Well, I think I answered my own issue. For some reason I don't understand,
the localhost IP (127.0.0.1/8) must appear LAST in the trusted-hosts list.
If it appears before any of the other trusted hosts, those other hosts
aren't considered "internal." Can someone confirm this is a feature and not
a bug? I couldn't find anything on Google that explains why this works this
way, but I'm glad I figured it out and mail from my trusted host is now
being signed. J
SteveJ
From: opendkim-users-bounce_at_lists.opendkim.org
[mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
Sent: Tuesday, October 05, 2010 5:11 PM
To: opendkim-users_at_lists.opendkim.org
Subject: InternalHosts Issue
I've googled for the answer, and searched through the archives, but can't
seem to see what I'm doing wrong. It's GOTTA be something simple that I'm
overlooking. J
I have two servers: Zork and Yar. Both are running Postfix and Zork is
running OpenDKIM (2.2.0 released on 10/3/10).
Zork sends signed mail no problem and says:
"Oct 5 16:32:58 zork opendkim[23594]: 0116C15F513: DKIM-Signature header
added"
Yar is set up to relay mail through Zork. I've added Yar's hostname (and IP
for good measure) to the InternalHosts file on Zork, but I still get this
error in Zork's maillog:
Oct 5 17:02:20 zork opendkim[437]: (unknown-jobid): yar.gamerid.com
[216.168.47.162] not internal
Oct 5 17:02:20 zork opendkim[437]: (unknown-jobid): not authenticated
Oct 5 17:02:20 zork opendkim[437]: 7DE9915F513: no signature data
Here's my /etc/opendkim.conf:
##
## opendkim.conf -- configuration file for OpenDKIM filter
##
## $Id: opendkim.conf.sample,v 1.5 2010/03/05 03:32:12 mmarkley Exp $
##
ADSPAction Continue
ADSPNoSuchDomain Yes
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/relaxed
ExternalIgnoreList refile:/etc/mail/dkim/trusted-hosts
InternalHosts refile:/etc/mail/dkim/trusted-hosts
KeyTable refile:/etc/mail/dkim/keyTable
LogWhy Yes
On-Default accept
On-BadSignature accept
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security tempfail
PidFile /var/run/opendkim/dkim-milter.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/mail/dkim/signingTable
Socket inet:20209_at_localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim-milt:opendkim-milt
X-Header Yes
Here's my /etc/mail/dkim/trusted-hosts file:
127.0.0.1
216.168.47.162
yar.gamerid.com
I've been pulling my hair out. I'm not sure what else OpenDKIM needs to
accept Yar as "internal." Can anyone shove me in the right direction?
Thanks in advance,
Steve
Received on Wed Oct 06 2010 - 04:24:16 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:19:49 PST