Ha. Fair enough. I think I used some config suggestion from someone who
posted about Centos6 for that section... without a really clear reason.
Your guide was enormously helpful. Thank you for your service.
On Apr 8, 2013 6:42 PM, "Justin Spratt" <justin_at_edatasource.com> wrote:
> Hello.
>
> I am running OpenDKIM 2.7.4 on CentOS 6.3 with Postfix 2.6.6. To date, I
> have not been able to send a signed message.
>
> # yum info opendkim
> Installed Packages
> Name : opendkim
> Arch : x86_64
> Version : 2.7.4
> Release : 1.el6
> Size : 518 k
> Repo : installed
> From repo : epel
>
> # yum info postfix
> Installed Packages
> Name : postfix
> Arch : x86_64
> Epoch : 2
> Version : 2.6.6
> Release : 2.2.el6_1
> Size : 9.7 M
> Repo : installed
> From repo : anaconda-CentOS-201207061011.x86_64
>
> # uname -a
> Linux medium01.ny3 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20
> UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
>
>
> Procedure:
>
> 1. I setup Postfix and send a message using mailx to a gmail address.
> This worked. This instance will only be used for sending mail (it will not
> receive mail).
>
> 2. I installed opendkim and configured it to work with postfix, roughly
> following
> http://stevejenkins.com/blog/2010/09/how-to-get-dkim-domainkeys-identified-mail-working-on-centos-5-5-and-postfix-using-opendkim/(but for CentOS 6)
>
> # postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> inet_interfaces = localhost
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> milter_default_action = accept
> milter_protocol = 2
> mydestination = $myhostname, localhost.$mydomain, localhost
> mynetworks = 10.0.0.0/8, 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases.postfix
> non_smtpd_milters = $smtpd_milters
> queue_directory = /var/mail-queue
> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
> sample_directory = /usr/share/doc/postfix-2.6.6/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_milters = inet:127.0.0.1:8891
> unknown_local_recipient_reject_code = 550
>
> # cat /etc/postfix/master.cf
> 127.0.0.1:25 inet n - n - - smtpd
> -o receive_override_options=no_address_mappings
>
> 10.24.5.120:25 inet n - n - 256 smtpd
> -o receive_override_options=no_address_mappings
>
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - 1536 smtp
> -o smtp_helo_name=mxout-test.boxbe.com
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> #~ -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
>
>
> # cat /etc/opendkim.conf | egrep -v "(^#.*|^$)"
> PidFile /var/run/opendkim/opendkim.pid
> AutoRestart yes
> AutoRestartRate 5/1h
> Mode v
> Syslog yes
> SyslogSuccess yes
> LogWhy yes
> UserID opendkim:opendkim
> Socket inet:8891_at_localhost
> Umask 002
> Canonicalization relaxed/simple
> Selector default
> MinimumKeyBits 1024
> KeyFile /etc/opendkim/keys/boxbe.com_s1.key.pem
> KeyTable /etc/opendkim/KeyTable
> SigningTable refile:/etc/opendkim/SigningTable
>
> # cat /etc/opendkim/SigningTable
> *_at_boxbe.com s1._domainkey.boxbe.com
>
> # cat /etc/opendkim/KeyTable
> s1._domainkey.boxbe.com boxbe.com:
> s1:/etc/opendkim/keys/boxbe.com_s1.key.pem
>
> # cat /etc/opendkim/TrustedHosts
> 127.0.0.1
> 10.0.0.0/8
>
> 3. At first, I was receiving some errors such as, "Starting OpenDKIM
> Milter: opendkim: /etc/opendkim.conf: use of SigningTable requires
> KeyTable" and "opendkim[10658]: s1._domainkey.boxbe.com: key data is not
> secure". I fixed these things and now I receive nothing. My messages
