Created: 2020-10-03T23:58:45+00:00
This card pertains to a resource available on the internet.
opendkim-genkey -r -h sha256 -d iceworks.cc -s mail
The special name is later used in your DNS record:
mail._domainkey.iceworks 300 TXT "v=DKIM1; h=sha256; k=rsa; p=<public-key>"
/etc/opendkim/KeyTable iceworks.cc iceworks.cc:mail:/path/to/private/key
/etc/opendkim/SigningTable
/etc/opendkim/TrustedHosts 127.0.0.1
/etc/opendkim.conf ## https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ Canonicalization relaxed/relaxed ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable LogWhy Yes MinimumKeyBits 1024 Mode sv PidFile /var/run/opendkim/opendkim.pid SigningTable refile:/etc/opendkim/SigningTable Socket inet:8891@localhost Syslog Yes SyslogSuccess Yes TemporaryDirectory /var/tmp UMask 022 UserID opendkim:opendkim
If using postfix, tell it to use the filter daemon. This will sign emails leaving the server with your keys.
/etc/postfix/main.cf smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept