Re: [qmailtoaster] DKIM seems now to be required by Outlook

Thu, 20 Jun 2024 09:50:39 -0700 

Hello

To answer the original question

1 key for all, it is possible yes

I did that on a specific setup for a customer
I am using a qmail serveur acting as a smarthost (defined on another qmail server in the smtproute file) 

but that's not really a problem if you use only 1 server



check your /var/qmail/control/me domain listed there

set the key  for that fqdn
ADD the dns entries ONLY in the zone file matching the fqdn of your qmail server (not in the other zone files of your other domains of course) 

that's it

all emails going out of your server are signed with the unique global.key


Send a mail to a gmail account and you ll see it is signed

with the global key for that "sending" server.
For debug purpose in gmail check the option "original message" if you see signed, all good, otherwise click on learn and you ll get more infos (like you used wrong fqdn))
I noticed on a very particular scenario, some weird config on a destination server, I had to add in the dns zone file a MX record matching the "/var/qmail/control/me domain" 

but that was only once.

Regards

-P


On 6/20/24 03:32, Remo Mattei wrote:

I have dkim setup on several domains and all good! :)
On Jun 19, 2024, at 6:31 PM, Jeff Koch <jeffk...@intersessions.com> wrote: 

They seem to work for me.

http://www.qmailtoaster.com/dkim.html

Jeff

On 6/19/2024 8:30 PM, Chris Knight wrote:

The wiki says that Domain Keys are broken, and will be removed from future 
releases.  What does that mean for DKIM support?

http://wiki.qmailtoaster.com/index.php?title=Disabling_Domain_Keys



On Jun 20, 2024, at 12:01 PM, Jeff Koch<jeffk...@intersessions.com>  wrote:

QMT'ers

Emails to Outlook accounts started bouncing today until we added unique dkim 
keys and DNS records to the sender domains.  So now we'll probably need to do 
the same for all the accounts we do email for.

So I was thinking it would be a whole lot easier if we gave everyone the same 
key and DNS text record. Then the question is whether we can setup a wildcard 
signconf.xml stanza something like:

<dkimsign>
   < * domain="*" keyfile="/var/qmail/control/dkim/wildcard.key" 
selector="dkim1">
     <types id="dkim" />
     <types id="domainkey" method="nofws" />
   </*>
</dkimsign>

Any thoughts on whether this is doable or advisable ?

Jeff

---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com

Reply via email to