Re: opendkim using remote Zimbra LDAP keystore

From: Ximo Mira <ximo_at_openmomo.com>
Date: Mon, 25 Feb 2013 03:23:10 +0100 (CET)

Hi Quanah, thanks for your reply.

Problem was setting opendkim.conf option UseTLS to 1. That config came from Zimbra 8.0.2 opendkim.conf file, but when trying to run opendkim in the MXHero server with that option I got that error message due to untrusted CA. I had to add ca.pem from Zimbra self-signed server to openldap database using certutil command

[root_at_mxhero ~]# certutil -A -n Zimbra -t "C,C,C" -i ca.pem -d /etc/openldap/certs

After that, TLS connection is ok and opendkim in MXHero box retrieves the keys from Zimbra 8.0.2 host and signs the emails.

Now I just want to know if there will be any issues connecting this opendkim i have compiled in MXHero server to the Zimbra 8.0.2 LDAP:

root_at_mxhero /]# opendkim -V
opendkim: OpenDKIM Filter v2.7.4
Compiled with OpenSSL 1.0.0-fips 29 Mar 2010
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
POLL
USE_LDAP
USE_XML2
_FFR_ADSP_LISTS
_FFR_ATPS
_FFR_DEFAULT_SENDER
_FFR_RATE_LIMIT
_FFR_REDIRECT
_FFR_REPLACE_RULES
_FFR_RESIGN
_FFR_SENDER_MACRO
_FFR_VBR
libopendkim 2.7.4: atps

Zimbra one:

[root_at_zimbra sbin]# ./opendkim -V
opendkim: OpenDKIM Filter v2.6.0
        Compiled with OpenSSL 1.0.1c 10 May 2012
        SMFI_VERSION 0x1000001
        libmilter version 1.0.1
        Supported signing algorithms:
                rsa-sha1
                rsa-sha256
        Supported canonicalization algorithms:
                relaxed
                simple
        Active code options:
                POLL
                USE_ARLIB
                USE_LDAP
                USE_MDB
                USE_XML2
                _FFR_ADSP_LISTS
                _FFR_ATPS
                _FFR_DEFAULT_SENDER
                _FFR_RATE_LIMIT
                _FFR_REDIRECT
                _FFR_REPLACE_RULES
                _FFR_RESIGN
                _FFR_SELECTOR_HEADER
                _FFR_SENDER_MACRO
                _FFR_VBR
        libopendkim 2.6.0: atps

As you can see, it is not exactly as Zimbra 8 opendkim, but it looks very simmilar. The features I didnt know how to add were USE_ARLIB, USE_MDB and _FFR_SELECTOR_HEADER and the OpenSSL versions are different. Another point is that I couldnt find the dev files for –-with-mdb. MDB is supposed to be part of current OpenLDAP and files should be into openldap-dev package, but the script wont find them in my environment.

Thanks again.

Joaquin Mira Ortega
Administrador

Openmomo Networks


No imprimas este email. Usa un servidor documental.

----- Mensaje original -----
De: "Quanah Gibson-Mount" <quanah_at_zimbra.com>
Para: "Ximo Mira" <ximo_at_openmomo.com>, opendkim-users_at_lists.opendkim.org
Enviados: Viernes, 22 de Febrero 2013 23:34:29
Asunto: Re: opendkim using remote Zimbra LDAP keystore

--On Friday, February 22, 2013 1:35 PM +0100 Ximo Mira <ximo_at_openmomo.com>
wrote:

>##
> [root_at_mxhero ~]# opendkim -x /etc/opendkim.conf
> : dkimf_db_open(): Connect
> errorap://my.zimbra.host:389/?DKIMSelector?sub?(DKIMIdentity=$d)

Sounds like it can't talk to port 389 of your zimbra host. You should
debug that first.

--Quanah

-- 
Quanah Gibson-Mount 
Sr. Member of Technical Staff 
Zimbra, Inc 
A Division of VMware, Inc. 
-------------------- 
Zimbra :: the leader in open source messaging and collaboration
Received on Mon Feb 25 2013 - 01:59:00 PST

This archive was generated by hypermail 2.3.0 : Mon Feb 25 2013 - 02:09:02 PST