OpenDKIM not signing outgoing mail
The problem was caused by two things:
Contrary to what the comments in
opendkim.conf
claim,mode = sv
is not the default. I had to set it explicitly.I made an error in my SigningTable:
*.domain1.com
should be*@domain1.com
.
After correcting these two points, it is now working correctly.
Related videos on Youtube
Compizfox
Updated on September 18, 2022Comments
-
Compizfox over 1 year
I'm trying to setup OpenDKIM on my mailserver running Debian and Postfix. This is the configuration I've done:
- Generated two keys (for two domains I need to send mail for)
- Configured KeyTable, SigningTable and TrustedHosts files:
KeyTable:
mail._domainkey.domain1.com domain1.com:mail:/etc/opendkim/keys/domain1.com/mail.private mail._domainkey.domain2.com domain2.com:mail:/etc/opendkim/keys/domain2.com/mail.private
SigningTable:
*.domain1.com mail._domainkey.domain1.com *.domain2.com mail._domainkey.domain2.com
TrustedHosts:
127.0.0.1 ::1 localhost
My
opendkim.conf
reads:# This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 002 LogWhy yes OversignHeaders From TrustAnchorFile /usr/share/dns/root.key KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable ExternalIgnoreList /etc/opendkim/TrustedHosts InternalHosts /etc/opendkim/TrustedHosts
Finally, I connected it to Postfix using the milter socket:
Postfix main.cf:
# Milters smtpd_milters = unix:/opendkim/opendkim.sock, unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock non_smtpd_milters = unix:/opendkim/opendkim.sock
In this current state, OpenDKIM does correctly verify signatures of incoming mail, but it doesn't sign outgoing mail for some reason. This is logged in
mail.log
when trying to send a message:Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: %clienthostname% %clientip% not internal Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: not authenticated Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: no signature data
I believe the
not authenticated
part is incorrect, because the mail is submitted from a client to Postfix using authenticated SMTP. -
Vijay Muddu about 7 yearsPlease can you send steps you followed to setup opendkim on server, i am facing same problem emails are not signed by dkim , tried many things but failing