[tech] dkim for outbound mail
Matt Johnston
matt at ucc.asn.au
Tue Mar 8 20:59:06 AWST 2016
Andrew asked on IRC what things needed fixing to get it going.
- Set up a new opendkim key on mooneye following https://help.ubuntu.com/community/Postfix/DKIM
It had been set up in the past with a 536bit key so I just had to make a new one
- Add a zone for _domainkey.ucc.asn.au and _domainkey.ucc.gu.uwa.edu.au in ucc.zones,
based off the existing entry for open.ucc.gu.uwa.edu.au
Note that unlike "open" it needed the A record to be disabled, '_' isn't a valid letter for hostnames.
Also added those zones to /etc/bind/named.conf.local. Creating a new zone seemed necessary to get UCC's
secondaries to take the domain - mooneye would serve the TXT record below fine without it.
- Added TXT entries in ucc.machines for ucc-2016-3._domainkey.ucc.asn.au etc from the opendkim key.
https://www.dmarcanalyzer.com and http://dkimvalidator.com are good for testing.
Cheers,
Matt
> On Sat 5/3/2016, at 11:10 am, Matt Johnston <matt at ucc.asn.au> wrote:
>
> UCC's outbound mail should now be signed DKIM. That makes Google and some other places trust it more.
> As far as I know it shouldn't affect people sending @ucc.asn.au/@ucc.gu.uwa.edu.au email through other mailservers, it's just a hint (I haven't set up a DMARC policy to restrict outbound servers). Let me know if you see any problems.
>
> Cheers,
> Matt
More information about the tech
mailing list