From: Eagle L. C. S. <ser...@ea...> - 2009-04-04 03:15:16
|
Can anyone tell me exactly how to set up dkim-milter in postfix with multiple domains? I've found a few notes, but nothing seems to make sense. A good step by step guide would be nice. If anyone knows of one that they can point me to I would appreciate it. Thanks, Jeff |
From: Robert S. <ro...@sc...> - 2009-04-04 10:35:27
|
Eagle Link Customer Service schrieb: > Can anyone tell me exactly how to set up dkim-milter in postfix with > multiple domains? I've found a few notes, but nothing seems to make > sense. A good step by step guide would be nice. If anyone knows of one > that they can point me to I would appreciate it. > > Thanks, > Jeff > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss Hi, http://www.elandsys.com/resources/sendmail/dkim.html is a good place to start -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria |
From: Stas S. <st...@ne...> - 2009-04-04 11:04:27
|
On Sat, 2009-04-04 at 12:15 +0200, Robert Schetterer wrote: > Eagle Link Customer Service schrieb: > > Can anyone tell me exactly how to set up dkim-milter in postfix with > > multiple domains? I've found a few notes, but nothing seems to make > > sense. A good step by step guide would be nice. If anyone knows of one > > that they can point me to I would appreciate it. You should check out the documentation in particular for the OS you are going to use. Most of the linux distros should already have dkim milter package in their software repositories. BSD packages will usually come with the full README/documentation when installing from ports/cvs. I can recommend you a good installation guide from the Ubuntu wiki (also can be used on any Debian system): https://help.ubuntu.com/community/Postfix/dkim-milter (maybe down now due to maintenance works). For multiple domains (assume you already got the DNS setup part done), edit the dkim-filter.conf and find the `Domain` directive, where: --- Domain (string) A comma-separated list of domains whose mail should be signed by this filter. Mail from other domains will be verified rather than being signed. --- Hope this will help you. > > > > Thanks, > > Jeff > > > > > > > > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------------ > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > dkim-milter-discuss mailing list > > dki...@li... > > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > > Hi, > http://www.elandsys.com/resources/sendmail/dkim.html > is a good place to start > > -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Eagle L. C. S. <ser...@ea...> - 2009-04-05 04:57:03
|
This is the part I'm a bit confused about. So far all I've done is generate the keys and edit the DNS records. I'm running CentOS 4. Instructions I've read tell me to edit /etc/sysconfig/dkim-milter (the config file) to change "Domains" to list all the domains. The closest thing I could find was "SIGNING_DOMAIN", so I did that. Then everything says that you must use the same key on all domains, but I'm not sure why since KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" should make it chose the right file based on the domain. I haven't even begun to configure postfix yet or any startup file for dkim-milter because I wanted to get everything configured correctly first. So can anyone tell me why I need to use the same keys and how the config should look for that? Thanks, Jeff ----- Original Message ----- From: "Stas SUSHKOV" <st...@ne...> To: "dkim-milter general discussion" <dki...@li...> Sent: Saturday, April 04, 2009 7:04 AM Subject: Re: [dkim-milter-discuss] dkim-milter in postfix with multiple domains. > On Sat, 2009-04-04 at 12:15 +0200, Robert Schetterer wrote: >> Eagle Link Customer Service schrieb: >> > Can anyone tell me exactly how to set up dkim-milter in postfix with >> > multiple domains? I've found a few notes, but nothing seems to make >> > sense. A good step by step guide would be nice. If anyone knows of >> > one >> > that they can point me to I would appreciate it. > > You should check out the documentation in particular for the OS you are > going to use. Most of the linux distros should already have dkim milter > package in their software repositories. BSD packages will usually come > with the full README/documentation when installing from ports/cvs. > > I can recommend you a good installation guide from the Ubuntu wiki (also > can be used on any Debian system): > https://help.ubuntu.com/community/Postfix/dkim-milter > (maybe down now due to maintenance works). > > For multiple domains (assume you already got the DNS setup part done), > edit the dkim-filter.conf and find the `Domain` directive, where: > --- > Domain (string) > A comma-separated list of domains whose mail should be > signed by > this filter. Mail from other domains will be verified > rather > than being signed. > --- > Hope this will help you. > >> > >> > Thanks, >> > Jeff >> > >> > >> > >> > ------------------------------------------------------------------------ >> > >> > ------------------------------------------------------------------------------ >> > >> > >> > ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > dkim-milter-discuss mailing list >> > dki...@li... >> > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss >> >> Hi, >> http://www.elandsys.com/resources/sendmail/dkim.html >> is a good place to start >> >> > -- > () Campania Panglicii în ASCII > /\ http://stas.nerd.ro/ascii/ > > > ------------------------------------------------------------------------------ > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > |
