Hi.
I switched from dkim-militer to opendkim because it's more updated and
more developed but I need a clarification about keytable and
signingtable that replacing previous KeyList mechanism
My scenario: many users for many domains. Each domains have one key and
each user use it for signing.
Reading the man page I found an example on how to create keytable
preskey example.com:foo:/usr/local/etc/dkim/keys/president
...
but I don't understand very well what's "preskey" stay for.
Is it an alias? Is it the selector name?
Assuming "preskey" it's an alias, I create my keytable in this way:
fab mailsicura.org:mail:/var/db/dkim/mailsicura.org/mail
"fab" it's the alias
"mailsicura.org" it's the domain
"mail" it's the selector
"/var/db/dkim/mailsicura.org/mail" it's the key path
and my signingtable look like:
*_at_mailsicura.org fab
but unfortunately I can't send the e-mail, and my /var/log/mail.log
says:
opendkim[18308]: 8D2F0221AC error loading key `fab'
My /etc/opendkim.conf looks like:
Syslog yes
LogWhy yes
UMask 002
KeyTable refile:/etc/opendkim/keytable
SigningTable refile:/etc/opendkim/signingtable
On-Default accept
On-BadSignature accept
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security tempfail
and the permission of the key file seems to be ok
-rw------- 1 opendkim opendkim 887 dic
100:08 /var/db/dkim/mailsicura.org/mail
I have generated the key according the man page:
opendkim-genkey -s mail -d mailsicura.org
and
opendkim-testkey -d mailsicura.org -s mail
-k /var/db/dkim/mailsicura.org/mail
return nothing, so I suppose my key it's ok.
What I have missed?
Once again, thanks!
Received on Wed Dec 01 2010 - 09:40:36 PST