DKIM management needs to be improved

[lejmr]

Usecase:
A new domain is added, so a pem and config portions need to be added so that this change is persistent even between restarts.

At the moment, only the default domain can have DKIM

[InfiniteLukeOne]

When you modify /etc/amavis/conf.d/50-user and change:

# Add dkim_key here.
dkim_key('DOMAIN', 'dkim', '/var/lib/dkim/DOMAIN.pem');

@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    # Per-domain dkim key
    #"domain.com"  => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

    # catch-all (one dkim key for all domains)
    '.' => {d => 'DOMAIN',
            a => 'rsa-sha256',
            c => 'relaxed/simple',
            ttl => 30*24*3600 },
});

to

# Add dkim_key here.
dkim_key('*', 'dkim', '/var/lib/dkim/DOMAIN.pem');

@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    # Per-domain dkim key
    #"domain.com"  => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

    # catch-all (one dkim key for all domains)
    '.' => {a => 'rsa-sha256',
            c => 'relaxed/simple',
            ttl => 30*24*3600 },
});

you can use one DKIM-Key for all domains.

However, there's a warning: dkim: wildcard in signing domain (key#1, *), may produce unverifiable signatures with no published public key, avoid!

[kovalroma]

Hello,
Is it possible to mount /etc/amavisd to host machine to save settings for different DKIM domain?
I checked this way
-v /srv/etc/amavisd:/etc/amavisd \

but docker rewrite empty folder on host machine and an error in container appears.

In general I can use

one DKIM-Key for all domains.

But even in this case when I recreate container, amavisd recreate DKIM RSA, so I need change it in all my domains. I think /var/lib/dkim/ and /etc/amavisd should be persistent.