Re: Signing multiple domains best practice

From: SM <>
Date: Wed, 17 Feb 2010 15:57:24 -0800

At 15:19 17-02-10, James R. Marcus wrote:
>Here are my settings:
>AllowSHA1Only no
>AutoRestartCount 0
>Background Yes
>BaseDirectory /var/run/opendkim
>Diagnostics yes
>InternalHosts /etc/postfix/opendkim/InternalHosts.conf
>KeepTemporaryFiles yes
>KeyFile /var/db/dkim/example.private

You don't need KeyFile as you are using KeyList. The Domain setting
is also not required because of KeyList.

>KeyList /var/db/dkim/keylist
>LogWhy yes
>Mode sv
>PidFile /var/run/opendkim/
>Selector edhancerelay

The Selector setting will be ignored.

>Socket inet:20209_at_localhost
>Syslog Yes
>SyslogFacility mail
>[root_at_relay1 dkim]# cat keylist
># sender-pattern:signing-domain:keypath
># *

That should be:


The selector for the first domain will be edhancerelay. The selector
for the second domain will be studentsonlyrelay.

Please note that the KeyList setting _will_ be obsoleted in the next
release of OpenDKIM.

Received on Wed Feb 17 2010 - 23:57:56 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:46 PST