Comments for don't_panic http://mikepultz.com personal and professional blog of mike pultz, technology specialist and serial entrepreneur; Sun, 07 Mar 2010 18:21:15 +0000 http://wordpress.org/?v=2.9.1 hourly 1 Comment on Using DKIM in Exim by Jim http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-177 Jim Sun, 07 Mar 2010 18:21:15 +0000 http://mikepultz.com/?p=384#comment-177 <a href="#comment-173" rel="nofollow">@mike</a> Thanks. I am using the same domain/selector and getting a "pass" from check-auth@verifier.port25.com for "DKIM check" for all domains. Again, thanks for the excellent tutorial. @mike
Thanks. I am using the same domain/selector and getting a “pass” from check-auth@verifier.port25.com for “DKIM check” for all domains.

Again, thanks for the excellent tutorial.

]]> Comment on Using DKIM in Exim by mike http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-173 mike Sat, 27 Feb 2010 01:04:47 +0000 http://mikepultz.com/?p=384#comment-173 Jim, You don't necessarily have to setup something different per domain- you can sign all your outbound e-mail from the same domain/selector. If you wanted to have a different config, based on the domain of the sender address, you could technically do a lookup based on the sender domain, and return values for each of the dkim_domain, dkim_selector and dkim_private_key values. Then you could store these values in a lookup db, or SQL database by sender domain. So as a quick (un-tested) example, you could do something like this: <code>remote_smtp: driver = smtp dkim_domain = $sender_address_domain dkim_selector = x dkim_private_key = ${lookup pgsql{select key from dkim where domain = ${quote_pgsql:$sender_address_domain}}{$value}} dkim_canon = relaxed</code> Which would use a common selector of "x", the domain of the sender e-mail, and a SSL key looked up from a PostgreSQL database by domain. Jim,

You don’t necessarily have to setup something different per domain- you can sign all your outbound e-mail from the same domain/selector.

If you wanted to have a different config, based on the domain of the sender address, you could technically do a lookup based on the sender domain, and return values for each of the dkim_domain, dkim_selector and dkim_private_key values.

Then you could store these values in a lookup db, or SQL database by sender domain.

So as a quick (un-tested) example, you could do something like this:

remote_smtp:
driver = smtp
dkim_domain = $sender_address_domain
dkim_selector = x
dkim_private_key = ${lookup pgsql{select key from dkim where domain = ${quote_pgsql:$sender_address_domain}}{$value}}
dkim_canon = relaxed

Which would use a common selector of “x”, the domain of the sender e-mail, and a SSL key looked up from a PostgreSQL database by domain.

]]> Comment on Using DKIM in Exim by Jim http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-172 Jim Wed, 24 Feb 2010 18:13:12 +0000 http://mikepultz.com/?p=384#comment-172 Thanks for an excellent explanation. Please forgive my newbie question. I have multiple domains sending mail from the same server. Should there be a separate entry for each in the Exim configure file. How should they look? Thanks for an excellent explanation. Please forgive my newbie question. I have multiple domains sending mail from the same server. Should there be a separate entry for each in the Exim configure file. How should they look?

]]> Comment on Using DKIM in Exim by Marcel http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-171 Marcel Tue, 23 Feb 2010 19:59:19 +0000 http://mikepultz.com/?p=384#comment-171 Yup, found it as well in thee meantime. All working nicely now. Only one listserver sometimes breaking the signature, but all other messages seem to work perfect. One thing to add is that one should perhaps also add an AuthorDomainSigningPolicy record: _adsp._domainkey.yourdromain.something as a text record containing "dkim=all" to indicate one signs all messages. Other option would be "dkim=unknown" to indicate only some mail is signed (for testing that is probably recommended). Yup, found it as well in thee meantime. All working nicely now. Only one listserver sometimes breaking the signature, but all other messages seem to work perfect.

One thing to add is that one should perhaps also add an AuthorDomainSigningPolicy record:

_adsp._domainkey.yourdromain.something

as a text record containing “dkim=all” to indicate one signs all messages. Other option would be “dkim=unknown” to indicate only some mail is signed (for testing that is probably recommended).

]]> Comment on Using DKIM in Exim by mike http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-168 mike Sat, 13 Feb 2010 18:19:01 +0000 http://mikepultz.com/?p=384#comment-168 <a href="#comment-166" rel="nofollow">@Marcel</a> Thanks for the pointing out that mistake Marcel. As far as the live validation; port25.com has a similar auto-reply service; just send to check-auth@verifier.port25.com; their system also validates SPF, Sender-ID, and a few other things. Cheers, Mike @Marcel

Thanks for the pointing out that mistake Marcel.

As far as the live validation; port25.com has a similar auto-reply service; just send to check-auth@verifier.port25.com; their system also validates SPF, Sender-ID, and a few other things.

Cheers,

Mike

]]>