Correct me if I'm wrong please. Once you've created a list of "trusted hosts" and one or more dkim keys in the keytable and domain table, there's no way to say that ONLY "trusted host" A can send email as A.COM and have it DKIM signed and trusted host B can ONLY send email as B.COM and have the mail DKIM signed. Either trusted host could send as either domain and the mailer is going to ask DKIM if they are trusted hosts and have dkim sign the mail if they are. or am I missing something?
From my attempts, it doesn't matter where the mail comes from as long as it's trusted, opendkim will sign it.
