89
edits
Changes
Jump to navigation
Jump to search
Line 67:
Line 67: − default._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo=" + − + − Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with+ − + + + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
Your entry would look like this
Your entry would look like this
selector1._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
_adsp._domainkey.hostname TXT "dkim=unknown"
_adsp._domainkey.hostname TXT "dkim=unknown"
When using an ed25519 key, you'll need to add a fallback RSA key for backward compatibility.
the user and group of the key set to opendkim.
# Generate rsa key
$ openssl genrsa -out rsa_private.key 2048
# Generate public key from private key
$ openssl rsa -in rsa_private.key -pubout -outform der 2>/dev/null | openssl base64 -A
You can then add a KeyTable and SigningTable to your opendkim.conf
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
# Contents of KeyTable with both keys
selector1._domainkey.hostname.domain-name hostname.domain-name:selector1:/path/to/selector1/private/*.key
selector2._domainkey.hostname.domain-name hostname.domain-name:selector2:/path/to/selector2/private/*.key
# Contents of SigningTable
*@hostname.domain-name selector1._domainkey.hostname.domain-name
*@hostname.domain-name selector2._domainkey.hostname.domain-name
Then add a DKIM record for the second selector
w-mail._domainkey.weblate IN TXT ("v=DKIM1; h=sha256; k=rsa; p="*")
The value of p is the public key of the generated RSA key above.
Ensure your private keys are on hostname.
== See also ==
== See also ==