Adding Multiple SMTP servers : Customizing selector on OpenDKIM

Recently one of my friends is setting up mutliple outbound SMTP servers for his project. But He does not have enough domain access and his primary domain is already being using another DKIM Keys (default._domainkey) for business email purpose.

His challenge is to seup another trusted outbound email server without affecting the primary Email configuration.

Requirement

1. Trusting another subdomain for sending outboud email
2. Adding SPF record for this subdomain.
3. Create a separate DKIM txt for this subdomain.

Hope you have completed OpenDKIM server using this link http://www.serveridol.com/2012/02/17/opendkim-configuring-dkim-keys-on-postfix/

Here I’m using a test domain planetcure.in for this attempt.

Following things has to be done.

a. a Create new selector for new outbound server.

Note : This is the file “/etc/opendkim/keys/default” which OpenDKIM init script is using. So that we need to overwrite it with new selector.

b. Update the Keytable entry (/etc/opendkim/KeyTable).
While you declaring the private key file in KeyTable file, you may need to mention the which selector to be used for this subdomain. Here I’m using the selector name to “cloud“. Pls note that name is mention in between the domain name and Key file location added in the KeyTable.

cloud._domainkey.cloud.planetcure.in cloud.planetcure.in:cloud:/etc/opendkim/keys/cloud.planetcure.in/default

It is very important that you mention the selector (here cloud) name in between the domain key DNS and private key file mention in the KeyTable.

c. Restart Both OpenDKIM and postfix service

D. DNS update to be set for planetcure.in

1. Create a DNS subdomain (cloud.planetcure.in) record for email server. Set a FQDN for outbound SMTP (mail01.planecure.in)

2. Set spf record which includes the outbound server ip and your FQDN hostname. You may use Microsft SPF record for creating SPF easily.

3. Create a DKIM key record “cloud._domainkey.cloud” using the txt file and set the value inside the folder in which you created Public key (/etc/opendkim/keys/cloud.planetcure.in/cloud.txt)

Note : you need to copy the string value starting from the letter “p” ie “p=MIGfMA0GCSq” without quotes.

4. set another TXT record for “adsp._domainkey” having the value “dkim=unknown”

You almost done now !! It’s the time to test.

How do I verify my DKIM both system and DNS are working correctly locally

How do I check the sfp values are set properly

How do I check DKIM Key DNS is properly set

This shows you have a perfect setup at DNS side. Now it’s the time to verify new “selector” is signed with all the outgoing emails.

Sending a test mail using SendEmail commandline tool

Verifying the signature and selector is added to each mail.