DestinationdkimidentityN, destinationdkimselectorN, sourcedkimidentityN, sourcedkimselectorN Channel Options

Channel-based DKIM signing
The  and   channel options provide the ability to apply DKIM signatures to messages based on destination and source channels, respectively.

The specification of one or more DKIM identities enables signing as enqueued messages are written to disk. Each identity is used to access a corresponding private key in PEM format stored as DATAROOT/dkim_private/&#x3c;identity&#x3e;/&#x3c;selector&#x3e;.pem.

Multiple "slots" are provided so that multiple signatures can be applied simultaneously. Slot values starting at 0 appear at the end of the option name. At present four slots are available, so N can range from 0 to 3.

Identity values specifies the DKIM identity. This can take the form "user@domain", "@domain", "domain", or the special value "&#x2a;" can be given which specifies that the domain of From: header address should be used.

Some DKIM errors will be sent to syslog (see ). Additional diagnostics are available by turning on MTA debugging, setting  to at least 3, and setting dkim-related   as desired.  New in MS 8.1, when a "&#x2a;" is specified an additional check is made to see if a  mapping exists. If it does it is consulted with a probe of the form: source-channel&#x7c;destination-channel&#x7c;from-address If $Y is specified the result of the mapping is used as the DKIM identity. If $N is specified DKIM signing is disabled.

For example, a mapping that would cause the foo.example.com subdomain to be signed with the bar.example.com identity, all other subdomains of example.com to be signed with the example.com identity, and example.com without a subdomain not to be signed would look like: DKIM_SIGN_DOMAINS &#x2a;&#x7c;&#x2a;&#x7c;&#x2a;@foo.example.com  bar.example.com$Y &#x2a;&#x7c;&#x2a;&#x7c;&#x2a;@&#x2a;.example.com    example.com$Y &#x2a;&#x7c;&#x2a;&#x7c;&#x2a;@example.com      $N The optional selector value given by the  options specify a space-separated list of selectors that may be used. The newest key associated with the identity will be used if no selector is specified.

Note that  mappings can also specifify DKIM identity and selector values. If multiple values for the same slot are specified the  mapping value will override any destination channel value, which in turn will override any source channel value.