From: SM <sm...@re...> - 2009-04-05 05:26:16
|
At 21:56 04-04-2009, Eagle Link Customer Service wrote: >This is the part I'm a bit confused about. So far all I've done is generate >the keys and edit the DNS records. I'm running CentOS 4. Instructions I've >read tell me to edit /etc/sysconfig/dkim-milter (the config file) to change >"Domains" to list all the domains. The closest thing I could find was >"SIGNING_DOMAIN", so I did that. Then everything says that you must use the >same key on all domains, but I'm not sure why since >KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" should >make it chose the right file based on the domain. I haven't even begun to >configure postfix yet or any startup file for dkim-milter because I wanted The /etc/sysconfig/dkim-milter file is not the same as the dkim-filter configuration file. I have not read the script to find out how it actually works. The "SIGNING_DOMAIN" should be the domain for which you want to DKIM sign messages. The script was most likely written to handle one domain only. The easiest way to get around that is to modify the startup parameters so that the script points to a dkim-filter configuration file (-x). You can then specify the domain names in there. Which version of dkim-milter did you install? >to get everything configured correctly first. So can anyone tell me why I >need to use the same keys and how the config should look for that? You don't have to use the same keys unless the software you run has that restriction. dkim-filter supports multiple keys. You can use a different key for each domain or you can use the same key for all domains. Regards, -sm |
From: Eagle L. C. S. <ser...@ea...> - 2009-04-05 05:51:44
|
I installed it probably a month ago playing around but gave up for a little while as I had more important things at the time, so it's probably not the latest. Can't remember if I installed it using yum or with a file, but it's 2.2.1. That makes more sense. I couldn't find any clear instructions and couldn't find anything that just said "Domain" in that file that people referenced. There is more references for sendmail then there is for postfix, but I'm not sure what the real differences are othat than the configuration in each MTA. I would definitely rather use different keys just because the domains aren't all mine, and it seems more secure that way. Thanks for your help. Jeff ----- Original Message ----- From: "SM" <sm...@re...> To: "dkim-milter general discussion" <dki...@li...> Sent: Sunday, April 05, 2009 1:26 AM Subject: Re: [dkim-milter-discuss] dkim-milter in postfix with multiple domains. > At 21:56 04-04-2009, Eagle Link Customer Service wrote: >>This is the part I'm a bit confused about. So far all I've done is >>generate >>the keys and edit the DNS records. I'm running CentOS 4. Instructions >>I've >>read tell me to edit /etc/sysconfig/dkim-milter (the config file) to >>change >>"Domains" to list all the domains. The closest thing I could find was >>"SIGNING_DOMAIN", so I did that. Then everything says that you must use >>the >>same key on all domains, but I'm not sure why since >>KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" >>should >>make it chose the right file based on the domain. I haven't even begun to >>configure postfix yet or any startup file for dkim-milter because I wanted > > The /etc/sysconfig/dkim-milter file is not the same as the > dkim-filter configuration file. I have not read the script to find > out how it actually works. > > The "SIGNING_DOMAIN" should be the domain for which you want to DKIM > sign messages. The script was most likely written to handle one > domain only. The easiest way to get around that is to modify the > startup parameters so that the script points to a dkim-filter > configuration file (-x). You can then specify the domain names in there. > > Which version of dkim-milter did you install? > >>to get everything configured correctly first. So can anyone tell me why I >>need to use the same keys and how the config should look for that? > > You don't have to use the same keys unless the software you run has > that restriction. dkim-filter supports multiple keys. You can use a > different key for each domain or you can use the same key for all domains. > > Regards, > -sm > > > ------------------------------------------------------------------------------ > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > |
From: SM <sm...@re...> - 2009-04-05 09:35:45
|
At 22:51 04-04-2009, Eagle Link Customer Service wrote: >I installed it probably a month ago playing around but gave up for a little >while as I had more important things at the time, so it's probably not the >latest. Can't remember if I installed it using yum or with a file, but it's >2.2.1. That makes more sense. I couldn't find any clear instructions and That's a very old version of dkim-milter. The package (the OS specific customizations) you are using may not support reading the dkim-filter configuration from a file. >couldn't find anything that just said "Domain" in that file that people >referenced. There is more references for sendmail then there is for >postfix, but I'm not sure what the real differences are othat than the >configuration in each MTA. I would definitely rather use different keys >just because the domains aren't all mine, and it seems more secure that way. The only difference between the sendmail configuration and the postfix configuration is the milter configuration. The how-to you are using following the old (dkim-milter) configuration style where the options were set through command line parameters. Set the list of domains to sign for in "SIGNING_DOMAIN". Use /etc/dkim-milter/keyfile for "KEYFILE". For the /etc/mail/dkim-filter/keyfile file, use the following format: *@example.com:example.com:/etc/mail/dkim-milter/example.com/default *@example.net:example.net:/etc/mail/dkim-milter/example.net/default The /etc/mail/dkim-milter/example.com/default file contains the private key. You can have different keys for each domain. I have not tested the above setup. Regards, -sm |
