102
edits
Homepage | Activities | Events | Lists | Development | Translate | Contact
Changes
Jump to navigation
Jump to search
no edit summary
Line 67:
Line 67:
default._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="+Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with+
+
+
+
+
+
+
+
+
+
Your entry would look like this
Your entry would look like this
− selector1._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
− _adsp._domainkey.hostname TXT "dkim=unknown"
+ _adsp._domainkey.hostname TXT "dkim=unknown"
−When using an ed25519 key, you'll need to add a fallback RSA key for backward compatibility.
−the user and group of the key set to opendkim.
+ # Generate rsa key
+ $ openssl genrsa -out rsa_private.key 2048
+ # Generate public key from private key
+ $ openssl rsa -in rsa_private.key -pubout -outform der 2>/dev/null | openssl base64 -A
+You can then add a KeyTable and SigningTable to your opendkim.conf
+ KeyTable refile:/etc/opendkim/KeyTable
+ SigningTable refile:/etc/opendkim/SigningTable
+ # Contents of KeyTable with both keys
+ selector1._domainkey.hostname.domain-name hostname.domain-name:selector1:/path/to/selector1/private/*.key
+ selector2._domainkey.hostname.domain-name hostname.domain-name:selector2:/path/to/selector2/private/*.key
+ # Contents of SigningTable
+ *@hostname.domain-name selector1._domainkey.hostname.domain-name
+ *@hostname.domain-name selector2._domainkey.hostname.domain-name
+Then add a DKIM record for the second selector
+ w-mail._domainkey.weblate IN TXT ("v=DKIM1; h=sha256; k=rsa; p="*")
+The value of p is the public key of the generated RSA key above.
+Ensure your private keys are on hostname.
== See also ==
== See also ==