How to setup same DKIM setings for multiple servers
I have three servers configured to relay mail. I am using dkim-milter with postfix on CentOS 5.5. I created domain keys on the command line for each server. My issue is that the domain key is different for each server, and I have to setup different DNS records for each relay server.
How can I setup a single key for all servers in TXT records?
Solution 1:
Just use the same key for all the servers, and tell them to use the same DKIM identifier for all of them. How exactly you'll do that depends on how you set it up, but having generated and installed the keys, working out how to make them all the same should be relatively easy.
Solution 2:
You already have one server with a dkim key pair and use virtualmin "DomainKeys Identified Mail":
- Edit the dkim option on the source server and add the new domain (I personally use sub domains for all my servers) so for example if your initial mail server is s1.domain.com and your new server (the one you will copy the dkim key on) is s2.domain.com your "Domains to sign for" section must contain:
s1.domain.com
s1
s2.domain.com
s2
- Save this on the source server. The key will be updated....
- The private key on my ubuntu server is filed under: /etc/dkim.key
- If your target server is the same [OS], first of all proceed to enable DKIM on the virtualmin "DomainKeys Identified Mail", you may want to use the same details than the source server in the "Domains to sign for" section & "Save", this will create the key pairs.
- I personally then disabled dkim on the TARGET server before doing the next step, but it might not be required(!?).
- When complete, edit the /etc/dkim.key on the TARGET server with vi or otherwise replace the private key with the one from the SOURCE server (you should make a backup of the file first, always do a backup!).
- Go back to the virtualmin "DomainKeys Identified Mail" in the TARGET server page and enable the dkim outgoing email but with the option "Force generation of new private key?" to "NO" and "Save"
The private key will then be read from the /etc/dkim.key and used to generate the exact same public and DKIM DNS records for domains as the source server together with all the required settings to make it work.
You're all set and the DNS can be edited if the DKIM DNS records for domains has changed, mine does not seem to have.