Things I did

OpenDKIM configuration for a multi domain setup

Categories: Notes
Tags: postfix mail DKIM

I had recently some issues with big mail servers that didn’t like my mail server configuration, especially my multidomain setu. Therefore I started to check my mail server setup.

I used https://email-security-scans.org/ and https://internet.nl/ for the checks.

The mail setup is quite normal. The mailserver has a domain which is also the MX record, for that is DKIM configured and working. The main issues are with domains which are handled by the mail server, but are not the mail servers . For them the OpenDKIM was not configured. Tests showed it is needed to have an individual key per domain.

Private key is created with the following command:

opendkim-genkey -r -b 2048 -d domain3.de

Additionally to the key the DNS record is created in a domain3.de.txt file. The record must be added to the DNS server. It includes the public key to the private key.

/etc/opendkim/opendkim.conf: 

##
Socket                  inet:8891@localhost
UserID                  opendkim
ReportAddress           postmaster@domain1.de
Canonicalization        relaxed/relaxed

KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts

/etc/opendkim/KeyTable: 

myselector._domainkey.domain1.de domain1.de:myselector:/etc/opendkim/domain1.de/domain1.de.private
myselector._domainkey.domain2.de domain2.de:myselector:/etc/opendkim/domain2.de/domain2.de.private
myselector._domainkey.domain3.de domain3.de:myselector:/etc/opendkim/domain3.de/domain3.de.private
myselector._domainkey.domain4.de domain4.de:myselector:/etc/opendkim/domain4.de/domain4.de.private
myselector._domainkey.domain5.de domain5.de:myselector:/etc/opendkim/domain5.de/domain3.de.private
myselector._domainkey.domain6.de domain6.de:myselector:/etc/opendkim/domain6.de/domain6.de.private
myselector._domainkey.domain7.de domain7.de:myselector:/etc/opendkim/domain7.de/domain7.de.private
myselector._domainkey.domain8.de domain8.de:myselector:/etc/opendkim/domain8.de/domain8.de.private
myselector._domainkey.domain9.de domain9.de:myselector:/etc/opendkim/domain9.de/domain9.de.private

/etc/opendkim/SigningTable: 

*@domain1.de myselector._domainkey.domain1.de
*@domain2.de myselector._domainkey.domain2.de
*@domain3.de myselector._domainkey.domain3.de
*@domain4.de myselector._domainkey.domain4.de
*@domain5.de myselector._domainkey.domain5.de
*@domain6.de myselector._domainkey.domain6.de
*@domain7.de myselector._domainkey.domain7.de
*@domain8.de myselector._domainkey.domain8.de
*@domain9.de myselector._domainkey.domain9.de

/etc/opendkim/TrustedHosts: 

127.0.0.1
::1
localhost
142.9.14.142
2a03:5433:39:4325:8844:70ff:ee8b:554a
domain1.de
mail.domain1.de
domain2.de
domain3.de
domain4.de
domain5.de
domain6.de
domain7.de
domain8.de
domain9.de

Categories

Blogroll

Socials