Provided by: dkim-rotate_0.4_all bug


       dkim-rotate - rotate and revoke and invalidate DKIM keys


       dkim-rotate [options] --new [instance ...]
       dkim-rotate [options] --major [instance..]
       dkim-rotate [options] --minor [instance ...]
       dkim-rotate [options] --status [instance ...]
       dkim-rotate [options] --reinstall [instance ...]


       dkim-rotate  is  a  tool  for  managing DKIM (email antispam) keys in a manner that avoids
       unnecessarily making emails nonrepudiable.

       For each instance, dkim-rotate maintains several keys concurrently, using “selectors” in a
       circular rotation.

       See  dkim-rotate(7)  for the Principles of Operation, and details of how to configure your
       MTA, DNS, and WWW server.

       If no instance is provided,  dkim-rotate  will  operate  on  all  instances  matching  [a-
       z][-_0-9a-z]* for which the configuration file /etc/dkim-rotate/ exists.

       See dkim-rotate(5) for details about the instance configuration file.

       If  an  instance  is  provided  and  contains  a  slash, it will be treated as a pathname;
       otherwise it will be taken as a reference to the configuration file in /etc.

       dkim-rotate should normally be run out of cron.  It will produce progress  information  on
       stdout.  It will produce stderr output if and only if something is wrong.


              Make  progress.   Create  new keys, advance to using different keys, and reveal old
              keys, as necessary.

              Make progress, but do not advance to using a new key.  If you wish your keys to  be
              rotated  at  particular  times  of  the day or week, you should run with --major at
              those times, and --minor otherwise.

              For example, the suggested/default configuration runs with --major  at  0400  local
              time.   The  effect  is  that  emails  sent  on  a  particular  day all cease to be
              repudiable at the same time.

       --new  Make progress, and, additionally, allow the creation of a  new  instance.   Without
              --new, it is an error if there is a config file, but no recorded state.

              Do  not  make  any progress, but force recreation, reinstallation and reload of MTA
              and DNS output files.

              Produce a status report of all the relevant keys.  Do not make any changes.


              Look for instance configuration files in etc-dir rather than /etc/dkim-rotate.

              Look for instance state directories in var-dir rather than /var/lib/dkim-rotate.


       Copyright 2022 Ian Jackson and contributors to dkim-rotate.
       There is NO WARRANTY.
       SPDX-License-Identifier: GPL-3.0-or-later


              Configuration file

              Principles of Operation

              DKIM Signatures