Questions tagged [opendkim]
Open source implementation of the DKIM (Domain Keys Identified Mail). The capabilities include signing and verifying DKIM signature of the email.
171
questions
0
votes
1
answer
22
views
How OpenDKIM decides which emails to sign?
In OpenDKIM, what domain does it consider to use when comparing to internal hosts? Do it consider the domain of Return-Path (i.e. envelope MAIL FROM's domain) or header From or HELO's domain.
- 21
0
votes
0
answers
26
views
What is behaviour of opendkim while verifying an email with multiple dkim signatures?
I am trying to implement DKIM verification using Opendkim and postfix. The doubt I am struck by is what will happen if the email has more than one DKIM signature and one of them fails (as like failed ...
- 21
1
vote
0
answers
71
views
What are typically the headers which I should oversign?
I am trying to setup MTA using Postfix and using opendkim for dkim signing. When I went through opemdkim documentation it have a field which is named 'OversignHeaders' document describes it as: "...
- 21
0
votes
1
answer
68
views
What does "--[no]subdomains" option in opendkim-genkey mean?
Based on the documentation --nosubdomains "Disallows subdomain signing by this key". But didn't we need to create separate DKIM records for subdomains regardless?
Please correct me if I am ...
- 21
0
votes
0
answers
57
views
Postfix not signing mail with OpenDKIM
Postfix is not signing outgoing mail with OpenDKIM despite giving no errors.
My main.cf file
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
...
0
votes
0
answers
158
views
OpenDKIM gets installed without RSA-SHA256 support
I compiled opendkim from source with the following commands:
mkdir /opt/opendkim
cd /opt/opendkim
wget https://sourceforge.net/projects/opendkim/files/opendkim-2.10.3.tar.gz
tar -xzvf opendkim-2.10.3....
- 101
-1
votes
1
answer
72
views
DKIM *seems* to be used as an open relay. Is this possible?
I'm running postfix with opendkim. My opendkim milter is running on port 10029.
CORRECTION: My opendkim milter is running on a unix socket, and there is a DKIM content filter set up on port 10029.
...
- 220
2
votes
1
answer
110
views
How to make postfix sign non-delivery notifications with DKIM?
I have set up my "postfix" server to sign outgoing messages with DKIM and verified that it works correctly for SMTP users using authentication. However, "non-delivery notifications"...
- 23
0
votes
1
answer
50
views
OpenDKIM & OpenDMARC on SLES 15 SP2
Hello is it possible to install OpenDKIM & OpenDMARC on SLES 15 SP2 through the default repository of OpenSUSE?
0
votes
1
answer
45
views
OpenDkim - PHPMailer - Failure OpenDkim
my dkim configuration was working just fine. Im working with an email marketing app, pretty simple, normally i used to send the campaign with a Sender ID that is my domain company, and for the From ...
0
votes
2
answers
457
views
opendkim milter not launching on proper server socket
The following error impeded the restart of opendkim
× opendkim.service - OpenDKIM Milter
Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
Active: failed ...
- 217
-1
votes
1
answer
172
views
mail relay routing FROM domain with dkim
Current setup
First of all i must say that im so so (read like "nothing know") in things like postfix or open dkim.
We have many domains on our exchange (realy a lot). and thats work like &...
- 1
0
votes
1
answer
364
views
opendkim-testkey: key not secure (file permissions are good and TrustAnchorFile config setting is set)
If I run sudo opendkim-testkey -d mydomain.com -s selector -vvv, I get
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'selector._domainkey.mydomain.com'
...
1
vote
0
answers
74
views
OpenDKIM on Fedora Server, opendkim-testkey loads the key, says it's checking it, then just says "query failed" How do I find (and fix) what's wrong?
On Fedora Server 37 (updated as of about February 1, 2023), a new OpenDKIM installation was performed (it's version v2.11.0). The configuration included creating a signing table and a key table, and ...
- 1,242
0
votes
0
answers
95
views
Configurating DKIM and SPF, key not secured
On a Ubuntu 20.04 VPS, installing opendkim via
sudo apt install opendkim opendkim-tools proceeds as expected, following the steps provided here.
However, upon testing, while e-mails get sent in ...
- 217
0
votes
0
answers
55
views
What is the correct way to sign mail on a relay MTA
I have a setup where outbound mail from an internal mail server (lets call it System A) is relayed to a smart host (we will call this System B) which then sends it out to the Internet and eventually ...
- 81
2
votes
0
answers
276
views
OpenDKIM on MTA not signing mails from remote mail servers
I have a configuration where we have one MTA responsible for sending emails from a number of internal servers.
The internal servers all run Postfix on a number of different domains. They are all ...
- 277
0
votes
0
answers
808
views
How to correctly configure OpenDKIM with Postfix on Debian 11?
The desired settings are to create a multi domain mail server.
This is my main domain example.com and this is my subdomain: mail.example.com
Taking the rDNS as the following verifications:
hostname -f
...
- 101
0
votes
1
answer
74
views
Postfix Sendonly Multiple Domains - smtp Auth for each domain?
My title pretty much sums it up
I have recently setup a sendonly postfix server
i used this guide
https://www.linuxbabe.com/mail-server/postfix-send-only-multiple-domains-ubuntu#generate-dkim-keypair
...
- 1
0
votes
1
answer
75
views
Postfix OpenDKIM unable to sign outbound email
I configured OpenDKIM following the guidelines here:
https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
Rather than generate keys I used those already configured on our domain, that were ...
- 277
1
vote
3
answers
479
views
How destination mail server can know the DKIM selector
It is possible to set a "subdomain" in DKIM DNS record name.
This "subdomain" is called a selector. It allows to have multiple DKIM keys for the same domain.
There is something I ...
- 339
0
votes
0
answers
51
views
SendMail Bounce Back Missing Send To Address in Transcript
SendMail bounce back response is showing a blank To address. How can I correct this so the bounce back includes the To address?
This began occurring after installing opendkim on the server and before ...
- 179
1
vote
0
answers
76
views
Postfix: getting 50 or more copies of the same email from specific senders
I have a Postfix (2.10.1) / Dovecot server running on Centos 7. From specific servers I get about 50 copies of the same email every weekend, I tried a wireshark but it uses STARTTLS so its all ...
- 11
2
votes
1
answer
221
views
Postfix / OpenDKIM config on Centos8
I've setup Postfix with Dovecot as an integrated mail service for my SaaS app, it worked great as an inbox. The issue started when I started to send emails, it was not signed so I went ahead and ...
0
votes
0
answers
1k
views
DKIM_INVALID in Spamassassin only for emails sent from other emails in the same server
I have postfix/dovecot running with spamassassin on Centos.
PROBLEM:
The VPS acts as a mail server
Spamassassin edits the email subject and adds [SPAM}
Ms. Outlook on Windows moves those emails to ...
- 339
1
vote
0
answers
421
views
Why are my mails failling body hash verification?
Since a few weeks, mails sent via my mailserver at the-grue.de fail dkim authentification. That's very strange, because I'm not at all aware of any changes on my part...
mxtoolbox checked the mail, ...
-1
votes
1
answer
790
views
Setup bind9 dns for setup DKIM and SPF records [closed]
Currently emails from my mail server is blocked by gmail. I want to setup DKIM and SPF records for my mail server.But web domain register doesn't allow me to setup DKIM and SPF records it says I need ...
1
vote
3
answers
8k
views
Can't open PID file /run/opendkim/opendkim.pid (yet?) after start: Operation not permitted
i am about 2 hours on configure dkim with postfix on ubuntu 20.04. I try absolutly everything, but dkim wont work.
OpenDKIM-Service won´t start:
root@mail:~# service opendkim status
● opendkim.service ...
- 21
5
votes
1
answer
898
views
Why doesn't dkim sign the letter?
I have configured DKIM:
Dec 27 11:10:03 mailer opendkim[378]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)
Dec 27 11:10:10 mailer postfix/postfix-script[551]: warning: symlink leaves ...
- 161
0
votes
1
answer
462
views
OpenDKIM & Mailman
I have a small mail server based on Fedora with postfix, OpenDKIM, spamassassin and mailman.
OpenDKIM signature for outgoing emails works
OpenDKIM verification for incoming emails works
When a DKIM ...
- 467
2
votes
1
answer
506
views
Exim Unable to Read DKIM Key
Exim is spitting out (what looks like) a privilege error:
# tail -n1 /var/log/exim/paniclog
2021-11-15 16:38:35.955 [682275] 1mme43-002rUN-QV unable to open file for reading: /etc/opendkim/keys/...
- 121
1
vote
1
answer
739
views
Configuring postfix and opendkim socket value
I have the following line in my /etc/postfix/main.cf
smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893
So then What should I put for Socket in /etc/default/opendkim or /etc/opendkim.conf ?
- 23
5
votes
1
answer
8k
views
1024 or 2048 bit keys for DKIM?
Referencing this: https://crypto.stackexchange.com/questions/72297/recommended-key-size-for-dkim
What I get from this is (at the time) DNS providers (usually) allow for up to 1024 bit keys but not ...
