OpenDKIM not signing outgoing mail

debian postfix email-server dkim opendkim
13,458

The problem was caused by two things:

  1. Contrary to what the comments in opendkim.conf claim, mode = sv is not the default. I had to set it explicitly.

  2. I made an error in my SigningTable: *.domain1.com should be *@domain1.com.

After correcting these two points, it is now working correctly.

Share:
13,458

Related videos on Youtube

Compizfox
Author by

Compizfox

Updated on September 18, 2022

Comments

  • Compizfox
    Compizfox almost 2 years

    I'm trying to setup OpenDKIM on my mailserver running Debian and Postfix. This is the configuration I've done:

    • Generated two keys (for two domains I need to send mail for)
    • Configured KeyTable, SigningTable and TrustedHosts files:

    KeyTable:

    mail._domainkey.domain1.com domain1.com:mail:/etc/opendkim/keys/domain1.com/mail.private
mail._domainkey.domain2.com domain2.com:mail:/etc/opendkim/keys/domain2.com/mail.private

    SigningTable:

    *.domain1.com mail._domainkey.domain1.com
*.domain2.com mail._domainkey.domain2.com

    TrustedHosts:

    127.0.0.1
::1
localhost

    My opendkim.conf reads:

    # This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog          yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask           002
LogWhy          yes

OversignHeaders     From

TrustAnchorFile       /usr/share/dns/root.key

KeyTable           /etc/opendkim/KeyTable
SigningTable       refile:/etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts      /etc/opendkim/TrustedHosts

    Finally, I connected it to Postfix using the milter socket:

    Postfix main.cf:

    # Milters
smtpd_milters =
    unix:/opendkim/opendkim.sock,
    unix:/clamav/clamav-milter.ctl,
    unix:/spamass/spamass.sock

non_smtpd_milters = unix:/opendkim/opendkim.sock

    In this current state, OpenDKIM does correctly verify signatures of incoming mail, but it doesn't sign outgoing mail for some reason. This is logged in mail.log when trying to send a message:

    Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: %clienthostname% %clientip% not internal
Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: not authenticated
Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: no signature data

    I believe the not authenticated part is incorrect, because the mail is submitted from a client to Postfix using authenticated SMTP.

  • Vijay Muddu
    Vijay Muddu about 7 years
    Please can you send steps you followed to setup opendkim on server, i am facing same problem emails are not signed by dkim , tried many things but failing

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

DKIM header exists but signature is not valid
How can I test the DKIM configuration of my server (Postfix + OpenDKIM)?
opendkim public key not available
opendkim no signing table match for no signature data
DKIM- Filter No Signature Data
How to correctly configure postfix and opendkim and let receiving server know all details mailed-by signed-by?
Postfix auto create Maildir
How to fix mail server SSL?
Valid DKIM but "body hash did not verify" error on Outlook / Hotmail / Live?
Postfix sends to FQDN Hostname instead of Domain Name