The linke of linode, but transformed in a script for Debian 9. https://github.com/thctlo/debian-scripts/blob/master/setup-opendkim-postfix.sh
Read it or use it. ( make backups first ). Its tested on a clean setup, but if you read through the script you see everything thats needed to fix this. And just a question, the DNS is already updated? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: [email protected] [mailto:[email protected]] > Namens Ntek, SIA Janis > Verzonden: dinsdag 9 april 2019 11:19 > Aan: [email protected] > Onderwerp: Re: OpenDKIM not signing > > Why do use > > inet:localhost:8891 > Instead of a socket? > I conf'ed it using this tutorial: > https://www.linode.com/docs/email/postfix/configure-spf-and-dk im-in-postfix-on-debian-8/ > > smtpd_milters = local:opendkim/opendkim.sock > non_smtpd_milters = local:opendkim/opendkim.sock > The sockets are relative path as postfix is chrooted. The > absolute path > is /var/spool/postfix/opendkim/opendkim.sock (Use the > relative though!) > > Also check the syntax in tables. I was pulling my hair out > and it turned > out my syntax was off. Refer to the tutorial! > Especially: > KeyTable /etc/opendkim/KeyTable > mydomaintld > mydomain.tld:201904:/etc/opendkim/keys/mydomain.tld/mydomaintl > d.private > > SigningTable refile:/etc/opendkim/SigningTable > *@mydomain.tld mydomaintld > > ExternalIgnoreList /etc/opendkim/TrustedHosts > InternalHosts /etc/opendkim/TrustedHosts > > What does the log file say? > search for opendkim > $ tail -n 500 /var/log/mail.log | grep opendkim # Or > wherever your mail > log file is located. > > Also check online Opendkim testers. There are many of them, > try a few. > Helped me a lot. > https://www.mail-tester.com/spf-dkim-check > > Remember that your DNS TXT records may take an hour to update > and should > be submitted BEFORE you try signing anything. dig is your > friend. Check > that your server and your work PC can read the recrods. > > $ dig TXT 201904._domainkey.mydomain.tld > Should contain something like: > ;; ANSWER SECTION: > 201902._domainkey.mydomain.tld. 21599 IN TXT "v=DKIM1; > h=sha256; > k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN....... > > Remeber that 201904._domainkey is what you choose it to be when you > generate the public key you put in DNS TXT records! > > Re-read tutorial! Remember that if you think that you don't > understand > something, then the config error is probably because of that. > Don't just > copy paste, think along every step. > > On 09.04.19 11:22, Laura Smith wrote: > > Based on the responses to my previous question about using > OpenDKIM (quite what "standards have not changed" has to do > with software bugs makes no sense to me !). However, having > been told I'm stupid not to continue using software many > years old I thought I would suck it up and continue with OpenDKIM. > > > > OpenDKIM is not signing my mails. > > > > Postfix main.cf is calling as follows: > > milter_protocol = 6 # I have also tried this with 2 > > milter_default_action = accept > > smtpd_milters = inet:localhost:8891 > > non_smtpd_milters = inet:localhost:8891 > > milter_mail_macros = i {mail_addr} {daemon_addr} > {client_name} {auth_authen} > > > > netstat -an shows openDKIM as running and listening on 8891. > > > > My opendkim.conf is as follows: > > BaseDirectory /run/opendkim > > PidFile /run/opendkim/opendkim.pid > > UserID opendkim:opendkim > > Syslog yes > > SyslogSuccess yes > > LogWhy yes > > Canonicalization relaxed/relaxed > > Socket inet:8891@localhost > > SendReports no > > SoftwareHeader no > > MinimumKeyBits 1024 > > KeyTable /etc/opendkim/KeyTable > > SigningTable refile:/etc/opendkim/SigningTable > > InternalHosts refile:/etc/opendkim/TrustedHosts > > > >
