[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Domain setting when using multiple egress MTAs
[Thread Prev] | [Thread Next]
- Subject: Re: Domain setting when using multiple egress MTAs
- From: "Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2018 22:57:29 +0200
Hi, Andreas, On 09-08-18 23:20, A. Schulze wrote:
Am 09.08.18 um 22:36 schrieb Rolf E. Sonneveld:Hi, all when using multiple MTA's with the same function (smarthost routing mail from internal network to the Internet), what is the recommended approach re. the value of 'Domain' in the openarc.conf? Use something like mta1.domain.tld, mta2.domain.tld, mta3.domain.tld etc.? Or use something like mta.domain.tld on all outbound MTA's (all using the same private key)? I think, at the end of the day, the former is the approach best matching the goal of ARC, or? Any thoughts?Hello Rolf, good question! I would say both versions are possible and not wrong. It depends on how similar you think, your MTA1...3 are. Would you like to express, all host are similar, use a shared signing key. Otherwise, one ARC signing key per mta don't hurt, add transparency and make automation easier.
Yes, that's in line with what I thought. The difference with the DKIM domain is, that DKIM is usually signed only once per domain at the edge of the ADMD, while in that same ADMD multiple MTA's (and ARC signers) can be active.
/rolf
| Domain setting when using multiple egress MTAs | "Rolf E. Sonneveld" <R.E.Sonneveld@xxxxxxxxxxxxx> |
| Re: Domain setting when using multiple egress MTAs | "A. Schulze" <sca@xxxxxxxxxxxxxxxxx> |