Opendkim not signing messages from Justin Spratt on 2013-04-08 (OpenDKIM Users mailing list)

From: Justin Spratt <justin_at_edatasource.com>
Date: Mon, 8 Apr 2013 22:42:23 +0000

Hello.

I am running OpenDKIM 2.7.4 on CentOS 6.3 with Postfix 2.6.6. To date, I
have not been able to send a signed message.

# yum info opendkim
Installed Packages
Name : opendkim
Arch : x86_64
Version : 2.7.4
Release : 1.el6
Size : 518 k
Repo : installed
From repo : epel

# yum info postfix
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 2.2.el6_1
Size : 9.7 M
Repo : installed
From repo : anaconda-CentOS-201207061011.x86_64

# uname -a
Linux medium01.ny3 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20
UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Procedure:

1. I setup Postfix and send a message using mailx to a gmail address. This
worked. This instance will only be used for sending mail (it will not
receive mail).

2. I installed opendkim and configured it to work with postfix, roughly
following
http://stevejenkins.com/blog/2010/09/how-to-get-dkim-domainkeys-identified-mail-working-on-centos-5-5-and-postfix-using-opendkim/(but
for CentOS 6)

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 10.0.0.0/8, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/mail-queue
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:127.0.0.1:8891
unknown_local_recipient_reject_code = 550

# cat /etc/postfix/master.cf
127.0.0.1:25 inet n - n - - smtpd
    -o receive_override_options=no_address_mappings

10.24.5.120:25 inet n - n - 256 smtpd
    -o receive_override_options=no_address_mappings

#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - 1536 smtp
    -o smtp_helo_name=mxout-test.boxbe.com
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
    -o fallback_relay=
    #~ -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

# cat /etc/opendkim.conf | egrep -v "(^#.*|^$)"
PidFile /var/run/opendkim/opendkim.pid
AutoRestart yes
AutoRestartRate 5/1h
Mode v
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891_at_localhost
Umask 002
Canonicalization relaxed/simple
Selector default
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/boxbe.com_s1.key.pem
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

# cat /etc/opendkim/SigningTable
*_at_boxbe.com s1._domainkey.boxbe.com

# cat /etc/opendkim/KeyTable
s1._domainkey.boxbe.com boxbe.com:s1:/etc/opendkim/keys/boxbe.com_s1.key.pem

# cat /etc/opendkim/TrustedHosts
127.0.0.1
10.0.0.0/8

3. At first, I was receiving some errors such as, "Starting OpenDKIM
Milter: opendkim: /etc/opendkim.conf: use of SigningTable requires
KeyTable" and "opendkim[10658]: s1._domainkey.boxbe.com: key data is not
secure". I fixed these things and now I receive nothing. My messages
send, no errors are displayed, and I get this kind of a log when sending
with mailx:

# Here I get a "why" message about why an email was not signed (before I
fixed the SigningTable refile:/etc/opendkim/SigningTable)

Apr 8 21:36:13 medium01 postfix/master[10596]: daemon started -- version
2.6.6, configuration /etc/postfix
Apr 8 21:36:18 medium01 postfix/pickup[10598]: 25FEE404A2: uid=0
from=<root>
Apr 8 21:36:18 medium01 postfix/cleanup[10603]: 25FEE404A2:
message-id=<20130408213618.25FEE404A2_at_medium01.ny3>
Apr 8 21:36:18 medium01 opendkim[10502]: 25FEE404A2: no signing table
match for 'root_at_medium01.ny3'
Apr 8 21:36:18 medium01 opendkim[10502]: 25FEE404A2: no signature data
Apr 8 21:36:18 medium01 postfix/qmgr[10599]: 25FEE404A2:
from=<root_at_medium01.ny3>, size=4996, nrcpt=1 (queue active)
Apr 8 21:36:18 medium01 postfix/smtp[10606]: 25FEE404A2: to=<
justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.26]:25,
delay=0.54, delays=0.04/0.01/0.14/0.35, dsn=2.0.0, status=sent (250 2.0.0
OK 1365456978 l8si19624215vdw.33 - gsmtp)
Apr 8 21:36:18 medium01 postfix/qmgr[10599]: 25FEE404A2: removed

# Here (after fixing conf errors) I restart OpenDKIM:

Apr 8 22:10:00 medium01 opendkim[11039]: OpenDKIM Filter: mi_stop=1
Apr 8 22:10:00 medium01 opendkim[11039]: OpenDKIM Filter v2.7.4
terminating with status 0, errno = 0
Apr 8 22:10:00 medium01 opendkim[11094]: OpenDKIM Filter v2.7.4 starting
(args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)

# Then send a message with mailx:

Apr 8 22:10:03 medium01 postfix/pickup[11066]: 1F50A404A1: uid=0 from=<
someone_at_boxbe.com>
Apr 8 22:10:03 medium01 postfix/cleanup[11071]: 1F50A404A1: message-id=<
5163403b.ZkS7iBXi5wft78Ma%someone_at_boxbe.com>
Apr 8 22:10:03 medium01 postfix/qmgr[11067]: 1F50A404A1: from=<
someone_at_boxbe.com>, size=4994, nrcpt=1 (queue active)
Apr 8 22:10:03 medium01 postfix/smtp[11074]: 1F50A404A1: to=<
justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.27]:25,
delay=0.4, delays=0.02/0/0.07/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK
1365459003 cs9si2787542vdc.12 - gsmtp)
Apr 8 22:10:03 medium01 postfix/qmgr[11067]: 1F50A404A1: removed
Apr 8 22:10:10 medium01 postfix/pickup[11066]: E0FF1404A1: uid=0 from=<
someone_at_boxbe.com>
Apr 8 22:10:10 medium01 postfix/cleanup[11071]: E0FF1404A1: message-id=<
51634042.EvwmEAg5o+ONUpQY%someone_at_boxbe.com>
Apr 8 22:10:10 medium01 postfix/qmgr[11067]: E0FF1404A1: from=<
someone_at_boxbe.com>, size=4994, nrcpt=1 (queue active)
Apr 8 22:10:11 medium01 postfix/smtp[11074]: E0FF1404A1: to=<
justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.27]:25,
delay=0.4, delays=0.02/0/0.07/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK
1365459011 wz3si19679596vdc.130 - gsmtp)
Apr 8 22:10:11 medium01 postfix/qmgr[11067]: E0FF1404A1: removed

4. I added "Domain boxbe.com" and fiddled with the conf file a bit.
Nothing changes. The mail gets to my inbox, but it has no DKIM signature
on it. Even though I have set "LogWhy yes" I get nothing useful.

5. I found
http://lists.opendkim.org/archive/opendkim/users/2011/09/1347.html and read
through it. The problem was solved, but no solution was found. My issue
sounds similar. Thought I'd email the list.

Thank you very much, List!
Received on Mon Apr 08 2013 - 22:42:23 PST

This archive was generated by hypermail 2.3.0 : Mon Apr 08 2013 - 22:45:02 PST