DevHeads.net

OpenDKIM on backup MX

Hello friends,
On Debian Jessie I would like to enable OpenDKIM on my two Postfix
servers.

My question is how to behave with the secondary backup server.
Enable it as on the first and then I copy the key from first to
secondary?
And how I will write DNS txt record that must take the two servers
information?

Many thanks!

Davide

Comments

Re: OpenDKIM on backup MX

By akuchkartay at 10/10/2017 - 09:36

You can use 2 separate keys on servers with different selectors and use 2 DNS records as public keys (for security reasons it will be better).
Recipient of email will query dns record to identify if signature of the email is right or not.‎ It will generate dns request based on the signature and it does not depend from the hosts (either you have 1 or 1000).

Anvar Kuchkartaev 
... at anvartay dot com 
  Original Message  

Hello friends,
On Debian Jessie I would like to enable OpenDKIM on my two Postfix
servers.

My question is how to behave with the secondary backup server.
Enable it as on the first and then I copy the key from first to
secondary?
And how I will write DNS txt record that must take the two servers
information?

Many thanks!

Davide

Re: OpenDKIM on backup MX

By Davide Marchi at 10/10/2017 - 15:27

Il 2017-10-10 16:36 Anvar Kuchkartaev ha scritto:
Well, this is exactly what I would like to know!
Thank you for your explanation, really very clear.
I just hope to do not some disaster with DNS and lose mail... :-D

Thanks again Anvar!

Davide

Re: OpenDKIM on backup MX

By akuchkartay at 10/10/2017 - 15:43

You are welcome. In case of DNS you might use cache TTL high and use backup DNS service providers to make it reliable. ‎

Anvar Kuchkartaev 
... at anvartay dot com 
  Original Message  

Il 2017-10-10 16:36 Anvar Kuchkartaev ha scritto:
Well, this is exactly what I would like to know!
Thank you for your explanation, really very clear.
I just hope to do not some disaster with DNS and lose mail... :-D

Thanks again Anvar!

Davide

Re: OpenDKIM on backup MX

By Ralf Hildebrandt at 10/10/2017 - 04:08

* Davide Marchi < ... at msw dot it>:
For signing when sending out mails?

The DNS records merely specify the key material for the SENDER DOMAIN,
servers do not matter.