OpenDKIM on backup MX

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenDKIM on backup MX

danjjde
Hello friends,
On Debian Jessie I would like to enable OpenDKIM on my two Postfix
servers.

My question is how to behave with the secondary backup server.
Enable it as on the first and then I copy the key from first to
secondary?
And how I will write DNS txt record that must take the two servers
information?


Many thanks!

Davide

Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM on backup MX

Ralf Hildebrandt-2
* Davide Marchi <[hidden email]>:
> Hello friends,
> On Debian Jessie I would like to enable OpenDKIM on my two Postfix
> servers.

For signing when sending out mails?
 
> My question is how to behave with the secondary backup server.
> Enable it as on the first and then I copy the key from first to
> secondary?
> And how I will write DNS txt record that must take the two servers
> information?

The DNS records merely specify the key material for the SENDER DOMAIN,
servers do not matter.

--
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
                                           
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM on backup MX

akuchkartay
In reply to this post by danjjde
You can use 2 separate keys on servers with different selectors and use 2 DNS records as public keys (for security reasons it will be better).
Recipient of email will query dns record to identify if signature of the email is right or not.‎ It will generate dns request based on the signature and it does not depend from the hosts (either you have 1 or 1000).

Anvar Kuchkartaev 
[hidden email] 
  Original Message  
From: Davide Marchi
Sent: martes, 10 de octubre de 2017 11:04 a.m.
To: [hidden email]
Subject: OpenDKIM on backup MX


Hello friends,
On Debian Jessie I would like to enable OpenDKIM on my two Postfix
servers.

My question is how to behave with the secondary backup server.
Enable it as on the first and then I copy the key from first to
secondary?
And how I will write DNS txt record that must take the two servers
information?


Many thanks!

Davide



Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM on backup MX

danjjde
Il 2017-10-10 16:36 Anvar Kuchkartaev ha scritto:
> You can use 2 separate keys on servers with different selectors and
> use 2 DNS records as public keys (for security reasons it will be
> better).
> Recipient of email will query dns record to identify if signature of
> the email is right or not.‎ It will generate dns request based on the
> signature and it does not depend from the hosts (either you have 1 or
> 1000).
>
> Anvar Kuchkartaev 

Well, this is exactly what I would like to know!
Thank you for your explanation, really very clear.
I just hope to do not some disaster with DNS and lose mail... :-D

Thanks again Anvar!

Davide
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM on backup MX

akuchkartay
You are welcome. In case of DNS you might use cache TTL high and use backup DNS service providers to make it reliable. ‎

Anvar Kuchkartaev 
[hidden email] 
  Original Message  
From: Davide Marchi
Sent: martes, 10 de octubre de 2017 10:27 p.m.
To: [hidden email]
Subject: Re: OpenDKIM on backup MX


Il 2017-10-10 16:36 Anvar Kuchkartaev ha scritto:
> You can use 2 separate keys on servers with different selectors and
> use 2 DNS records as public keys (for security reasons it will be
> better).
> Recipient of email will query dns record to identify if signature of
> the email is right or not.‎ It will generate dns request based on the
> signature and it does not depend from the hosts (either you have 1 or
> 1000).
>
> Anvar Kuchkartaev 

Well, this is exactly what I would like to know!
Thank you for your explanation, really very clear.
I just hope to do not some disaster with DNS and lose mail... :-D

Thanks again Anvar!

Davide