Postfix
如何讓 DKIM 為子域和根域地址簽名?
我在 Ubuntu 20.04 上使用最新版本的 DKIM + Postfix 我得到了 DKIM 來簽署電子郵件 user@smtpmail.mydoamin.com。然而,它拒絕簽署來自@mydomain.com 的電子郵件。是否可以為兩個電子郵件地址簽名,如果可以,我該怎麼做?
下面是我的 opendkim.conf
# This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Added later SyslogSuccess Yes LogWhy Yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 007 # Sign for example.com with key in /etc/dkimkeys/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) Domain smtpmail.rapidseohost.com KeyFile /etc/dkimkeys/smtpmail.private Selector smtpmail # Commonly-used options; the commented-out versions show the defaults. Canonicalization relaxed/simple #Mode sv SubDomains yes # Socket smtp://localhost # # ## Socket socketspec # ## # ## Names the socket where this filter should listen for milter connections # ## from the MTA. Required. Should be in one of these forms: # ## # ## inet:port@address to listen on a specific interface # ## inet:port to listen on all interfaces # ## local:/path/to/socket to listen on a UNIX domain socket # Socket inet:8891@localhost #Socket local:/run/opendkim/opendkim.sock ## PidFile filename ### default (none) ### ### Name of the file where the filter should write its pid before beginning ### normal operations. # PidFile /run/opendkim/opendkim.pid # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From ## ResolverConfiguration filename ## default (none) ## ## Specifies a configuration file to be passed to the Unbound library that ## performs DNS queries applying the DNSSEC protocol. See the Unbound ## documentation at http://unbound.net for the expected content of this file. ## The results of using this and the TrustAnchorFile setting at the same ## time are undefined. ## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested ## unbound package # ResolverConfiguration /etc/unbound/unbound.conf ## TrustAnchorFile filename ## default (none) ## ## Specifies a file from which trust anchor data should be read when doing ## DNS queries and applying the DNSSEC protocol. See the Unbound documentation ## at http://unbound.net for the expected format of this file. TrustAnchorFile /usr/share/dns/root.key ## Userid userid ### default (none) ### ### Change to user "userid" before starting normal operation? May include ### a group ID as well, separated from the userid by a colon. # UserID opendkim
我能夠通過使用以下文章中的資訊來解決此問題: DKIM with same key but different domain
基本上我在 opendkim.conf 中添加了一個根域:
Domain smtpmail.rapidseohost.com,rapidseohost.com
並添加對應的域名TXT記錄DNS。