This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM with two domains

Hi,

We have two email domains which send from the same Exchange environment and then through our Email Appliances. We have added DKIM records to our DNS (with testing key enabled) but on trying to setup the Appliances with DKIM I find that only one Private key and selector can be entered.

Is there a way to enter two DKIM private keys, or another way in which we can enable DKIM for both of our domains?

Thank you



This thread was automatically locked due to age.
  • Hi Martin,

     

    It's difficult to answer your question without more information, but in general 

    the requirements are:

    #1 A DNS Administrative interface that can create and maintain the relevant DNS names ‑‑ including names with underscores ‑‑ and resource records (RR).
    #2 A trusted module, called the Signing Module, which is within the organization's outbound email handling service and which creates and adds the DKIM-Signature: header field(s) to the message.

     

    In short when you generated the keys it would include all of the domains you want to sign for.

    the only thing you will need to do is add the signing key to the appliance. 

    You may wish to check out the various sections here.  (3, 4 6.5 etc)

    http://www.dkim.org/specs/draft-ietf-dkim-deployment-11.html

     

    once that's done you should have no problem singing for as many domains as you like.

  • Hi Red_Warrior,

    Thanks for that information but I'm still not sure its possible.

    Lets say our domains are called domain1.com and domain2.com and both send and recieve email via the same clustered Email Appliances. From what I can find, each domain will need to have its own DKIM public key and selector, however we can only add a single DKIM private key to the Appliances.

    I can't find any guidance on how to generate a single public and private key for two domains.

  • Hi Martin,

     

    I looked into this a little more, there are some issues that at this time would prevent it from working correctly.  As described above you can create multiple domains with a single private key and host it. However there is no interface to the actual dkim configuration where all of the domains must be specified. 

    Unfortunately you will not be able to sign multiple domains until there is some access to the dkim configuration file. 

    I can not make a feature request on your behalf but this would be a perfect one to post on the appliance page here : http://ideas.sophos.com/forums/17359-utm-feature-requests/category/31141-appliance-hardware

     

    Cheers