Questions tagged [opendkim]
Open source implementation of the DKIM (Domain Keys Identified Mail). The capabilities include signing and verifying DKIM signature of the email.
184
questions
21
votes
8
answers
19k
views
Can't change OpenDKIM socket in Debian stretch in /etc/default/opendkim
I am trying to set up opendkim on Debian stretch but I fail at changing the socket. I want to change the socket to /var/spool/postfix/opendkim/opendkim.sock so I can use it with postfix.
I have added ...
- 691
11
votes
4
answers
24k
views
Is _ (underscore) illegal in a CNAME record?
We're having trouble creating the long TXT record for the DKIM key on the web interface on our hoster.
Each line can only accept 256 characters.
We tried multiple lines, then tried adding (" at the ...
- 1,009
11
votes
4
answers
26k
views
Postfix - Opendkim - Unable to connect to local socket
I am getting denied errors when postfix tries to connect to the unix socket for opendkim, actual error:
Sep 24 15:41:43 service-a-4 postfix/cleanup[17414]: warning: connect to Milter service unix:var/...
- 1,738
10
votes
4
answers
44k
views
no signing table match in OpenDKIM
I have OpenDKIM installed on CentOS. I am using postfix as MTA and dovecot for IMAP/POP3.
Now the problem is am trying to setup DKIM for my domain. The mails are send from a sub domain mail.example....
- 301
10
votes
1
answer
14k
views
OpenDKIM not signing mail
So I'm having trouble with getting OpenDKIM to sign my messages, but I'm hitting a wall as to what might causing it:
On Debian Jessie, with Postfix and OpenDKIM.
My /etc/opendkim.conf:
Syslog ...
- 163
9
votes
4
answers
25k
views
postfix: milter-reject: END-OF-MESSAGE from ...: 4.7.1 Service unavailable (opendkim)
I configured OpenDkim to work with postfix and I'm getting the following error when I try to send mail out:
postfix/cleanup[11542]: 40F271A291A: milter-reject: END-OF-MESSAGE from ***[***]: 4.7.1 ...
- 429
9
votes
1
answer
20k
views
Connect to Milter service unix:/var/run/opendkim/opendkim.sock: No such file or directory
I've just been moving a postfix mail server to a different box, and I'm having trouble getting postfix to talk opendkim via a unix socket. The opendkim socket is located at /var/run/opendkim/opendkim....
9
votes
1
answer
12k
views
opendkim-testkey: key not secure
I set up Opendkim milter to work with postfix on my machine. Now email is signed & verified correctly i.e. email source code shows DKIM-Signature header.
TXT record on the authorative dns is set ...
- 403
9
votes
2
answers
11k
views
DKIM not signing with alias addresses - not internal, not authenticated
I have postfix, dovecot, opendkim and postsrsd installed. I am trying to forward mail from [email protected] to [email protected], and have them signed with DKIM.
I use postsrsd in order for the SPF ...
- 213
9
votes
1
answer
8k
views
opendkim-testkey: key not secure, but dnssec is ok
I'm trying to setup opendkim, but I get this result:
# opendkim-testkey -vvvv -d my.example.com -s 201702
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '...
- 1,009
8
votes
1
answer
14k
views
OpenDKIM not signing outgoing mail
I'm trying to setup OpenDKIM on my mailserver running Debian and Postfix. This is the configuration I've done:
Generated two keys (for two domains I need to send mail for)
Configured KeyTable, ...
- 404
6
votes
1
answer
10k
views
1024 or 2048 bit keys for DKIM?
Referencing this: https://crypto.stackexchange.com/questions/72297/recommended-key-size-for-dkim
What I get from this is (at the time) DNS providers (usually) allow for up to 1024 bit keys but not ...
- 211
6
votes
1
answer
2k
views
opendkim configuration not loading properly
When moving from Ubuntu 12.04 to 14.04, opendkim no longer starts with the same config I had prior. Any item I have in /etc/default/opendkim shows up as "not found" when booting.
/etc/init.d/opendkim:...
- 161
6
votes
1
answer
9k
views
opendkim fail | bad RSA signature | verification failed unprotected key
I have fully manageable VPS running Ubuntu 14.04 which hosts websites for several domains. Recently I have tried to add DKIM signatures to avoid spam filters. I've followed ubuntu-postfix-dkim ...
5
votes
2
answers
9k
views
OpenDKIM errors
When sending mail, Outlook errors 4.7.1 Service unavailable - try again later. I have installed postfix, dovecot and openDKIM, but OpenDKIM is giving me errors:
Mar 30 10:19:32 x opendkim[16762]: can'...
- 75
5
votes
1
answer
964
views
Why doesn't dkim sign the letter?
I have configured DKIM:
Dec 27 11:10:03 mailer opendkim[378]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)
Dec 27 11:10:10 mailer postfix/postfix-script[551]: warning: symlink leaves ...
- 161
5
votes
1
answer
3k
views
OpenDKIM generates 2 keys
I've followed instructions to set up spf and DKIM on my mailing server. SPF is working fine so far, however I am having problem with DKIM. In every single instruction website, they show the output ...
- 53
5
votes
2
answers
3k
views
can I use multiple selectors for opendkim?
I have 4 domains hosted on a single server. Should I use 4 separate dkim keys or one for all of them?
Also as far as selectors go do I need to use the one specified in opendkim.conf or can/should I ...
4
votes
2
answers
13k
views
opendkim error loading key
I am having a hard time in debugging this error:
Syslog:
Apr 24 06:18:08 abcex opendkim[24223]: abcex: key data is not secure: /etc/opendkim/keys/abcex.private
Apr 24 06:18:08 abcex opendkim[24223]: ...
4
votes
1
answer
5k
views
OpenDKIM ignoring hostnames and domains in trusted hosts file
According to http://opendkim.org/opendkim.conf.5.html, the ExternalIgnoredHosts and InternalHosts options support the same format as the PeerList option as follows:
The set should contain on each ...
- 101
4
votes
1
answer
4k
views
Valid DKIM signature ramdomly fails to validate
The scenario:
I have a couple email servers running on Debian behind a firewall, a public IP and I have properly setup my DNS records (MCX, DMARC, DKIM, SPF).
This is an example of my DNS records (...
- 458
4
votes
2
answers
6k
views
Milter (opendkim): error connecting to filter: Connection refused by localhost
I'm on Ubuntu 16 LTS, trying to sign mail with opendkim and I'm getting:
$ tail /var/log/mail.err
...
Milter (opendkim): error connecting to filter: Connection refused by localhost
I have sendmail ...
- 201
4
votes
1
answer
2k
views
opendkim-testkey returns "invalid data set type", while if I specify domain and selector I got "Key OK"
I'm having the problem that opendkim testkey returns error "invalid data set type" unless I pass the domain and the selector to the command. Why does it happen? Details below:
Without domain and ...
- 619
4
votes
1
answer
2k
views
How to validate opendkim generated RSA keys
I'm trying to diagnose OpenDKIM validation errors (see this question). Way down in the belly of the beast, I'm at the point where I'm trying to make sure the keys generated are actually correct.
I'm ...
- 419
4
votes
2
answers
3k
views
Postfix not communicating with opendkim
I want to setup automatic signing with DKIM for all outgoing emails. This ir virtual private server and hosts a single website.
I have tried lots of tutorials on how to implement dkim email signing, ...
- 191
4
votes
2
answers
4k
views
OpenDKIM query timed out (even with opendkim-testkey and Nameservers set)
I try to set up a mail server on Debian with opendkim and opendmarc
When I receive an email, SpamAssassin refuse it because opendkim can't do the DNS query
I tested with opendkim-testkey command, ...
- 61
4
votes
1
answer
2k
views
postfix relay with opendkim
i'm using opendkim + postfix as a MTA for my website , everything is working: mail are signed by DKIM , gmail mark them as "pass"
the issue is when i'm using this config as a relay from another vm ( ...
- 63
4
votes
3
answers
3k
views
OpenDKIM permission denied [duplicate]
I have installed opendkim on CentOS 6 and set the TemporaryDirectory to /var/tmp in the opendkim.conf configuration file. After restarting the service and trying to send an email I get an error in the ...
- 151
3
votes
4
answers
868
views
How destination mail server can know the DKIM selector
It is possible to set a "subdomain" in DKIM DNS record name.
This "subdomain" is called a selector. It allows to have multiple DKIM keys for the same domain.
There is something I ...
- 429
3
votes
1
answer
5k
views
OpenDKIM milter with Postfix
I just configured opendkim and postfix and it is supossed to be signing my emails but it doesn't.
I used /usr/sbin/opendkim-testkey to test the keys and it seems to be ok with them but the mails I ...
- 133
3
votes
1
answer
6k
views
OpenDKIM won't start: "opendkim: milter socket must be specified"
I'm trying to setup a server using postfix, dovecot, amavis and opendkim for signing.
OpenDKIM won't start, here is the output of journalctl -xe, after stopping and starting opendkim:
Jul 21 21:54:17 ...
- 33
3
votes
2
answers
4k
views
Route53 DNS and DKIM/TXT
I've been trying to set an openDKIM public key as a TXT record within the Route53 hosted zone for my domain.
The record is mail._domainkey .zewtie.io but, however I enter the public key in the ...
- 51
3
votes
1
answer
519
views
How to make postfix sign non-delivery notifications with DKIM?
I have set up my "postfix" server to sign outgoing messages with DKIM and verified that it works correctly for SMTP users using authentication. However, "non-delivery notifications"...
