Thanks everyone! I got it working with your help and used your openSSL commands (which I appreciate) / opendkim for the other domains. I really appreciate your time and explanations.
> From: Eric Broch <ebr...@whitehorsetc.com> > The global entry is for everything not specified by domain entries and > disabled domain entries, e.g.: <nonsigneddomain.com />, in the > signconf.xml > > On 7/30/2020 2:11 PM, Charles Amstutz wrote: > > Thanks. That helps. Is the global for the server? And the domains for each > domain? > > > > From: Tahnan Al Anas <tah...@gmail.com> > > > > Hi, > > > > You need to write sig file for each domain. like see my below file. and you > also need to put txt file content at your dns. > > > > <dkimsign> > > <!-- per default sign all mails using dkim --> > > <global algorithm="rsa-sha1" domain="/var/qmail/control/me" > > keyfile="/var/qmail/control/dkim/global.key" method="simple" > > selector="dkim1"> > > <types id="dkim" /> > > </global> > > > > <http://xyz.com domain="http://xyz.com"; > > keyfile="/var/qmail/control/dkim/xyz.com.key" selector="dkim1"> > > <types id="dkim" /> > > <types id="domainkey" method="nofws" /> > > </http://xyz.com> > > > > <http://abc.com domain="http://abc.com"; > > keyfile="/var/qmail/control/dkim/abc.com.key" selector="dkim1"> > > <types id="dkim" /> > > <types id="domainkey" method="nofws" /> > > </http://abc.com> > > > > <http://bbc.com domain="http://bbc.com"; > > keyfile="/var/qmail/control/dkim/bbc.com.key" selector="dkim1"> > > <types id="dkim" /> > > <types id="domainkey" method="nofws" /> > > </http://bbc.com> > > > > </dkimsign> > > > > -- > > -- > > > > Best Regards > > Muhammad Tahnan Al Anas > > > > > > On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz > <mailto:charl...@binary.net> wrote: > > Thanks, I appreciate you taking the time to write this up. As I > > understand the dkim doc (on the website) > > > > The globalkey is for all domains? If I want to host multiple domains, I > would need to create a key for each domain? And then put I in signconf.xml? > > > > Or do I need both? > > > > From: Eric Broch <mailto:ebr...@whitehorsetc.com> > > > > # cd /var/qmail/control/dkim > > # openssl genrsa -out ./global.key 2048 && openssl rsa -in > > ./global.key -pubout -out ./temp.txt # cat ./temp.txt | grep -v - | tr > > -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' &> ./public.txt && echo "\"" > >> ./public.txt && rm ./temp.txt On 7/30/2020 12:33 PM, Eric Broch wrote: > > You can generate a key with openssl > > https://lxadm.com/Generating_DKIM_key_with_openssl > > I'll do a write up for this. Sorry > > On 7/30/2020 12:30 PM, Charles Amstutz wrote: > > Hello, > > > > I'm trying to follow the steps on qmailtoaster's dkim steps. > > > > a. # dknewkey /var/qmail/control/dkim/global.key 1024 > > > /var/qmail/control/dkim/public.txt > > b. # perl -pi -e 's/global.key._domainkey/dkim1/' > > /var/qmail/control/dkim/public.txt > > > > > > I'm using centos 8. Everything is working fine except that I can't locate > dknewkey and not sure if /var/qmail/control/dkim/global.key was supposed > to be generated beforehand. As it is not there. Is dknewkey depreciated? > Also, is global.key supposed to be there? I saw in one mailing list archive > from 2017 (something like libdomainkeys) to install this package that no > longer exists. > > > > If it has been depreciated. Is there any replacement/updates. > > > > Thanks > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com > > For additional commands, e-mail: > > mailto:qmailtoaster-list-h...@qmailtoaster.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > > For additional commands, e-mail: > > qmailtoaster-list-h...@qmailtoaster.com > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
