Changes

Jump to navigation Jump to search

Service/smtp (view source)

Revision as of 11:15, 30 July 2023

991 bytes added ,  11:15, 30 July 2023
no edit summary
Line 41: Line 41:  
   _spf.hostname    TXT    "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all"
 
   _spf.hostname    TXT    "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all"
   −
The a and mx values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined
+
The '''a''' and '''mx''' values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined
 
for hostname.
 
for hostname.
   Line 67: Line 67:  
Your entry would look like this
 
Your entry would look like this
   −
   default._domainkey.hostname      TXT    "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
+
   selector1._domainkey.hostname      TXT    "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
   _adsp._domainkey.hostname       TXT    "dkim=unknown"
+
   _adsp._domainkey.hostname         TXT    "dkim=unknown"
   −
Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with
+
When using an ed25519 key, you'll need to add a fallback RSA key for backward compatibility.
the user and group of the key being opendkim.
+
 
 +
  # Generate rsa key
 +
  $ openssl genrsa -out rsa_private.key 2048
 +
  # Generate public key from private key
 +
  $ openssl rsa -in rsa_private.key -pubout -outform der 2>/dev/null | openssl base64 -A
 +
 
 +
You can then add a KeyTable and SigningTable to your opendkim.conf
 +
 
 +
  KeyTable                refile:/etc/opendkim/KeyTable
 +
  SigningTable            refile:/etc/opendkim/SigningTable
 +
 
 +
  # Contents of KeyTable with both keys
 +
  selector1._domainkey.hostname.sugarlabs.org hostname.domain-name:selector1:/path/to/selector1/private/*.key
 +
  selector2._domainkey.hostname.sugarlabs.org hostname.domain-name:selector2:/path/to/selector2/private/*.key
 +
 
 +
  # Contents of SigningTable
 +
  *@hostname.domain-name selector1._domainkey.hostname.sugarlabs.org
 +
  *@hostname.domain-name selector2._domainkey.hostname.sugarlabs.org
 +
 
 +
Then add a DKIM record for the second selector
 +
 
 +
  w-mail._domainkey.weblate      IN      TXT    ("v=DKIM1; h=sha256; k=rsa; p="*")
 +
 
 +
The value of p is the public key of the generated RSA key above.
 +
 
 +
Ensure your private keys are on hostname.
    
== See also ==
 
== See also ==
Chimosky
89

edits

Retrieved from "https://wiki.sugarlabs.org/go/Special:MobileDiff/104093...104097"

Navigation menu