Postfix

如何讓 DKIM 為子域和根域地址簽名?

  • June 24, 2021

我在 Ubuntu 20.04 上使用最新版本的 DKIM + Postfix 我得到了 DKIM 來簽署電子郵件 user@smtpmail.mydoamin.com。然而,它拒絕簽署來自@mydomain.com 的電子郵件。是否可以為兩個電子郵件地址簽名,如果可以,我該怎麼做?

下面是我的 opendkim.conf

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog          yes
# Added later
SyslogSuccess           Yes
LogWhy                  Yes

# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask           007

# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain          smtpmail.rapidseohost.com
KeyFile         /etc/dkimkeys/smtpmail.private
Selector        smtpmail

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization    relaxed/simple
#Mode           sv
SubDomains      yes

# Socket smtp://localhost
#
# ##  Socket socketspec
# ##
# ##  Names the socket where this filter should listen for milter connections
# ##  from the MTA.  Required.  Should be in one of these forms:
# ##
# ##  inet:port@address           to listen on a specific interface
# ##  inet:port                   to listen on all interfaces
# ##  local:/path/to/socket       to listen on a UNIX domain socket
#
Socket                  inet:8891@localhost
#Socket         local:/run/opendkim/opendkim.sock

##  PidFile filename
###      default (none)
###
###  Name of the file where the filter should write its pid before beginning
###  normal operations.
#
PidFile               /run/opendkim/opendkim.pid


# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders     From

##  ResolverConfiguration filename
##      default (none)
##
##  Specifies a configuration file to be passed to the Unbound library that
##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
##  documentation at http://unbound.net for the expected content of this file.
##  The results of using this and the TrustAnchorFile setting at the same
##  time are undefined.
##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
##  unbound package

# ResolverConfiguration     /etc/unbound/unbound.conf

##  TrustAnchorFile filename
##      default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile       /usr/share/dns/root.key

##  Userid userid
###      default (none)
###
###  Change to user "userid" before starting normal operation?  May include
###  a group ID as well, separated from the userid by a colon.
#
UserID                opendkim

我能夠通過使用以下文章中的資訊來解決此問題: DKIM with same key but different domain

基本上我在 opendkim.conf 中添加了一個根域:

Domain                  smtpmail.rapidseohost.com,rapidseohost.com

並添加對應的域名TXT記錄DNS。

引用自:https://serverfault.com/questions/1067751