Re: how to setup opendkim for signing all outgoing mails

From: Andreas Schulze <>
Date: Tue, 8 May 2012 15:43:25 +0200 (CEST)

> We are running a website that also has a blogging feature. A reader can
> contact the author via a webform where he/she can enter his/her email address,
> specify a subject and write a message body. When they click on the "send"
> button the website generates an email and sends it via the postfix MTA.

I assume, the webserver submit via smtp, not via /usr/sbin/sendmail.

So you have all the power of postfix smtp servers.

1. create a separate input channel in inet n - n --- smtpd
 -o syslog_name=postfix/webapp_submission
 -o milter_macro_daemon_name=WEBAPP_SUBMISSION
 -o smtpd_milters=${opendkim_milter} ( defined in as opendkim_milter = inet:... )

2. create a file 'mtatable' containing WEBAPP_SUBMISSION
$ echo 'WEBAPP_SUBMISSION' >> etc/opendkim/mtatable

I always use signingtable+keytable.

3. allow any From address to sign
$ echo '* foobar' >> /etc/opendkim/signingtable

4. foobar is used to lookup keydata in keytable as usual

5. edit opendkim.conf
MTA file:/etc/opendkim/mtatable
SigningTable refile:/etc/opendkim/signingtable ( note the re in refile! )
KeyTable etc/opendkim/keytable

that way any mails arraive via SMTP to the milter *and* the Milter-Macro {daemon_name} is
WEBAPP_SUBMISSIONS will be signed using the key referred by the keytable index "foobar"

If one like different singingkeys for differnet {daemon_names} there is also a solotion with

Add "-o milter_macro_v=any_at_webapp1" to the postfix smtp server an arrange that only webapp1
submitts there.

then add "SenderMacro {v}" to opendkim.conf. So opendkim does not look at any From headers
but takes {v} to lookup into signingtable.

modify the signingtable:

any_at_webapp1 key1
any_at_webapp2 key2

key1 an key2 are now different signingkeys defined in keytable...

I'm only unsure if such setup requires spezial compiletime features to be enabled.

Viele Gre
Andreas Schulze
Received on Tue May 08 2012 - 13:43:39 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST