# OpenDKIM - DKIM-Signature field added - Different SELECTOR



## s2r (Jul 1, 2022)

I've set up OpenDKIM for a virtual domain. I've created the key using the selector as default. I've got other virtual domains that use s=mail. After sending an email using the server as SMTP I see in the logs the following line:

`Jun 30 16:39:34 acme opendkim[3069]: 1AJ8C151533: DKIM-Signature field added (s=mail, d=myvirtualdomain.xyz)`

I thought that the selector added to the header was added based on the signing table. Where is it set?

Here are my OpenDKIM configuration files:
opendkim.keytable
`default._domainkey.myvirtualdomain.xyz myvirtualdomain.xyz:mail:/usr/local/etc/mail/keys/myvirtualdomain.xyz/default.private`

opendkim.signingtable
`*@myvirtualdomain.xyz default._domainkey.myvirtualdomain.xyz`

Here's a DNS query:

```
drill default._domainkey.myvirtualdomain.xyz TXT
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59336
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; default._domainkey.myvirtualdomain.xyz.    IN      TXT

;; ANSWER SECTION:
default._domainkey.myvirtualdomain.xyz.       86400   IN      TXT     "v=DKIM1; k=rsa; p=xxxxxxxxxxxxxxxxxxxxxxxxxxx"

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 131 msec
;; SERVER: 207.192.69.5
;; WHEN: Thu Jun 30 20:00:39 2022
;; MSG SIZE  rcvd: 483
```


----------



## vienuolis (Jul 1, 2022)

Sorry, I do not use KeyTable — AFAIK, it is suitable for many domains with complex configuration. Whereas in most cases it is sufficient simply to append an additional domain to the item named Domain in /usr/local/etc/mail/opendkim.conf:

`Domain mx.mydomain.xyz, another.mydomain.xyz, myvirtualdomain.xyz`

The same DNS TXT selector will confirm all letters sent by every domain you own and you are responsible for.


----------



## s2r (Jul 4, 2022)

vienuolis said:


> Sorry, I do not use KeyTable — AFAIK, it is suitable for many domains with complex configuration. Whereas in most cases it is sufficient simply to append an additional domain to the item named Domain in /usr/local/etc/mail/opendkim.conf:
> 
> `Domain mx.mydomain.xyz, another.mydomain.xyz, myvirtualdomain.xyz`
> 
> The same DNS TXT selector will confirm all letters sent by every domain you own and you are responsible for.


But how would you differentiate different keys for each domain?


----------



## vienuolis (Jul 6, 2022)

Yes, I had the same question, and did not find an explanation in docs, so I came up with it myself. Simply rename the same key for every domain appropriately: `default._domainkey.myvirtualdomain.xyz, default._domainkey.mx.mydomain.xyz, default._domainkey.another.mydomain.xyz`. Then upload them to your DN server.


----------



## s2r (Jul 6, 2022)

The key in your case is the same one for all the domains isn't it?


----------



## vienuolis (Jul 6, 2022)

Yes, in my case the same key for two domains: sala.online.lt (MX server) and on.lt (email domain, website, etc.).


----------



## vienuolis (Jul 8, 2022)

Still not sure? Click my links to Steve Atkins' DKIM validator — it will check DN TXT records and will show you my key and its attributes for both domains, besides of conclusion.


----------



## s2r (Jul 12, 2022)

I found the error. It was in opendkim.keytable the field before the path to the key. I copied the previous line.

default._domainkey.myvirtualdomain.xyz myvirtualdomain.xyz:*mail*:/usr/local/etc/mail/keys/myvirtualdomain.xyz/default.private


----------

