keytable and signingtable

From: Fabrizio Regalli <fab_at_mailsicura.org>
Date: Wed, 01 Dec 2010 10:40:11 +0100

Hi.
I switched from dkim-militer to opendkim because it's more updated and
more developed but I need a clarification about keytable and
signingtable that replacing previous KeyList mechanism
My scenario: many users for many domains. Each domains have one key and
each user use it for signing.
Reading the man page I found an example on how to create keytable


preskey example.com:foo:/usr/local/etc/dkim/keys/president
...



but I don't understand very well what's "preskey" stay for.
Is it an alias? Is it the selector name?
Assuming "preskey" it's an alias, I create my keytable in this way:

fab mailsicura.org:mail:/var/db/dkim/mailsicura.org/mail

"fab" it's the alias
"mailsicura.org" it's the domain
"mail" it's the selector
"/var/db/dkim/mailsicura.org/mail" it's the key path

and my signingtable look like:

*_at_mailsicura.org fab

but unfortunately I can't send the e-mail, and my /var/log/mail.log
says:

 opendkim[18308]: 8D2F0221AC error loading key `fab'

My /etc/opendkim.conf looks like:


Syslog yes
LogWhy yes
UMask 002
KeyTable refile:/etc/opendkim/keytable
SigningTable refile:/etc/opendkim/signingtable
On-Default accept
On-BadSignature accept
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security tempfail

and the permission of the key file seems to be ok

-rw------- 1 opendkim opendkim 887 dic
100:08 /var/db/dkim/mailsicura.org/mail

I have generated the key according the man page:

opendkim-genkey -s mail -d mailsicura.org

and

opendkim-testkey -d mailsicura.org -s mail
-k /var/db/dkim/mailsicura.org/mail

return nothing, so I suppose my key it's ok.

What I have missed?

Once again, thanks!




Received on Wed Dec 01 2010 - 09:40:36 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:50 PST