Quote:
Originally Posted by baldur2630
I have TWO CentOS servers.
the DKIM record was created using opendkim on a different server.
|
It does not matter what you use to create DKiM key pair or where you create it. It's just RSA key pair, you can as well use openssl, which I use
Code:
openssl rsa -in mydomain.private.pem -out mydomain.pub.pem -pubout -outform PEM
and then create TXT DNS record for [selector]._domainkey.mydomain containing public key "v=DKIM1; k=rsa; p=[your public key in a single line]"
You can use any string for selector and you can have as many selectors as you like for your domain. For example some companies send some email using third party and do not want to share their private key with them so they use different key pair with different selector for these emails. However if you manage both servers you can as well use the same selector and key for both.
On the second server you need to install OpenDKiM or any other DKiM signing software. Doesn't really matter what you choose as long as your private key and selector you use to sign your emails have matching public key and selector published in DNS.
Myself, I am using the same key pair for many domains to make it more manageable. Initially I tried having unique key pairs, but I ended up with hundreds of pairs and started getting lost. It's also easier to change your key pair if your private key becomes compromised.