0

We currently have a single mail server (RHEL/sendmail) for all mail "mail.example.com". We have added a second mail server "email.example.com". We intend to use this for bulk email, while "mail.example.com" remains for transaction and internal mail.

We have DKIM set up for "mail.example.com", but I need to set up DKIM for "email.example.com".

My question is this: Can I use the same TXT record I have for "mail.example.com" for "email.example.com" and modify some DKIM/milter/sendmail settings? Or do I have to create an entirely seperate TXT record and key.

Chris E.
  • 269
  • 1
  • 3
  • 9

2 Answers2

1

You can reuse the same records and keys for the new server. It's best practice to setup new keys and records for each server however; any compromise on a single server leaves the others unaffected.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • I guess what I'm confused about is exactly what to do to have the new domain signed. Just add the TXT record to DNS? I'm sure theres something out there about this I just cant' find it. – Chris E. Jul 22 '11 at 13:09
  • Is the new e-mail server sending for a different domain? Like are e-mails from the original sending for example.com and the new sending for bulk.example.com? – Chris S Jul 22 '11 at 13:11
  • existing mail server is "mail.example.com", which has working DKIM keys. new mail server is "email.example.com" and this is what I'm trying to figure out how to get DKIM signing working for. Thanks for your help! – Chris E. Jul 22 '11 at 13:18
  • So those servers are sending for those domains? Or those are the host names of the servers and they're sending for different domains? – Chris S Jul 22 '11 at 13:23
  • 1
    Oh i see what youre saying, my mistake. Yes, all servers will send mail for example.com, just bulk email comes from email.example.com and internal/transactional from mail.example.com. The two sendmail instances are actually running in the same machine. – Chris E. Jul 22 '11 at 13:29
  • Ok; you should generate new keys for the new server and a new selector record to put in DNS (see [this question for a really quick howto](http://serverfault.com/q/284006#284029)). Pop the record in DNS. Then setup the milter with the new keys and the selector name (the milter is otherwise the exact same as the existing setup). – Chris S Jul 22 '11 at 14:00
0

DKIM sign is domain specific. All you email servers may share the same DKIM settings. It doesn't matter. It looks like if your use one PGP private key on your laptop and desktop computer.

hostmaster
  • 553
  • 2
  • 6