OpenDKIM not signing outgoing mail

13,458

The problem was caused by two things:

  1. Contrary to what the comments in opendkim.conf claim, mode = sv is not the default. I had to set it explicitly.

  2. I made an error in my SigningTable: *.domain1.com should be *@domain1.com.

After correcting these two points, it is now working correctly.

Share:
13,458

Related videos on Youtube

Compizfox
Author by

Compizfox

Updated on September 18, 2022

Comments

  • Compizfox
    Compizfox over 1 year

    I'm trying to setup OpenDKIM on my mailserver running Debian and Postfix. This is the configuration I've done:

    • Generated two keys (for two domains I need to send mail for)
    • Configured KeyTable, SigningTable and TrustedHosts files:

    KeyTable:

    mail._domainkey.domain1.com domain1.com:mail:/etc/opendkim/keys/domain1.com/mail.private
    mail._domainkey.domain2.com domain2.com:mail:/etc/opendkim/keys/domain2.com/mail.private
    

    SigningTable:

    *.domain1.com mail._domainkey.domain1.com
    *.domain2.com mail._domainkey.domain2.com
    

    TrustedHosts:

    127.0.0.1
    ::1
    localhost
    

    My opendkim.conf reads:

    # This is a basic configuration that can easily be adapted to suit a standard
    # installation. For more advanced options, see opendkim.conf(5) and/or
    # /usr/share/doc/opendkim/examples/opendkim.conf.sample.
    
    # Log to syslog
    Syslog          yes
    # Required to use local socket with MTAs that access the socket as a non-
    # privileged user (e.g. Postfix)
    UMask           002
    LogWhy          yes
    
    OversignHeaders     From
    
    TrustAnchorFile       /usr/share/dns/root.key
    
    KeyTable           /etc/opendkim/KeyTable
    SigningTable       refile:/etc/opendkim/SigningTable
    ExternalIgnoreList /etc/opendkim/TrustedHosts
    InternalHosts      /etc/opendkim/TrustedHosts
    

    Finally, I connected it to Postfix using the milter socket:

    Postfix main.cf:

    # Milters
    smtpd_milters =
        unix:/opendkim/opendkim.sock,
        unix:/clamav/clamav-milter.ctl,
        unix:/spamass/spamass.sock
    
    non_smtpd_milters = unix:/opendkim/opendkim.sock
    

    In this current state, OpenDKIM does correctly verify signatures of incoming mail, but it doesn't sign outgoing mail for some reason. This is logged in mail.log when trying to send a message:

    Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: %clienthostname% %clientip% not internal
    Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: not authenticated
    Nov  8 16:35:02 illium opendkim[30142]: 826DF501F39: no signature data
    

    I believe the not authenticated part is incorrect, because the mail is submitted from a client to Postfix using authenticated SMTP.

  • Vijay Muddu
    Vijay Muddu about 7 years
    Please can you send steps you followed to setup opendkim on server, i am facing same problem emails are not signed by dkim , tried many things but failing