DKIM Signing - storing keys in sql table?

Hans Spaans via amavis-users amavis-users at
Wed Sep 4 15:00:26 CEST 2013

Thomas Johnson via amavis-users schreef op 2013-08-29 21:36:
> We're interested in adding DKIM signing, but we've got a huge number
> of domains, and storing the keys in files and reloading amavisd-new
> isn't practical.  We've looked at opendkim, which does support this,
> but we'd prefer to keep all this sort of thing in one place, in
> amavisd-new.
> Are there any plans to add the ability to store the keys in a sql
> table?  Either in the policy table directly, or in a separate table?

Using the policy table would only make sense for the DKIM-selector 
maybe, but not for the keys as you want to be able to do a controlled 
key roll-over.

* Say key is active.
* You create key for
* Publish the pub key in DNS for
* Change DKIM-selector from submit.0 to submit.1 so amavis will start 
using it;
* Remove key after normally 21 days (see validity 
of the key for that number)

You may also want to keep record of signatures for a key and how old it 
is so you can do a roll-over after 100.000 e-mails or every 400 days. I 
just picked those numbers, but it is something to consider as keys will 
get compromised, need a bigger bitsize, etc.


More information about the amavis-users mailing list