Commit a8938e10 authored by Joshua Tauberer's avatar Joshua Tauberer

DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain...

DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain
parent cfcb5f5b
...@@ -108,13 +108,13 @@ EOF ...@@ -108,13 +108,13 @@ EOF
# email addresses to signing information. The KeyTable maps specify the hostname, # email addresses to signing information. The KeyTable maps specify the hostname,
# the selector, and the path to the private key. # the selector, and the path to the private key.
# #
# Just in case we don't actually host the DNS for all domains of our mail users, # DKIM ADSP and DMARC both only support policies where the signing domain matches
# we assume that DKIM is at least configured in the DNS of $PUBLIC_HOSTNAME and # the From address, so the KeyTable must specify that the signing domain for a
# we use that host for all DKIM signatures. # sender matches the sender's domain.
# #
# In SigningTable, we map every email address to a key record called $zone. # In SigningTable, we map every email address to a key record called $zone.
# Then we specify for the key record named $zone its domain, selector, and key. # Then we specify for the key record named $zone its domain, selector, and key.
echo "$zone $PUBLIC_HOSTNAME:mail:$STORAGE_ROOT/mail/dkim/mail.private" >> /etc/opendkim/KeyTable echo "$zone $zone:mail:$STORAGE_ROOT/mail/dkim/mail.private" >> /etc/opendkim/KeyTable
echo "*@$zone $zone" >> /etc/opendkim/SigningTable echo "*@$zone $zone" >> /etc/opendkim/SigningTable
done done
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment