RE: OpenDKIM problems with Postfix

From: Justin T. Stear <jtstear_at_maurerstutzinc.com>
Date: Fri, 26 Oct 2012 09:03:31 -0500

Steve,
The opendkim.conf...
# Log additional entries indicating successful signing or verification
of messages.
SyslogSuccess yes

# If logging is enabled, include detailed logging about why or why not a
message was
# signed or verified. This causes an increase in the amount of log data
generated
# for each message, so set this to No (or comment it out) if it gets too
noisy.
LogWhy yes

# Attempt to become the specified user before starting operations.
UserID opendkim:opendkim

# Create a socket through which your MTA can communicate.
Socket inet:8891_at_localhost

# Required to use local socket with MTAs that access the socket as a
non-
# privileged user (e.g. Postfix)
Umask 002

# This specifies a text file in which to store DKIM transaction
statistics.
Statistics /var/spool/opendkim/stats.dat

## SIGNING OPTIONS

# Selects the canonicalization method(s) to be used when signing
messages.
Canonicalization relaxed/simple

# Domain(s) whose mail should be signed by this filter. Mail from other
domains will
# be verified rather than being signed. Uncomment and use your domain
name.
# This parameter is not required if a SigningTable is in use.
Domain mydomain.com

# Defines the name of the selector to be used when signing messages.
Selector default

# Gives the location of a private key to be used for signing ALL
messages.
#KeyFile /etc/opendkim/keys/default.private

# Gives the location of a file mapping key names to signing keys. In
simple terms,
# this tells OpenDKIM where to find your keys. If present, overrides any
KeyFile
# setting in the configuration file.
KeyTable refile:/etc/opendkim/KeyTable

# Defines a table used to select one or more signatures to apply to a
message based
# on the address found in the From: header field. In simple terms, this
tells
# OpenDKIM how to use your keys.
SigningTable refile:/etc/opendkim/SigningTable

# Identifies a set of "external" hosts that may send mail through the
server as one
# of the signing domains without credentials as such.
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

# Identifies a set internal hosts whose mail should be signed rather
than verified.
InternalHosts refile:/etc/opendkim/TrustedHosts

Justin Stear


-----Original Message-----
From: Steve Jenkins [mailto:stevejenkins_at_gmail.com]
Sent: Thursday, October 25, 2012 6:48 PM
To: Justin T. Stear
Cc: opendkim-users_at_lists.opendkim.org
Subject: Re: OpenDKIM problems with Postfix

On Thu, Oct 25, 2012 at 2:02 PM, Justin T. Stear
<jtstear_at_maurerstutzinc.com> wrote:
> Steve,
> It appears you have fixed a networking problem as well. Now I am
> getting,
> opendkim]# service opendkim start
> Generating default DKIM keys: [ OK ]
> Default DKIM keys for mycompany.com created in /etc/opendkim/keys.
> Starting OpenDKIM Milter: opendkim: smfi_opensocket() failed
> [FAILED]
> So, it looks like once smfi_opensocket error gets fixed I should be
good
> to go.
> Thank you for your help!

Cool - I figured that would fix the networking stuff, but the
smfi_opensocket() stuff... that's strange. You might get that if the
socket is already open, or if you're trying to use both TCP and Unix
sockets simultanerously.

That section of my main.cf looks like this:

#DKIM
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
#milter_protocol = 2
milter_default_action = accept

(I comment out the milter_protocol because I'm using a modern version
of Postfix)

Can you share your opendkim.conf file?

SJ

------------------------------------------------------------------------------
***Privacy Statement*** This message and/or attached documents may contain
privileged/confidential information and is intended for use by the intended
recipient only. If you are not the intended recipient indicated in this message
(or responsible for delivery of the message to such person), you may not
transmit, copy, disclose, store, or utilize this communication in any manner.
If you received this message in error, please notify the sender immediately
and permanently delete this message from your computer. If you or your employer
does not consent to internet e-mail messages of this kind, please notify the
sender immediately. The views, opinions, conclusions, and other information
expressed in this message are not given or endorsed by Maurer-Stutz, Inc. unless
it’s related to official business.
Received on Fri Oct 26 2012 - 14:03:45 PST