diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
--- smeserver-qpsmtpd-2.4.0/createlinks	2016-05-03 00:41:30.658369153 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks	2016-05-03 00:40:53.498383785 +0200
@@ -2,6 +2,17 @@
 
 use esmith::Build::CreateLinks qw(:all);
 
+foreach $event (qw(
+                    email-update
+                    domain-modify
+                    domain-create
+                    domain-delete
+                    bootstrap-console-save
+                ))
+{
+    event_link("domains-update-dkim", $event, "30");
+}
+
 my $service = "/var/service/qpsmtpd";
 
 foreach $event (qw(
@@ -40,11 +51,15 @@
 			ssl-update
 		      ));
 
-templates2events("/etc/mail-dmarc.ini", qw(
+templates2events($_, qw(
                         bootstrap-console-save
                         console-save
                         email-update
-                      ));
+                      ))
+                        for (qw(
+                            /etc/mail-dmarc.ini
+                            /home/e-smith/dkim_keys/default/selector
+                        ));
 
 my $secure_service = "/var/service/sqpsmtpd";
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim	2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,40 @@
+#!/usr/bin/perl -w
+
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+use File::Find;
+
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configurtion database";
+
+my $qpsmtpd = $c->get('qpsmtpd');
+die "qpsmtpd service entry not found" unless ($qpsmtpd);
+
+my $dkim_sign = $qpsmtpd->prop('DKIMSigning') || 'disabled';
+
+find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
+
+# Build a list of domain for which we want to sign emails
+my @dkim_domains = ();
+
+if ($dkim_sign =~ m/^enabled|yes|1|on$/){
+  foreach my $dom ($d->domains){
+    next if ($dom->prop('DKIMSigning') || 'enabled') eq 'disabled';
+    next if ($dom->prop('MailServer'));
+    push @dkim_domains, $dom->key;
+  }
+}
+
+
+sub wanted{
+  my $domain = $d->get($_);
+  if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
+    unlink $_;
+  }
+}
+
+foreach my $dom (@dkim_domains){
+  next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
+  my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
+  symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin	2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1 @@
+{ $qpsmtpd{'DKIMSelector'} || 'default' }
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
--- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns	2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,54 @@
+#!/usr/bin/perl -w
+
+use esmith::ConfigDB;
+use esmith::DomainsDB;
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configuration database";
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $domain = shift || $c->get('DomainName')->value;
+
+die "Domain $domain doesn't exist"
+  unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
+
+warn "DKIM Signing is disabled for domain $domain"
+  if (($d->get($domain)->prop('DKIMSigning') || 'enabled') eq 'disabled');
+
+die "Can't find DKIM keys for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
+
+die "Can't find the selector for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
+
+print <<'_EOF';
+
+Here are sample DNS entries you should add in your public DNS
+The DKIM entry can be copied as is, but others will probably need to be adjusted
+to your need. For example, you should either change the reporting email adress
+for DMARC (or create the needed pseudonym)
+
+_EOF
+
+my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
+open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
+while(<PUBKEY>){
+  next if /^\-/;
+  chomp;
+  $key_string .= $_;
+}
+close PUBKEY;
+open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
+my $selector = <SEL>;
+chomp $selector
+close SEL;
+
+my @key_chunks = ( $key_string =~ /.{1,255}/g );
+my $txt = '';
+$txt .= '"' . $_ . '"' foreach (@key_chunks);
+
+print <<"_EOF";
+
+$selector._domainkey IN TXT $txt
+\@ IN SPF "v=spf1 mx a -all"
+\@ IN TXT "v=spf1 mx a -all"
+_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
+
+_EOF
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
--- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run	2016-05-03 00:41:30.627369165 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run	2016-05-03 00:41:21.828372608 +0200
@@ -34,6 +34,15 @@
 [ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
     RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
 
+# Create a default dkim key pair
+[ -e /home/e-smith/dkim_keys/default/private ] || (\
+    RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
+    /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
+        -out /home/e-smith/dkim_keys/default/public -pubout
+    chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
+    chmod 400 /home/e-smith/dkim_keys/default/private
+)
+
 exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
   /usr/bin/qpsmtpd-forkserver \
 	-u qpsmtpd \