Re: [qmailtoaster] dkim on qmailtoaster

[Eric Broch]

The global entry is for everything not specified by domain entries and 
disabled domain entries, e.g.: <nonsigneddomain.com />, in the signconf.xml

On 7/30/2020 2:11 PM, Charles Amstutz wrote:
Thanks. That helps.   Is the global for the server? And the domains for each 
domain?
From: Tahnan Al Anas <tah...@gmail.com>

Hi,

You need to write sig file for each domain. like see my below file. and you 
also need to put txt file content at your dns.

<dkimsign>
   <!-- per default sign all mails using dkim -->
   <global algorithm="rsa-sha1" domain="/var/qmail/control/me" 
keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1">
     <types id="dkim" />
   </global>

<http://xyz.com domain="http://xyz.com"; keyfile="/var/qmail/control/dkim/xyz.com.key" 
selector="dkim1">
     <types id="dkim" />
     <types id="domainkey" method="nofws" />
   </http://xyz.com>

<http://abc.com domain="http://abc.com"; keyfile="/var/qmail/control/dkim/abc.com.key" 
selector="dkim1">
     <types id="dkim" />
     <types id="domainkey" method="nofws" />
   </http://abc.com>

<http://bbc.com domain="http://bbc.com"; keyfile="/var/qmail/control/dkim/bbc.com.key" 
selector="dkim1">
     <types id="dkim" />
     <types id="domainkey" method="nofws" />
   </http://bbc.com>

</dkimsign>

--
--

Best Regards
Muhammad Tahnan Al Anas


On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz <mailto:charl...@binary.net> 
wrote:
Thanks, I appreciate you taking the time to write this up. As I understand the 
dkim doc (on the website)

The globalkey is for all domains?  If I want to host multiple domains, I would 
need to create a key for each domain? And then put I in signconf.xml?

Or do I need both?
  
From: Eric Broch <mailto:ebr...@whitehorsetc.com>

# cd /var/qmail/control/dkim
# openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key -pubout 
-out ./temp.txt
# cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' &> ./public.txt && echo 
"\"" >> ./public.txt && rm ./temp.txt
On 7/30/2020 12:33 PM, Eric Broch wrote:
You can generate a key with openssl
https://lxadm.com/Generating_DKIM_key_with_openssl
I'll do a write up for this. Sorry
On 7/30/2020 12:30 PM, Charles Amstutz wrote:
Hello,
  
I'm trying to follow the steps on qmailtoaster's dkim steps.
  
a. # dknewkey /var/qmail/control/dkim/global.key 1024 > /var/qmail/control/dkim/public.txt
b. # perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt
  
  
I'm using centos 8. Everything is working fine except that I can't locate dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed to be generated beforehand. As it is not there. Is dknewkey depreciated? Also, is global.key supposed to be there? I saw in one mailing list archive from 2017 (something like libdomainkeys) to install this package that no longer exists.
  
If it has been depreciated. Is there any replacement/updates.
  
Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: mailto:qmailtoaster-list-h...@qmailtoaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com