> send, no errors are displayed, and I get this kind of a log when sending
> with mailx:
>
> # Here I get a "why" message about why an email was not signed (before I
> fixed the SigningTable refile:/etc/opendkim/SigningTable)
>
> Apr 8 21:36:13 medium01 postfix/master[10596]: daemon started -- version
> 2.6.6, configuration /etc/postfix
> Apr 8 21:36:18 medium01 postfix/pickup[10598]: 25FEE404A2: uid=0
> from=<root>
> Apr 8 21:36:18 medium01 postfix/cleanup[10603]: 25FEE404A2:
> message-id=<20130408213618.25FEE404A2_at_medium01.ny3>
> Apr 8 21:36:18 medium01 opendkim[10502]: 25FEE404A2: no signing table
> match for 'root_at_medium01.ny3'
> Apr 8 21:36:18 medium01 opendkim[10502]: 25FEE404A2: no signature data
> Apr 8 21:36:18 medium01 postfix/qmgr[10599]: 25FEE404A2:
> from=<root_at_medium01.ny3>, size=4996, nrcpt=1 (queue active)
> Apr 8 21:36:18 medium01 postfix/smtp[10606]: 25FEE404A2: to=<
> justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.26]:25,
> delay=0.54, delays=0.04/0.01/0.14/0.35, dsn=2.0.0, status=sent (250 2.0.0
> OK 1365456978 l8si19624215vdw.33 - gsmtp)
> Apr 8 21:36:18 medium01 postfix/qmgr[10599]: 25FEE404A2: removed
>
>
> # Here (after fixing conf errors) I restart OpenDKIM:
>
> Apr 8 22:10:00 medium01 opendkim[11039]: OpenDKIM Filter: mi_stop=1
> Apr 8 22:10:00 medium01 opendkim[11039]: OpenDKIM Filter v2.7.4
> terminating with status 0, errno = 0
> Apr 8 22:10:00 medium01 opendkim[11094]: OpenDKIM Filter v2.7.4 starting
> (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
>
> # Then send a message with mailx:
>
> Apr 8 22:10:03 medium01 postfix/pickup[11066]: 1F50A404A1: uid=0 from=<
> someone_at_boxbe.com>
> Apr 8 22:10:03 medium01 postfix/cleanup[11071]: 1F50A404A1: message-id=<
> 5163403b.ZkS7iBXi5wft78Ma%someone_at_boxbe.com>
> Apr 8 22:10:03 medium01 postfix/qmgr[11067]: 1F50A404A1: from=<
> someone_at_boxbe.com>, size=4994, nrcpt=1 (queue active)
> Apr 8 22:10:03 medium01 postfix/smtp[11074]: 1F50A404A1: to=<
> justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.27]:25,
> delay=0.4, delays=0.02/0/0.07/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK
> 1365459003 cs9si2787542vdc.12 - gsmtp)
> Apr 8 22:10:03 medium01 postfix/qmgr[11067]: 1F50A404A1: removed
> Apr 8 22:10:10 medium01 postfix/pickup[11066]: E0FF1404A1: uid=0 from=<
> someone_at_boxbe.com>
> Apr 8 22:10:10 medium01 postfix/cleanup[11071]: E0FF1404A1: message-id=<
> 51634042.EvwmEAg5o+ONUpQY%someone_at_boxbe.com>
> Apr 8 22:10:10 medium01 postfix/qmgr[11067]: E0FF1404A1: from=<
> someone_at_boxbe.com>, size=4994, nrcpt=1 (queue active)
> Apr 8 22:10:11 medium01 postfix/smtp[11074]: E0FF1404A1: to=<
> justin_at_edatasource.com>, relay=aspmx.l.google.com[74.125.131.27]:25,
> delay=0.4, delays=0.02/0/0.07/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK
> 1365459011 wz3si19679596vdc.130 - gsmtp)
> Apr 8 22:10:11 medium01 postfix/qmgr[11067]: E0FF1404A1: removed
>
> 4. I added "Domain boxbe.com" and fiddled with the conf file a bit.
> Nothing changes. The mail gets to my inbox, but it has no DKIM signature
> on it. Even though I have set "LogWhy yes" I get nothing useful.
>
> 5. I found
> http://lists.opendkim.org/archive/opendkim/users/2011/09/1347.html and
> read through it. The problem was solved, but no solution was found. My
> issue sounds similar. Thought I'd email the list.
>
> Thank you very much, List!
>
>
Received on Wed Apr 10 2013 - 04:45:42 PST