We run outbound spam filtering servers for many domains. We are constantly adding and deleting domains, and the current docs seem to imply the only way to sign all these domains is to specify each domain in the keylist file.
While this could be done, it would be a severely long file, and our purpose is to sign ALL outgoing messages for every domain using the same key. Ideally something like this in the keyfile: *:*:/etc/mail/dkim/keys/default The result would be if the sender's IP matches an IP within the trusted-hosts file, it signs the message using the default key no matter what from the sender domain. We can publish the public key in DNS for each domain as well. Second best would be to sign all outgoing messages with the same key, on a single signing domain, like this: *:genericdomain.com:/etc/mail/dkim/keys/default Note, this configuration works, but it signs messages from any domain with the genericdomain.com key. This method seems to somewhat defeat the purpose of DKIM because I think the recipient's server would ideally like the key signed from the domain in the FROM address for maximum reliability. Any thoughts on how to best accomplish this? - Nate ------------------------------------------------------------------------------ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
