Hi Quanah, thanks for your reply.
Problem was setting opendkim.conf option UseTLS to 1. That config came from Zimbra 8.0.2 opendkim.conf file, but when trying to run opendkim in the MXHero server with that option I got that error message due to untrusted CA. I had to add ca.pem from Zimbra self-signed server to openldap database using certutil command
[root_at_mxhero ~]# certutil -A -n Zimbra -t "C,C,C" -i ca.pem -d /etc/openldap/certs
After that, TLS connection is ok and opendkim in MXHero box retrieves the keys from Zimbra 8.0.2 host and signs the emails.
Now I just want to know if there will be any issues connecting this opendkim i have compiled in MXHero server to the Zimbra 8.0.2 LDAP:
root_at_mxhero /]# opendkim -V
opendkim: OpenDKIM Filter v2.7.4
Compiled with OpenSSL 1.0.0-fips 29 Mar 2010
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
POLL
USE_LDAP
USE_XML2
_FFR_ADSP_LISTS
_FFR_ATPS
_FFR_DEFAULT_SENDER
_FFR_RATE_LIMIT
_FFR_REDIRECT
_FFR_REPLACE_RULES
_FFR_RESIGN
_FFR_SENDER_MACRO
_FFR_VBR
libopendkim 2.7.4: atps
Zimbra one:
[root_at_zimbra sbin]# ./opendkim -V
opendkim: OpenDKIM Filter v2.6.0
Compiled with OpenSSL 1.0.1c 10 May 2012
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
POLL
USE_ARLIB
USE_LDAP
USE_MDB
USE_XML2
_FFR_ADSP_LISTS
_FFR_ATPS
_FFR_DEFAULT_SENDER
_FFR_RATE_LIMIT
_FFR_REDIRECT
_FFR_REPLACE_RULES
_FFR_RESIGN
_FFR_SELECTOR_HEADER
_FFR_SENDER_MACRO
_FFR_VBR
libopendkim 2.6.0: atps
As you can see, it is not exactly as Zimbra 8 opendkim, but it looks very simmilar. The features I didnt know how to add were USE_ARLIB, USE_MDB and _FFR_SELECTOR_HEADER and the OpenSSL versions are different. Another point is that I couldnt find the dev files for –-with-mdb. MDB is supposed to be part of current OpenLDAP and files should be into openldap-dev package, but the script wont find them in my environment.
Thanks again.
Joaquin Mira Ortega
Administrador
Openmomo Networks
No imprimas este email. Usa un servidor documental.
----- Mensaje original -----
De: "Quanah Gibson-Mount" <quanah_at_zimbra.com>
Para: "Ximo Mira" <ximo_at_openmomo.com>, opendkim-users_at_lists.opendkim.org
Enviados: Viernes, 22 de Febrero 2013 23:34:29
Asunto: Re: opendkim using remote Zimbra LDAP keystore
--On Friday, February 22, 2013 1:35 PM +0100 Ximo Mira <ximo_at_openmomo.com>
wrote:
>##
> [root_at_mxhero ~]# opendkim -x /etc/opendkim.conf
> : dkimf_db_open(): Connect
> errorap://my.zimbra.host:389/?DKIMSelector?sub?(DKIMIdentity=$d)
Sounds like it can't talk to port 389 of your zimbra host. You should
debug that first.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Mon Feb 25 2013 - 01:59:00 PST