- 201
4
votes
1
answer
1k
views
How to validate opendkim generated RSA keys
I'm trying to diagnose OpenDKIM validation errors (see this question). Way down in the belly of the beast, I'm at the point where I'm trying to make sure the keys generated are actually correct.
I'm ...
- 419
2
votes
0
answers
613
views
How to diagnose opendkim RSA signatures
I'm having an issue where my DKIM signatures are failing everywhere. There was a question on this here, but the original poster answered his own question, and the answer seems unrelated. After some ...
- 419
1
vote
2
answers
1k
views
OpenDKIM-provided tools do not provide a usable key-pair for DKIM
I use opendkim-genkey -b 2048 -t -s default -d mydomain.com, resulting in files default.private and default.txt. Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and ...
- 11
0
votes
1
answer
148
views
opendkim: Restore /etc/default/opendkim to original values
I accidentally overwrote my /etc/default/opendkim while changing the configuration. How can I restore it to the "factory defaults"?
I already tried uninstalling and re-installing the package....
- 123
2
votes
1
answer
2k
views
Is DKIM/ARC working properly on my Mailman server?
I've set up a Mailman 3 server with Postfix. I've configured Postfix to add DKIM headers using OpenDKIM and a test email from that server to a Microsoft-hosted email address suggests that DKIM is OK:
...
- 121
3
votes
1
answer
3k
views
Sendmail authenticating with DKIM but Roundcube is not authenticating
So I have set up the mail server, Roundcube, and Sendmail both work as expected.
but many of my emails were going to spam in Gmail and others, so I was setting up the DKIM auth and it was successful.
[...
- 41
1
vote
0
answers
218
views
Postfix from rewriting (smtp_generic_maps) + DKIM
We have SMTP server for the application emails what should do following:
change “From” for all emails
sign emails with DKIM
I have set up postfix rewriting with smtp_generic.
The default flow is ...
- 11
1
vote
1
answer
660
views
DKIM signing for subdomain issue
I am in an environment that sends emails from different sources. We're a Google Workspace environment as well.
The flow is as such:
A user ([email protected]) in Gmail sends an email to an email group (...
- 11
1
vote
1
answer
575
views
Mistake with DKIM 9936A801ED08: no signing table match for using wildcard
I have configured DKIM to be used with wildcards in SigningTable (Centos7)
But it gives me an error, and I am not able to see it.
Feb 15 08:46:56 monitor01 postfix/submission/smtpd[3374]: connect from ...
- 416
2
votes
1
answer
3k
views
OpenDKIM reports "signing table references unknown key" (CentOS 8)
I'm attempting to configure OpenDKIM with PostFix on CentOS 8.
I've set the following in /etc/opendkim.conf:
PidFile /run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
...
- 155
4
votes
1
answer
4k
views
OpenDKIM ignoring hostnames and domains in trusted hosts file
According to http://opendkim.org/opendkim.conf.5.html, the ExternalIgnoredHosts and InternalHosts options support the same format as the PeerList option as follows:
The set should contain on each ...
- 101
8
votes
1
answer
9k
views
opendkim-testkey: key not secure
I set up Opendkim milter to work with postfix on my machine. Now email is signed & verified correctly i.e. email source code shows DKIM-Signature header.
TXT record on the authorative dns is set ...
- 373
2
votes
1
answer
539
views
OpenDKIM's UNIX socket and permissions for "others"
Postfix installation procedure created a system user postfix and it's primary group postfix while installation procedure for OpenDKIM created a system user opendkim and it's primary group opendkim.
To ...
- 373
3
votes
0
answers
2k
views
Cannot start opendkim service, but command line works fine
Good morning.. I've read about 15 different guides on setup with DKIM and Sendmail signing on ubuntu 18.04 and for some reason I cannot get the service to start, yet command line works fine
/etc/...
- 31
0
votes
1
answer
333
views
Why is SELinux preventing opendkim from accessing private key files, and how do I fix it?
I'm trying to set up opendkim with Postfix (on CentOS).
Having copied my known good private key into place, I'm seeing this:
Nov 16 12:54:26 [host.domain] setroubleshoot[10093]: SELinux is preventing ...
- 173
1
vote
0
answers
617
views
OpenDKIM doesn't reject unvalidated incoming emails
Last a few weeks I found that my OpenDKIM stopped rejecting incoming mails with no dkim-signature, bad-signature etc. Signing outgoing is OK, and according to the mail headers verifying provided, as ...
- 11
0
votes
1
answer
442
views
Should "record not found" errors from opendkim for external domains be showing up in /var/log/mail.err?
I have set up opendkim for the first time. I see many of log entries similar to the following in my /var/log/mail.err file:
Oct 13 20:02:51 email opendkim[24304]: 0873142234: key retrieval failed (s=...
- 534