Re: Relating to Domains.. from N. on 2011-09-24 (OpenDKIM Users mailing list)

From: N. <visionary_at_gmail.com>
Date: Sat, 24 Sep 2011 13:28:10 -0400

Please see my previous message below.

Also, relating to Amazon and this process, its quite simple.. saw this thread:

https://forums.aws.amazon.com/thread.jspa?messageID=279170

And basically it says follow Steve's blog post and also do this:

Open /etc/opendkim.conf and ad following lines:

OmitHeaders "."
SignHeaders "."

However, further in the thread someone says:

As for:

OmitHeaders "."
SignHeaders "."

I've found that the proper line to use is:

OmitHeaders "*,+Message-Id,+Date,+Bounces-To"

This ensures that Message-ID, Date, Bounces-To and Return-Path are not
DKIM encrytped (Return-Path is already defined as a standard
exception). Letting opendkim sign all other default headers is fine,
as per the DKIM specification.

However, still - no luck, and its weird the log is empty in terms of good info.

On Sat, Sep 24, 2011 at 1:22 PM, N. <visionary_at_gmail.com> wrote:
> I've set all logging options to "true" and also changed "refile" to
> "file" in the opendkim config file. I didn't see anything else in that
> thread you mentioned relating to postfix logs in particular, but
> perhaps I missed it.
>
> I've done some research and figured out that perhaps postfix isn't
> logging sent messages because I am using Amazon SES as a SMTP server.
> That explains why the outgoing mail is not in the log, perhaps. It
> doesn't explain why opendkim is not showing up in the logs.
>
> Here is my opendkim config file:
>
> ##
> ## opendkim.conf -- configuration file for OpenDKIM filter
> ##
> OmitHeaders *,+Message-Id,+Date,+Bounces-To
> AutoRestart Yes
> AutoRestartRate 10/1h
> Canonicalization relaxed/simple
> ExternalIgnoreList file:/etc/opendkim/TrustedHosts
> InternalHosts file:/etc/opendkim/TrustedHosts
> KeyTable file:/etc/opendkim/KeyTable
> LogWhy True
> Mode sv
> PidFile /var/run/opendkim/opendkim.pid
> SignatureAlgorithm rsa-sha256
> SigningTable refile:/etc/opendkim/SigningTable
> Socket inet:8891_at_localhost
> Syslog True
> SyslogSuccess True
> TemporaryDirectory /var/tmp
> UMask 022
> UserID opendkim:opendkim
>
> This was added to master.cf in postfix for Amazon:
>
> aws-email unix - n n - - pipe
> flags=R user=ftpguy argv=/opt/third-party/amazon/ses-send-email.pl
> -r -k /opt/third-party/amazon/aws-credentials -e
> https://email.us-east-1.amazonaws.com -f ${sender} ${recipient}
>
>
> Here is my main.cf:
>
>
> smtpd_milters           = inet:127.0.0.1:8891
> non_smtpd_milters       = $smtpd_milters
> milter_default_action   = accept
> milter_protocol = 2
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> mail_owner = postfix
> inet_interfaces = localhost
> mydestination = $myhostname, localhost.$mydomain, localhost
> unknown_local_recipient_reject_code = 550
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> debug_peer_level = 2
> debugger_command =
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail.postfix
> newaliases_path = /usr/bin/newaliases.postfix
> mailq_path = /usr/bin/mailq.postfix
> setgid_group = postdrop
> html_directory = no
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
>
>
>
> On Sat, Sep 24, 2011 at 12:28 PM, SM <sm_at_resistor.net> wrote:
>> At 08:53 24-09-2011, N. wrote:
>>>
>>> I followed the directions to the "T" on Steve's setup blog post.
>>> However, obviously I'm missing something. But, messages are being sent
>>> and received, and OpenDKIM is starting up. I did put the lines in
>>> Postfix's config file. Here is the log - you can see at the end
>>> nothing is there referencing the sent message:
>>>
>>> Sep 24 11:46:13 private opendkim[27791]: OpenDKIM Filter: mi_stop=1
>>> Sep 24 11:46:13 private opendkim[27791]: OpenDKIM Filter v2.4.2
>>> terminating with status 0, errno = 0
>>> Sep 24 11:46:14 private opendkim[31647]: OpenDKIM Filter v2.4.2
>>> starting (args: -x /etc/opendkim.conf -P
>>> /var/run/opendkim/opendkim.pid)
>>> Sep 24 11:46:17 private postfix/postfix-script: refreshing the Postfix
>>> mail system
>>> Sep 24 11:46:17 private postfix/master[26846]: reload configuration
>>> /etc/postfix
>>
>> There should be other log entries if the message is being passed through
>> opendkim. Even if the message is not being DKIM signed, LogWhy will show
>> opendkim evaluating the message to determine whether it should be DKIM
>> signed.
>>
>> Is the host a192-14.smtp-out.amazonses.com?
>>
>> BTW, the above log extract does not even show that the message is being sent
>> out. As the message was sent out, this points to incorrect logging or you
>> are reading the wrong log file. As a first step, I suggest that find out
>> how to get that information. See
>> http://lists.opendkim.org/archive/opendkim/users/2011/09/1363.html for an
>> example of the information that Postfix should normally log when a message
>> is sent out.
>>
>>> Here are the headers - you can see that DKIM is not referenced:
>>
>> Please don't obfuscate as it makes debugging difficult.
>>
>> Regards,
>> -sm
>>
>>
>>
>
Received on Sat Sep 24 2011 - 17:28:24 PST