OpenDKIM isn't signing nor throwing any errors in log

From: Antony <sunnydelight_at_umich.edu>
Date: Fri, 09 Mar 2012 19:27:36 -0600

Hi all,

I am in the process of setting up DKIM on the Amazon EC2 cloud, but am
currently to get OpenDKIM to sign outgoing mails at all.
First of all, before I get to OpenDKIM, I can verify that I was able to
send email via Postfix 2.7 (running in Satellite mode), which is relayed
by Amazon SES. I verified with the following test
su - info
echo test | mail -s "test email sent abc" sunnydelight_at_umich.edu

For OpenDKIM, I followed through this wonderful tutorial _at_
http://stevejenkins.com/blog/2010/09/how-to-get-dkim-domainkeys-identified-mail-working-on-centos-5-5-and-postfix-using-opendkim/
However, in the log, I would see something like the following
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32168]: OpenDKIM Filter: mi_stop=1
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32168]: OpenDKIM Filter v2.0.2
terminating with status 0, errno = 0
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32270]: OpenDKIM Filter v2.0.2
starting (args: -x /etc/opendkim.conf -u opendkim -P
/var/run/opendkim/opendkim.pid)
Mar 9 23:36:11 ip-10-64-6-122 postfix/pickup[32184]: E5377982ED:
uid=1002 from=<info>
Mar 9 23:36:11 ip-10-64-6-122 postfix/cleanup[32246]: E5377982ED:
message-id=<20120309233611.E5377982ED_at_coudora.com>
Mar 9 23:36:11 ip-10-64-6-122 postfix/qmgr[32185]: E5377982ED:
from=<info_at_coudora.com>, size=332, nrcpt=1 (queue active)
Mar 9 23:36:12 ip-10-64-6-122 postfix/pipe[32248]: E5377982ED:
to=<sunnydelight_at_umich.edu>, relay=aws-email, delay=0.51,
delays=0.03/0/0/0.48, dsn=2.0.0, status=sent (delivered via aws-email
service)
Mar 9 23:36:12 ip-10-64-6-122 postfix/qmgr[32185]: E5377982ED: removed

And that's it. The only reference I see is that OpenDKIM started and
listens on port 8891, but there is no sign of OpenDKIM ever picking up a
message and doing anything with it before handing it over to aws-email
for delivery.

In the /etc/opendkim.conf, I have the following settings
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha1
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891_at_localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim
#OmitHeaders Message-Id,Date,Bounces-To,Return-Path
OmitHeaders "."
SignHeaders "."

Note that I have enabled LogWhy to Yes, but that doesn't seem to produce
more log inside /var/log/mail.log

Inside the /etc/opendkim, here are the permission. Certain that
opendkim:opendkim has access to the directory and its subdirs
sudo chown -R opendkim:opendkim /etc/opendkim
ls -la
drwxr-xr-x 3 opendkim opendkim 4096 2012-03-09 23:34 .
drwxr-xr-x 89 root root 4096 2012-03-10 01:04 ..
drwx------ 3 opendkim opendkim 4096 2012-03-09 22:26 keys
-rw-r--r-- 1 opendkim opendkim 81 2012-03-09 22:17 KeyTable
-rw-r--r-- 1 opendkim opendkim 42 2012-03-09 22:19 SigningTable
-rw-r--r-- 1 opendkim opendkim 97 2012-03-09 23:34 TrustedHosts

sudo cat ./SigningTable
*_at_coudora.com main._domainkey.coudora.com

sudo cat ./KeyTable
main._domainkey.coudora.com
coudora.com:main:/etc/opendkim/keys/coudora.com/main

sudo cat ./TrustedHosts
127.0.0.1
e.coudora.com
coudora.com
localhost.ec2.internal
localhost

sudo cat ./keys/coudora.com/main
{This will output the private key, intentionally not included in this email}

sudo cat ./keys/coudora.com/main.txt
main._domainkey IN TXT "v=DKIM1; g=*; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCstUE28mTQ7FC67wkMmktZGl/hQbAKgIyJAQrEG5yhkR2Qu6psY3wLROPAh1IniUXod1on0cRF+RUaQyL1Esu5B9RpA5sm0DgWEHTtmZy/QCpEiCq4QF/qwIi5UWPJ27jHMkYOK6r+Q28p3dDAZ68tda+YYLBPHxiAJdNLyc5KEQIDAQAB"
; ----- DKIM main for coudora.com

nslookup -type=txt main._domainkey.coudora.com
{returns the following}
main._domainkey.coudora.com text = "k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCstUE28mTQ7FC67wkMmktZGl/hQbAKgIyJAQrEG5yhkR2Qu6psY3wLROPAh1IniUXod1on0cRF+RUaQyL1Esu5B9RpA5sm0DgWEHTtmZy/QCpEiCq4QF/qwIi5UWPJ27jHMkYOK6r+Q28p3dDAZ68tda+YYLBPHxiAJdNLyc5KEQIDAQAB"

Lastly, for /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = coudora.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = e.coudora.com, coudora.com, localhost.ec2.internal,
localhost
relayhost = email-smtp.us-east-1.amazonaws.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
#inet_interfaces = loopback-only
inet_protocols = all
default_transport = aws-email
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Well, I have been checking , double checking, and banging my head with
the configs, and can't seem to figure out what went wrong. If there are
any other parameters I can try in opendkim.conf to produce more logs,
please let me know. I just simply don't know why OpenDKIM isn't signing
the outgoing mails.

Thanks a bunch in advance!
Antony
Received on Sat Mar 10 2012 - 01:27:44 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:38 PST