DKIM

From SackWiki

We are currently evaluating signing email with DKIM.

Mail sent with an email address of <something>@sackheads.org now gets a DKIM signature if it's sent through haybaler. Eventually baconhouse and joshua will also be setup to sign.

If you have a vanity domain, using haybaler as a relay and you'd also like to have DKIM signatures, you need to publish the following records in your DNS zone file:

_policy._domainkey  300 IN      TXT     "t=y; o=~"
haybaler._domainkey 300 IN      TXT     "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO6w9JZAr0KFgMH8awu89zNrlpYqWIC0430nU9aJlLq3RN19+/7c3gKl/BbaFjNti+K1GyDZ8Lsj/SVOo8y7IcLDS09kcYufE1Jf7dDjlAJDqdQ3avIN13Wr3I3dGoeocPZ7e/bcbo8fftkL4TtcT/JBBQISuMpeFuJ9zzLeLuawIDAQAB" 
joshua._domainkey       300     IN      TXT     "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT7LCGIQHfWWs4Z2ERNzWkYkp/FaaFkPO8veobOQTf9N3TGcDZvsT/jiPmUyb3mz0S3J1SRp0dcwzSTUBM8rz/DJk+nsNL5JT133qB2W4DL7ruyxJzz2QHgcFyc9LM5Xy6Mfzol0NklAF1q6x3Ghk46psgzaCxPgA39HkZVj7M3QIDAQAB"
baconhouse._domainkey   300     IN      TXT "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0Oh/VWr3uCj1CP7+Pdfob+5ayL5ilOD+6LakS872ZDRDdpwdC5dQM6JjUcmu6yxl0gpdAw5QlpWSfnenImi5YOVWKIsSRp3BniWfp1Ps4ZQwUUdz5EKJo2KcroKjQ51wuxMOsRPv9qek2uRLswjU5IgP+D5LZvZhQsNXLKYtfNwIDAQAB"                                                                                                                                          

Note: the [haybaler|joshua|baconhouse]._domainkey is all on one line each!

If your domain is primary on haybaler, then this is easier:

$INCLUDE /usr/local/dns/primary/domainkey.include

Then edit /etc/rc.conf to get your domain added to the milterdkim_domain variable and restart milter-dkim. If you don't have access, contact jpayne or one of the other sack admin folk.

jpayne 14:46, 22 November 2006 (EST)