From: Eagle L. C. S. <ser...@ea...> - 2009-04-05 06:04:43
|
Here's what I was originally trying to follow. http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1 Jeff ----- Original Message ----- From: "SM" <sm...@re...> To: "dkim-milter general discussion" <dki...@li...> Sent: Sunday, April 05, 2009 1:26 AM Subject: Re: [dkim-milter-discuss] dkim-milter in postfix with multiple domains. > At 21:56 04-04-2009, Eagle Link Customer Service wrote: >>This is the part I'm a bit confused about. So far all I've done is >>generate >>the keys and edit the DNS records. I'm running CentOS 4. Instructions >>I've >>read tell me to edit /etc/sysconfig/dkim-milter (the config file) to >>change >>"Domains" to list all the domains. The closest thing I could find was >>"SIGNING_DOMAIN", so I did that. Then everything says that you must use >>the >>same key on all domains, but I'm not sure why since >>KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" >>should >>make it chose the right file based on the domain. I haven't even begun to >>configure postfix yet or any startup file for dkim-milter because I wanted > > The /etc/sysconfig/dkim-milter file is not the same as the > dkim-filter configuration file. I have not read the script to find > out how it actually works. > > The "SIGNING_DOMAIN" should be the domain for which you want to DKIM > sign messages. The script was most likely written to handle one > domain only. The easiest way to get around that is to modify the > startup parameters so that the script points to a dkim-filter > configuration file (-x). You can then specify the domain names in there. > > Which version of dkim-milter did you install? > >>to get everything configured correctly first. So can anyone tell me why I >>need to use the same keys and how the config should look for that? > > You don't have to use the same keys unless the software you run has > that restriction. dkim-filter supports multiple keys. You can use a > different key for each domain or you can use the same key for all domains. > > Regards, > -sm > > > ------------------------------------------------------------------------------ > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > |
From: Eagle L. C. S. <ser...@ea...> - 2009-04-05 19:24:16
|
Would it be easier to just install (compile if necessary) a newer version? Jeff ----- Original Message ----- From: "SM" <sm...@re...> To: "dkim-milter general discussion" <dki...@li...> Sent: Sunday, April 05, 2009 5:34 AM Subject: Re: [dkim-milter-discuss] dkim-milter in postfix with multiple domains. > At 22:51 04-04-2009, Eagle Link Customer Service wrote: >>I installed it probably a month ago playing around but gave up for a >>little >>while as I had more important things at the time, so it's probably not the >>latest. Can't remember if I installed it using yum or with a file, but >>it's >>2.2.1. That makes more sense. I couldn't find any clear instructions and > > That's a very old version of dkim-milter. The package (the OS > specific customizations) you are using may not support reading the > dkim-filter configuration from a file. > >>couldn't find anything that just said "Domain" in that file that people >>referenced. There is more references for sendmail then there is for >>postfix, but I'm not sure what the real differences are othat than the >>configuration in each MTA. I would definitely rather use different keys >>just because the domains aren't all mine, and it seems more secure that >>way. > > The only difference between the sendmail configuration and the > postfix configuration is the milter configuration. The how-to you > are using following the old (dkim-milter) configuration style where > the options were set through command line parameters. > > Set the list of domains to sign for in "SIGNING_DOMAIN". Use > /etc/dkim-milter/keyfile for "KEYFILE". For the > /etc/mail/dkim-filter/keyfile file, use the following format: > > *@example.com:example.com:/etc/mail/dkim-milter/example.com/default > *@example.net:example.net:/etc/mail/dkim-milter/example.net/default > > The /etc/mail/dkim-milter/example.com/default file contains the > private key. You can have different keys for each domain. > > I have not tested the above setup. > > Regards, > -sm > > > ------------------------------------------------------------------------------ > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > |
From: SM <sm...@re...> - 2009-04-06 21:36:28
|
Hi Jeff, At 12:23 05-04-2009, Eagle Link Customer Service wrote: >Would it be easier to just install (compile if necessary) a newer version? If you know how to compile from source and you can deal with the dependencies, you might find it easier. As I explained in my previous message, you should be able to get the version you have installed to sign for multiple domains. It only requires tweaking the start-up parameters. Regards, -sm |