Thank you for your reply, I did get it working. So what I decided to do was just build another VM side by side, same everything. During my first install the iRedMail installer could not download from SOGo from the repository. APT was trying to install a version that was not there. I went to the url and installed the deb packages manually and ran the script which seemed to work fine. However, the DKIM signing wasn't working. Given all the variables, I thought....might as well go with a fresh VM.
So what I did. After I used your method to update Amavis, I created one domain / email address. I sent a test email to gmail, DKIM passed. Okay that was good. So I created one more domain / email.
I opened up /etc/amavis/conf.d/50-users and edited the file. I applied the concept of "Use one DKIM key for all mail domains" and restarted amavis. I created the TXT record for the new domain and verified with dig that everything was good and sent a test email to gmail.
Both emails from either domain showed "dkim=none" in the headers. So that narrowed it down further. It was perhaps a syntax issues. I then removed "the-new-domain" from /etc/amavis/conf.d/50-user and restarted amavis. Gmail was now showing dkim=pass from the initial email domain I created.
So what I ended up doing was creating a dkim key for each domain and editing the "50-user" conf file accordingly. Each domain sends from SOGo and Roundcube with a dkim=pass.
I am not sure why the one key for all domains did not work. I used the method outlined in documentation.
So this is my edited section of my 50-user conf:
# Add dkim_key here.
dkim_key('domain1.com', 'dkim', '/var/lib/dkim/domain1.com.pem');
dkim_key('domain2.com', 'dkim', '/var/lib/dkim/domain2.com.pem');
dkim_key('domain3.com', 'dkim', '/var/lib/dkim/domain3.com.pem');
@dkim_signature_options_bysender_maps = ({
# 'd' defaults to a domain of an author/sender address,
# 's' defaults to whatever selector is offered by a matching key
# Per-domain dkim key
'domain1.com' => {d => 'domain1.com', a => 'rsa-sha256', ttl => 30*24*3600 },
'domain2.com' => {d => 'domain2.com', a => 'rsa-sha256', ttl => 30*24*3600 },
'domain3.com' => {d => 'domain3.com', a => 'rsa-sha256', ttl => 30*24*3600 },
# catch-all (one dkim key for all domains)
});
I guess the next big test will be to see if "ORIGINATION" is working when I send some test emails from my android or my desktops webmail client... Fingers crossed!
PS. Slick fix on the Amavis update. I am adding that to my notes. I didn't even think of that.