NTACurrent en:Multiple Email Domains: Unterschied zwischen den Versionen
Aus Cryptshare Documentation
imported>Erhardts K (Adapted headings and line breaks) |
imported>Erhardts (Fixed links) |
||
| Zeile 1: | Zeile 1: | ||
== Overview == | == Overview == | ||
If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required: | If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required: | ||
* Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See [ | * Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See [[{{NAMESPACE}}:DNS_Setup|DNS Setup]] for details. | ||
* The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below. | * The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below. | ||
== Configuration Steps == | == Configuration Steps == | ||
Aktuelle Version vom 11. Mai 2022, 15:16 Uhr
Overview
If your organisation has multiple email domains that need to receive emails compliant to NTA 7516, the following additional configuration steps are required:
- Each domain requires a corresponding DNS setup. The "ntamx" element of the NTA 7516 TXT records must contain the Cryptshare Mail Gateway host. See DNS Setup for details.
- The Cryptshare Mail Gateway needs to be configured to handle multiple domains for sending and receiving. These configuration steps are described below.
Configuration Steps
Enable relaying for multiple domains
The listed commands use the domains "domain.com", "domain.nl" and "domain.org", which stand as examples for your own domains.
- Impersonate as root user:
sudo su
- Specify all domains (including the one that you entered during the setup program) as destination domains (and subdomains thereof) the system will relay mail to:
postconf -e "relay_domains = domain.com,domain.nl,domain.org"
- Reload the changed configuration:
postfix reload
Using different DKIM keys per domain (optional)
These configuration steps are required only if you have separate DKIM keypairs for each domain. Again, the listed commands use the domains "domain.com", "domain.nl" and "domain.org", which stand as examples for your own domains.
- Impersonate as root user:
sudo su
- Open the OpenDKIM configuration file /etc/opendkim.conf in an editor
- Disable the following lines by adding a "#" to the beginning:
#Domain ... #KeyFile /etc/dkimkeys/dkim.key #Selector ...
- Add the following lines:
KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable
- Copy the private keys of each domain's DKIM keypair to /etc/dkimkeys, for example /etc/dkimkeys/domain.com.key, /etc/dkimkeys/domain.nl.key, and /etc/dkimkeys/domain.org.key.
- Create a file /etc/opendkim/KeyTable with the following line for each domain:
<selector>._domainkey.<domain> <domain>:<selector>:<path to private key>
For example:
nta7516feb2021._domainkey.domain.com domain.com:nta7516feb2021:/etc/dkimkeys/domain.com.key nta7516feb2021._domainkey.domain.nl domain.nl:nta7516feb2021:/etc/dkimkeys/domain.nl.key nta7516feb2021._domainkey.domain.org domain.org:nta7516feb2021:/etc/dkimkeys/domain.org.key
- Create a file /etc/opendkim/SigningTable with the following line for each domain:
<domain> <selector>._domainkey.<domain>
For example:
domain.com nta7516feb2021._domainkey.domain.com domain.nl nta7516feb2021._domainkey.domain.nl domain.org nta7516feb2021._domainkey.domain.org
- Restart OpenDKIM:
systemctl restart opendkim