NTACurrent en:Multiple Email Domains: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
imported>Erhardts
K (Adapted headings and line breaks)
 
imported>Erhardts
(Fixed links)
 
Zeile 1: Zeile 1:
== Overview ==
== Overview ==
If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required:
If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required:
* Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See [https://wiki.cryptshare.com/display/C4NTAMB/.DNS+Setup+v1.1.0 DNS Setup] for details.
* Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See [[{{NAMESPACE}}:DNS_Setup|DNS Setup]] for details.
* The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below.
* The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below.
== Configuration Steps ==
== Configuration Steps ==

Aktuelle Version vom 11. Mai 2022, 15:16 Uhr

Overview

If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required:

  • Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See DNS Setup for details.
  • The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below.

Configuration Steps

Enable relaying for multiple domains

The listed commands use the domains "domain.com", "domain.nl" and "domain.org", which stand as examples for your own domains.

  1. Impersonate as root user:
sudo su
  1. Specify all domains (including the one that you entered during the setup program) as destination domains (and subdomains thereof) the system will relay mail to:
postconf -e "relay_domains = domain.com,domain.nl,domain.org"
  1. Reload the changed configuration:
postfix reload

Using different DKIM keys per domain (optional)

These configuration steps are required only if you have separate DKIM keypairs for each domain. Again, the listed commands use the domains "domain.com", "domain.nl" and "domain.org", which stand as examples for your own domains.

  1. Impersonate as root user:
sudo su
  1. Open the OpenDKIM configuration file /etc/opendkim.conf in an editor
  2. Disable the following lines by adding a "#" to the beginning:
#Domain             ...
#KeyFile            /etc/dkimkeys/dkim.key
#Selector           ...
  1. Add the following lines:
KeyTable                /etc/opendkim/KeyTable
SigningTable            /etc/opendkim/SigningTable
  1. Copy the private keys of each domain's DKIM keypair to /etc/dkimkeys, for example /etc/dkimkeys/domain.com.key, /etc/dkimkeys/domain.nl.key, and /etc/dkimkeys/domain.org.key.
  2. Create a file /etc/opendkim/KeyTable with the following line for each domain:
<selector>._domainkey.<domain> <domain>:<selector>:<path to private key>

For example:

nta7516feb2021._domainkey.domain.com domain.com:nta7516feb2021:/etc/dkimkeys/domain.com.key
nta7516feb2021._domainkey.domain.nl domain.nl:nta7516feb2021:/etc/dkimkeys/domain.nl.key
nta7516feb2021._domainkey.domain.org domain.org:nta7516feb2021:/etc/dkimkeys/domain.org.key
  1. Create a file /etc/opendkim/SigningTable with the following line for each domain:
<domain> <selector>._domainkey.<domain>

For example:

domain.com nta7516feb2021._domainkey.domain.com
domain.nl nta7516feb2021._domainkey.domain.nl
domain.org nta7516feb2021._domainkey.domain.org
  1. Restart OpenDKIM:
systemctl restart opendkim