Why do use
inet:localhost:8891
Instead of a socket?
I conf'ed it using this tutorial:
https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = local:opendkim/opendkim.sock
The sockets are relative path as postfix is chrooted. The absolute path
is /var/spool/postfix/opendkim/opendkim.sock (Use the relative though!)
Also check the syntax in tables. I was pulling my hair out and it turned
out my syntax was off. Refer to the tutorial!
Especially:
KeyTable /etc/opendkim/KeyTable
mydomaintld
mydomain.tld:201904:/etc/opendkim/keys/mydomain.tld/mydomaintld.private
SigningTable refile:/etc/opendkim/SigningTable
*@mydomain.tld mydomaintld
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
What does the log file say?
search for opendkim
$ tail -n 500 /var/log/mail.log | grep opendkim # Or wherever your mail
log file is located.
Also check online Opendkim testers. There are many of them, try a few.
Helped me a lot.
https://www.mail-tester.com/spf-dkim-check
Remember that your DNS TXT records may take an hour to update and should
be submitted BEFORE you try signing anything. dig is your friend. Check
that your server and your work PC can read the recrods.
$ dig TXT 201904._domainkey.mydomain.tld
Should contain something like:
;; ANSWER SECTION:
201902._domainkey.mydomain.tld. 21599 IN TXT "v=DKIM1; h=sha256;
k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN.......
Remeber that 201904._domainkey is what you choose it to be when you
generate the public key you put in DNS TXT records!
Re-read tutorial! Remember that if you think that you don't understand
something, then the config error is probably because of that. Don't just
copy paste, think along every step.
On 09.04.19 11:22, Laura Smith wrote:
Based on the responses to my previous question about using OpenDKIM (quite what
"standards have not changed" has to do with software bugs makes no sense to me
!). However, having been told I'm stupid not to continue using software many years old I
thought I would suck it up and continue with OpenDKIM.
OpenDKIM is not signing my mails.
Postfix main.cf is calling as follows:
milter_protocol = 6 # I have also tried this with 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_mail_macros = i {mail_addr} {daemon_addr} {client_name} {auth_authen}
netstat -an shows openDKIM as running and listening on 8891.
My opendkim.conf is as follows:
BaseDirectory /run/opendkim
PidFile /run/opendkim/opendkim.pid
UserID opendkim:opendkim
Syslog yes
SyslogSuccess yes
LogWhy yes
Canonicalization relaxed/relaxed
Socket inet:8891@localhost
SendReports no
SoftwareHeader no
MinimumKeyBits 1024
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
InternalHosts refile:/etc/opendkim/TrustedHosts
