RE: OpenDKIM not doing anything on RHEL 6.1

From: Rory Jaffe <rjaffe_at_chpso.org>
Date: Tue, 20 Sep 2011 16:04:26 +0000

Victory! Thanks to all for your help. Adding a ".chpso.org" line to
SigningTable fixed the problem.

And to Steve's question, I built my own key immediately after installing the
program. Then, when I started opendkim for the first time, it went ahead and
also made a key. I was a bit flustered by that, but checking the configuration
files I had built, notice that the automatically created key wasn't addressed
in the config files, so it was still using my key. I suspect that this state
of affairs will confuse some people, and I wish there were some mechanism to
help with startup. For example, including a configuration script that can be
optionally run by someone immediately after installation, which would ask a
couple of questions, such as--are you relaying mail that should get signed,
what domains should be covered, should all or some subdomains also be covered,
yada yada yada--and then spit out the proper configuration files.

And a note about an earlier suggestion that it may not be signing mails to the
same domain, which might be expected behavior with my configuration--I tried
sending to the chpso.org domain, and it signed the email.

While I still have your attention, a question about email client behavior and
DKIM:

1. Should the public key be placed in both the www.chpso.org and the chpso.org
DNS records, or will a DKIM-aware client know to check chpso.org if there is
no entry at www.chpso.org?



-----Original Message-----
From: Murray S. Kucherawy [mailto:msk_at_blackops.org]
Sent: Monday, September 19, 2011 8:18 PM
To: Rory Jaffe
Cc: opendkim-users_at_lists.opendkim.org
Subject: RE: OpenDKIM not doing anything on RHEL 6.1

On Tue, 20 Sep 2011, Rory Jaffe wrote:
> Thanks--changing the entries to file: didn't do anything, but changing
> the logging gave the following information when I restarted it and
> tried sending again:
>
> [...]
>
> Sep 19 20:12:50 www opendkim[29591]: B56FB2A0B7A: no signing table
> match for 'root_at_www.chpso.org'

According to your first email, your signing table entry is:

chpso.org default._domainkey.chpso.org

The string "chpso.org" doesn't match "www.chpso.org". Try adding a second
line for "www.chpso.org" (an explicit match), or simply prepend a "." to the
one you have (which means "all subdomains of www.chpso.org"). If you also
want to sign for "chpso.org" itself, you'll want two lines:

chpso.org default._domainkey.chpso.org
.chpso.org default._domainkey.chpso.org

-MSK



Received on Tue Sep 20 2011 - 16:04:39 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:20 PST