- 33
3
votes
1
answer
810
views
OpenDKIM's UNIX socket and permissions for "others"
Postfix installation procedure created a system user postfix and it's primary group postfix while installation procedure for OpenDKIM created a system user opendkim and it's primary group opendkim.
To ...
- 403
3
votes
2
answers
4k
views
OpenDKIM / Postfix sign console-sent mail, but not from a mail client / SMTP
I have Postfix running on a Debian 9 machine, and installed opendkim (both from the Debian repositories). The milter socket/connection is inet:localhost:8892, and the iptables firewall allows that ...
- 175
3
votes
1
answer
4k
views
Sendmail authenticating with DKIM but Roundcube is not authenticating
So I have set up the mail server, Roundcube, and Sendmail both work as expected.
but many of my emails were going to spam in Gmail and others, so I was setting up the DKIM auth and it was successful.
[...
- 41
3
votes
1
answer
777
views
Deprecation of RSA-SHA-1 in DKIM keys?
I recently noticed that opendkim on my mail server is objecting to DKIM signatures from a client, saying their key is insecure. It may be that that's due to lack of secure DNS (confirmation?) but I ...
- 5,941
3
votes
2
answers
3k
views
OpenDKIM - cannot determine host's domain name, so skipping default key generation
I've just set up OpenDKIM on my CentOS 6 server but keep getting the following warning each time I start the service:
Cannot determine host's domain name, so skipping default key generation.
I have ...
- 565
3
votes
1
answer
654
views
Exim Unable to Read DKIM Key
Exim is spitting out (what looks like) a privilege error:
# tail -n1 /var/log/exim/paniclog
2021-11-15 16:38:35.955 [682275] 1mme43-002rUN-QV unable to open file for reading: /etc/opendkim/keys/...
- 131
3
votes
0
answers
2k
views
Cannot start opendkim service, but command line works fine
Good morning.. I've read about 15 different guides on setup with DKIM and Sendmail signing on ubuntu 18.04 and for some reason I cannot get the service to start, yet command line works fine
/etc/...
- 31
2
votes
1
answer
4k
views
OpenDKIM reports "signing table references unknown key" (CentOS 8)
I'm attempting to configure OpenDKIM with PostFix on CentOS 8.
I've set the following in /etc/opendkim.conf:
PidFile /run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
...
- 155
2
votes
2
answers
2k
views
Opendkim doesn't sign emails sending from external clients
I've setup opendkim with my sendmail and it looks like everything works correctly, but it signs only those messages that sent locally (from webmail client or automatic subscriptions). when I try to ...
- 175
2
votes
2
answers
801
views
Add Multiple Subdomains In Signing Table And Key Table Opendkim
I need some major help adding multiple subdomains in the signing table and key table for opendkim without listing them one by one.
If I have 50 subdomains I want to add, it will take me forever.
I am ...
2
votes
1
answer
203
views
How OpenDKIM decides which emails to sign?
In OpenDKIM, what domain does it consider to use when comparing to internal hosts? Do it consider the domain of Return-Path (i.e. envelope MAIL FROM's domain) or header From or HELO's domain.
- 47
2
votes
1
answer
3k
views
Is DKIM/ARC working properly on my Mailman server?
I've set up a Mailman 3 server with Postfix. I've configured Postfix to add DKIM headers using OpenDKIM and a test email from that server to a Microsoft-hosted email address suggests that DKIM is OK:
...
- 121
2
votes
1
answer
1k
views
OpenDMARC with multiple MX: correct setup for trust between servers
There are many tutorials on how to setup OpenDMARC on your favorite flavor of Linux, but they all focus on single server configurations. My goal was to keep backup secondary MX servers, but enforce ...
- 50.2k
2
votes
1
answer
2k
views
Postfix not triggering OpenDKIM milter
I've been trying for a long time to start signing mail sent via postfix with opendkim. Looking at the logs, it looks like zero attempt is made to communicate with postfix:
Aug 4 20:59:59 localhost ...
2
votes
1
answer
275
views
OpenDKIM - How can I set these signing options in the conf file
I followed this guide for opendkim, and I wondering how to set the following options in the conf file:
Signature expiration (x)
creation time (t)
standard headers to be validated (h=)
body signature ...
- 195
2
votes
1
answer
288
views
Postfix / OpenDKIM config on Centos8
I've setup Postfix with Dovecot as an integrated mail service for my SaaS app, it worked great as an inbox. The issue started when I started to send emails, it was not signed so I went ahead and ...
2
votes
1
answer
4k
views
Opendkim: fail (signature doesn't verify)
I had generated my public and private key using opendkim-genkey:
opendkim-genkey -s mail -d example.com
It is supposed to be linked in the KeyTable file:
/etc/opendkim$ cat KeyTable
mail._domainkey....
- 174