DKIM over more (mail)servers

Discussion in 'ISPConfig 3 Priority Support' started by radim_h, Dec 6, 2016.

  1. radim_h

    radim_h Member

    Hello,
    I have DKIM set for domain on ISPConfig mailserver and DNS server. But there are more servers for this specific domain delivering email. All with postfix as local mailer.
    What setting should i replicate from ISPConfig to other nonISPC servers, to have DKIM set on other servers ?

    Thank you for any help
    R.Hejc
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The dkim signing is done by amavisd, so you will have to replicate the amavisd config on the other nodes (dkim domains are configured in the amavis config file, so keep that in sync) and also the cert files need to be available on all nodes. @florian030 might be able to give you more details on the implementation.
     
  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    The dkim-signing is done by amavis. Are you really using severl servers to send mail without scanning mails with amavis? You may to run an amavis-cluster. Just make sure, that you have the var/lib/amavis/dkim and 60-dkim on all servers in sync.
     
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You can rsync the needed configs. I would run a centralized scan-server (or more - depends on your mail-traffic). This is much easier to maintain.

    main.cf:
    content_filter = smtp:scan.exampel.com:10024
    master.cf:
    10025 inet n - n - - smtpd
    ....
    10027 inet n - n - - smtpd
    ...
    (protect ports 10025 and 10027 with your firewall or add amavis-server to -o mynetworks)

    create an MX-Record for scan.example.com (with on or more A/AAAA-records).

    50-user change:
    $forward_method = 'smtp:*:*';
    $notify_method = 'smtp:*:*';

    and
    @inet_acl and / or @mynetworks so that amavis accepts connections from the mailservers.

    smtp:*:* = send back to IP (*) on incoming-port+1 (2nd *)
     
    till likes this.

Share This Page