[BlueOnyx:25917] Re: DKIM

Michael Stauber mstauber at blueonyx.it
Thu Jan 12 23:28:03 -05 2023 

Hi Richard,

> So, I need to create a virtual site on the SMTP server 
> for the domain in question I presume? Will that not 
> be an issue in terms of trying to deliver any incoming 
> mail to that domain that routes through the SMTP server 
> instead of sending it to the POP3 server where the 
> mailbox resides?

Indeed. That opens a can of worms one would like to avoid.

We might still get this working for you, though:

You need DKIM properly configured on the SMTP server. The GUI helps with 
that, but only if the Vsite itself is on the same server.

The directory structure looks a bit like this:

/etc/opendkim
├── keys
│   ├── <domain-1>
│   │   ├── default.private
│   │   └── default.txt
│   ├── <domain-2>
│   │   ├── default.private
│   │   └── default.txt
│   └── <domain-3>
│       ├── default.private
│       └── default.txt
├── KeyTable
├── SigningTable
└── TrustedHosts

You could simply copy /etc/opendkim/keys/<domain-1> over from your 
POP3/IMAP server, where <domain-1> would be the directory that matches 
the name of the Vsite(s) where you have DKIM active.

However, the files /etc/opendkim/KeyTable and /etc/opendkim/SigningTable 
are auto-generated and edited by the GUI every time a Vsite on that 
server is modified in any email related way (alias or name changes) and 
it would filter out the records for Vsites that match existing entries 
and would replace them with the updated values.

But here is the good news: If there are Vsites on the SMTP server that 
have domain names that match the ones on your separate POP3/IMAP server? 
In that case you could simply copy and paste the relevant entries from 
/etc/opendkim/KeyTable and /etc/opendkim/SigningTable to the matching 
files on your SMTP server and would be good to go.

Let's sum this up:

Enable DKIM on the SMTP server. Confirm that the SMTP server has no 
Vsite with the same hostname as the one from the separate POP3/IMAP 
server that you want to protect with DKIM.

Copy /etc/opendkim/keys/<domain-1> from your POP3/IMAP server to the 
SMTP server.

On the POP3/IMAP server open /etc/opendkim/KeyTable in an editor. There 
should be a line like this:

default._domainkey.<domain-1> 
<domain-1>:default:/etc/opendkim/keys/<domain-1>/default.private

Copy that line and paste it into /etc/opendkim/KeyTable on the SMTP server.

Back to the POP3/IMAP server: Open up /etc/opendkim/SigningTable in an 
editor. From there you may have to find and copy multiple lines. You 
they may look similar to this:

*@<domain-1> default._domainkey.<domain-1>
*@www.<domain-1> default._domainkey.<domain-1>
*@mail.<domain-1> default._domainkey.<domain-1>

Copy these lines to /etc/opendkim/SigningTable on the SMTP server and 
save the changes.

Make sure the ownerships of these files are still correct by running this:

chown -R opendkim:opendkim /etc/opendkim

Then restart OpenDKIM and try it out:

systemctl restart opendkim

That should do the trick.




-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list