The key is dns.
dig default._domainkey.brainbuz.org txt
;; ANSWER SECTION:
default._domainkey.brainbuz.org. 14400 IN TXT "v=DKIM1\; g=*\; k=rsa\;
p=MIGfM ....
The IP address is defined in my hosts file, as is the helo name of all the
systems that will be connecting from it.
I am not using smtp auth.
The bounce was a mistake, I was simultaneously testing some email addresses
that had recently been setup elsewhere, the bounce was from a cc to an alias
that still needed to be setup.
I just followed your suggestion of eliminating whitespace in the domain
list, and I seem to have emitted a signed message.
-----Original Message-----
From: tlyons_at_sitehelp.org [mailto:tlyons_at_sitehelp.org] On Behalf Of Todd
Lyons
Sent: Tuesday, December 21, 2010 12:16 AM
To: John Karr
Cc: opendkim-users_at_lists.opendkim.org
Subject: Re: Can't get opendkim to sign my outbound messages
On Mon, Dec 20, 2010 at 8:40 PM, John Karr <brainbuz_at_brainbuz.org> wrote:
> I'm not getting a mail.notice log, but here is a transaction from
mail.info
> for a test message I sent out. The "no signing domain match" is probably
> significant, because I do have that domain specified in the list after
> Domain in the configuration file.
>
>
> Dec 21 04:24:12 node postfix/smtpd[5874]: connect from
> pool-108-16-8-208.phlapa.fios.verizon.net[108.16.8.208]
> Dec 21 04:24:13 node postfix/smtpd[5874]: 43BDB92D3:
> client=pool-108-16-8-208.phlapa.fios.verizon.net[108.16.8.208]
Postfix didn't log that this was an SMTP Authenticated connection.
Are you using SMTP Auth? If yes, then the fact that it's
authenticated should be step 1 for opendkim to confirm. If not, then
you have to have the IP that you're connecting from as one of the
InternalHosts defined in your opendkim.conf.
> Dec 21 04:24:15 node postfix/cleanup[5878]: 43BDB92D3:
> message-id=<001201cba0c6$de754ff0$9b5fefd0$_at_org>
> Dec 21 04:24:15 node opendkim[4908]: 43BDB92D3 no signing domain match for
> `brainbuz.org'
> Dec 21 04:24:15 node opendkim[4908]: 43BDB92D3 no signing subdomain match
> for `brainbuz.org'
If you are positive that brainbuz.org is in your signing domain list,
then the above doesn't make sense. However, according to one of your
earlier posts, you are using the key selector "default". Well I don't
see any dkim info there:
[todd_at_todd-Latitude-D620 ~]$ dig +short default._domainkey.brainbuz.org
[todd_at_todd-Latitude-D620 ~]$
What is the contents of your /etc/mail/hosts file (which you have set
as your InternalHosts)?
> Dec 21 04:24:15 node opendkim[4908]: 43BDB92D3: no signature data
> Dec 21 04:24:15 node postfix/qmgr[2299]: 43BDB92D3:
> from=<brainbuz_at_brainbuz.org>, size=4138, nrcpt=4 (queue active)
> Dec 21 04:24:16 node postfix/smtp[5879]: 43BDB92D3:
> to=<donate_at_adamlang.com>, relay=adamlang.com[67.15.157.7]:25, delay=3.4,
> delays=2.8/0.01/0.25/0.34, dsn=5.0.0, status=bounced (host
> adamlang.com[67.15.157.7] said: 550 SITEGROUND: No Such mailbox here (in
> reply to RCPT TO command))
So you sent a test message to a mailbox that doesn't exist? Was that
intentional?
> Dec 21 04:24:16 node postfix/smtp[5879]: 43BDB92D3:
> to=<treasurer_at_adamlang.com>, relay=adamlang.com[67.15.157.7]:25,
delay=3.5,
> delays=2.8/0.01/0.25/0.39, dsn=5.0.0, status=bounced (host
> adamlang.com[67.15.157.7] said: 550 SITEGROUND: No Such mailbox here (in
> reply to RCPT TO command))
> Dec 21 04:24:17 node postfix/smtp[5880]: 43BDB92D3:
to=<brainbuz_at_gmail.com>,
> relay=gmail-smtp-in.l.google.com[74.125.91.27]:25, delay=5,
> delays=2.8/0.02/0.38/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1292905457
> o13si9042750qcu.147)
And the bounce to brainbuz_at_brainbuz.org is getting forwarded to your
gmail account. Keep that in mind, that could be related (but I don't
see any evidence that makes me think that _yet_).
> Dec 21 04:24:18 node postfix/smtpd[5874]: disconnect from
> pool-108-16-8-208.phlapa.fios.verizon.net[108.16.8.208]
>> Domain brainbuz.info, headtoheadvoting.org, galaxxychamber.com,
> brainbuz.org
>
> You might try removing the spaces after the commas. They are probably
> being included as part of the values and thus preventing matches.
Since the log message doesn't include spaces in the domain name part,
I don't think it's your problem, however, have you tried removing the
spaces? And can I assume that the above line is all on the same line
and not actually on two different lines (i.e. linewrapping by gmail)?
--
Regards... Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm. -- Marcus Aurealius
Received on Tue Dec 21 2010 - 06:21:18 PST