On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote: > On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: > > Hi everyone, > > > > First of all, is dkimproxy a work in progress? > > > > If it's not, then the long one. I've tried something similar to > > the example in smtpd.conf(5). Outgoing messages don't get signed. > > > > > > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy > > > > /etc/dkimproxy_out.conf > > ----------------------------------- > > listen 127.0.0.1:10027 > > relay 127.0.0.1:10028 > > domain mydomain.com > > signature dkim(c=relaxed) > > signature domainkeys(c=nofws) > > keyfile /var/dkimproxy/default.private > > selector default > > > > > > /etc/mail/smptd.conf > > ----------------------------------- > > egress_int="em0" > > server="server.mydomain.com" > > ca $server certificate "/etc/ssl/acme/chain.pem" > > > > table aliases file:/etc/mail/aliases > > table valiases file:/etc/mail/valiases > > table vdomains file:/etc/mail/vdomains > > table addresses file:/etc/mail/addresses > > table users file:/etc/mail/users > > > > pki $server certificate "/etc/ssl/acme/cert.pem" > > pki $server key "/etc/ssl/acme/private/privkey.pem" > > > > listen on lo0 > > listen on lo0 port 10028 tag DKIM > > listen on $egress_int port 25 tls pki $server > > listen on $egress_int port 465 smtps pki $server auth senders <users> > > masquerade > > > > accept from any for domain <vdomains> virtual <valiases> deliver to mbox > > accept for local alias <aliases> deliver to mbox > > accept tagged DKIM for any relay > > accept from local sender <addresses> for any relay via > > smtp://127.0.0.1:10027 > > > > > > Do I need to do something else? (running current) > > > > > > Walter > > > > Did you add the public key part to DNS for your domain? What's going on > in maillog?
I forgot to mention that, yes, I added the DNS record and checked its validity using this site: http://dkimcore.org/tools/keycheck.html That tells me it's ok. Then I been sending to this testing address: check-a...@verifier.port25.com where I'm told (in a replay to my same address) the message isn't signed. /var/log/maillog just shows the message as correctly delivered: Nov 9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery evpid=1da22dbaa5825b53 from=<.*@mydomain.com> to=<check-a...@verifier.port25.com> rcpt=<-> source="192.168.1.101" relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 2.6.0 message received" > Are the mails being forwarded to dkimproxy_out and back into > smtpd as expected? > How can I check this?