Hi Philip ,
Thank you so much.
I am trying to setup opendkim in my company's MTA ( postfix 3.1.0 , Ubuntu
16.04 , opendkim & opendkim tools 2.10.3). After configuring seems
like the opendkim not signing the mails sent by the postfix. As i am quite
new to this , not too sure about fixing it. Seeking your advice. Below are
my configs and logs.
Appreciate very much . Thanks again.
postfix's main.cf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, m239.mydomain.my, localhost.mydomain.my,
, localhost
myhostname = m239.mydomain.my
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = local:/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = local:/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/mydomainWildcardBundle2018to2020.crt
smtpd_tls_key_file = /etc/ssl/private/mydomain.key
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
opendkim.conf
root_at_m239:/etc/opendkim/keys# cat /etc/opendkim.conf
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
SyslogSuccess Yes
LogWhy Yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# OpenDKIM user
# Remember to add user postfix to group opendkim
UserID opendkim
# Map domains in From addresses to keys used to sign messages
KeyTable /etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
# Hosts to ignore when verifying signatures
ExternalIgnoreList /etc/opendkim/trusted.hosts
InternalHosts /etc/opendkim/trusted.hosts
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed/simple
Mode sv
SubDomains no
#ADSPAction continue
AutoRestart yes
AutoRestartRate 10/1M
Background yes
DNSTimeout 5
SignatureAlgorithm rsa-sha256
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian package
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
mail.log
Jul 6 17:02:49 m239 postfix/pickup[3580]: 206CE220FE6: uid=0
from=<root_at_m239.mydomain.my>
Jul 6 17:02:49 m239 postfix/cleanup[3586]: 206CE220FE6:
message-id=<20180706090249.206CE220FE6_at_m239.mydomain.my>
Jul 6 17:02:49 m239 opendkim[3422]: 206CE220FE6: no signing table
match for 'root_at_m239.mydomain.my'
Jul 6 17:02:49 m239 opendkim[3422]: 206CE220FE6: no signature data
Jul 6 17:02:49 m239 postfix/qmgr[3581]: 206CE220FE6:
from=<root_at_m239.mydomain.my>, size=389, nrcpt=1 (queue active)
Jul 6 17:02:50 m239 postfix/smtp[3588]: 206CE220FE6:
to=<xcodehawk_at_gmail.com>,
relay=gmail-smtp-in.l.google.com[74.125.68.27]:25, delay=1.3,
delays=0.01/0/0.86/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK
1530867770 r14-v6si7593888pgl.490 - gsmtp)
Jul 6 17:02:50 m239 postfix/qmgr[3581]: 206CE220FE6: removed
/etc/opendkim/key.table
root_at_m239:/etc/opendkim# cat key.table
mydomain mydomain:/etc/opendkim/keys/mydomain.private
root_at_m239:/etc/opendkim#
/etc/opendkim/signing.table
root_at_m239:/etc/opendkim# cat signing.table
*_at_mydomain.my mydomain
root_at_m239:/etc/opendkim#
/etc/opendkim/trusted/hosts
root_at_m239:/etc/opendkim# cat trusted.hosts
127.0.0.1
::1
localhost
m239m239.mydomain.my
mydomain.my
Reference article :
https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
On Sat, Jul 7, 2018 at 3:56 AM, Philip <philip_at_treads.nz> wrote:
> It sure is - Ask away.
>
>
> On 06/07/2018 21:50, Sargunan wrote:
>
>> Hello ,
>>
>> I would like to know if this is the right place to get support on
>> opendkim installation/congifuration issues?
>>
>>
>> BR//
>> Sargu
>>
>
>
Received on Sat Jul 07 2018 - 05:10:22 PST