b/en_US/installation/0-setup.dns.md @@ -241,6 +241,10 @@ If it shows `pass`, it works. __Note__: If you use DNS service provided by ISP, new DNS record might take some hours to be available. +If you want to re-generate DKIM key, or need to generate one for new mail +domain, please check our another tutorial: +[Sign DKIM signature on outgoing emails for new mail domain](./sign.dkim.signature.for.new.domain.html). + ## References * [http://en.wikipedia.org/wiki/MX_record](http://en.wikipedia.org/wiki/MX_record) diff --git a/html/setup.dns.html b/html/setup.dns.html index 83ff31d2..8770c4a4 100644 --- a/html/setup.dns.html +++ b/html/setup.dns.html @@ -243,6 +243,9 @@ TESTING: dkim._domainkey.mydomain.com => pass

If it shows pass, it works.

Note: If you use DNS service provided by ISP, new DNS record might take some hours to be available.

+

If you want to re-generate DKIM key, or need to generate one for new mail +domain, please check our another tutorial: +Sign DKIM signature on outgoing emails for new mail domain.

References