Re: no signing domain match for <Domain>

From: Andy Wilson <andrewgwilson_at_gmail.com>
Date: Mon, 23 Sep 2013 23:25:05 +1200

Hi Maik

Are you missing an 'E' at the end of the line?

 KeyFile /etc/mail/medicalDE.privat



On 23 September 2013 21:37, Maik Holtkamp <holtkamp_at_medical-city.de> wrote:

> Hi,
>
> I recently setup our MX to sign outgoing mails. I am using postfix and
> opendkim on debian wheezy.
>
> It used to work just fine for the main domains medical-city.[de|eu] we use.
>
> Several days later I added similar setup for a further domain and it
> seemed I mixed something up while doing so.
>
> This morning a got a bounce from hotmail and I suppose it's due to the
> mail setup stopped signing my outgoing e-mail (DMARC records, though
> action=none).
>
> In spite everything seemed ok for me on the first hand, I decided to
> setup new keys for the two effected domains and changed DNS records
> correspondingly.
>
> However, still no success :(.
>
> It still works for the new domain (voll-tbl) I added recently but no
> more for the main domains :(. Current setup:
>
> ---cut opendkim.conf---
> Domain medical-city.eu
> KeyFile /etc/mail/medicalEU.private
> Selector medicaleu
>
> Domain medical-city.de
> KeyFile /etc/mail/medicalDE.privat
> Selector medicalde
>
> Domain voll-tbl.de
> KeyFile /etc/mail/voll-tbl.key
> Selector voll-tbl
>
> ---cut---
> root_at_www:/etc/mail# ls -l
> total 40K
> -rw------- 1 opendkim opendkim 887 Sep 23 10:06 medicalDE.private
> -rw------- 1 root root 317 Sep 23 10:06 medicalDE.txt
> -rw------- 1 opendkim opendkim 887 Sep 23 10:06 medicalEU.private
> -rw------- 1 root root 317 Sep 23 10:19 medicalEU.txt
> -rw------- 1 opendkim opendkim 887 Sep 12 18:14 voll-tbl.key
> -rw------- 1 root root 306 Sep 12 18:14 voll-tbl.txt
> ---cut---
>
> Domainkey from DNS:
>
> ---cut---
> root_at_www:/etc/mail# dig medicalde._domainkey.medical-city.de TXT
> ....
> ;; ANSWER SECTION:
> medicalde._domainkey.medical-city.de. 86400 IN TXT "v=DKIM1\; k=rsa\;
> t=y\;
>
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDR08BctnDo6HjyBD9Bf1UKpxqRBhpPNHFxj9lEWR8az7ybAkpKO3ZYl2oBq1TZzEIWgl8GG4ITQ1z1/iLVdPQ8DirDdyx6BLwdUYQVmMIzOogXiMmx9kVSckwDV3xJGIoq0ErG8wB2b8kLd2eslRErVBlvTLBqNXNPdptIPw9JSwIDAQAB"
> ---cut---
>
> ---cut contens of local public file---
> root_at_www:/etc/mail# cat medicalDE.txt
> medicalDE._domainkey IN TXT "v=DKIM1; k=rsa; t=y;
>
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDR08BctnDo6HjyBD9Bf1UKpxqRBhpPNHFxj9lEWR8az7ybAkpKO3ZYl2oBq1TZzEIWgl8GG4ITQ1z1/iLVdPQ8DirDdyx6BLwdUYQVmMIzOogXiMmx9kVSckwDV3xJGIoq0ErG8wB2b8kLd2eslRErVBlvTLBqNXNPdptIPw9JSwIDAQAB"
> ; ----- DKIM key medicalDE for medical-city.de
> ---cut---
>
> Using LogWhy syslog returns:
>
> ---cut---
> Sep 23 11:08:23 www postfix/cleanup[2788]: 2C55F1880F6C:
> message-id=<52400506.6020401_at_medical-city.de>
> Sep 23 11:08:23 www opendkim[2352]: 2C55F1880F6C: no signing domain
> match for 'medical-city.de'
> Sep 23 11:08:23 www opendkim[2352]: 2C55F1880F6C: no signing subdomain
> match for 'medical-city.de'
> Sep 23 11:08:23 www opendkim[2352]: 2C55F1880F6C: no signature data
> ---cut---
>
> Any idea why opendkim can't find the corresponding domain would be
> greatly appreciated, TIA.
>
> --
> - maik
>
>


-- 
Regards
Andy
Received on Mon Sep 23 2013 - 11:25:25 PST

This archive was generated by hypermail 2.3.0 : Mon Sep 23 2013 - 11:27:01 PST