Your dkim-filter config file still has the domain set to "example.com" instead of whatever real domain you are sending email as. So dkim-filter is generating signatures for the domain "example.com", which you do not own. When Yahoo tries to look up the dns for example.com, it's not asking your local dns server for the key info, it's looking it up in public DNS, which goes to IANA servers (because they own the domain).
By the sound of it, you actually created your private key in the zaaam.com domain, and testing that I see: # dig +short -t txt mail._domainkey.zaaam.com "v=DKIM1\; g=*\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiABGx96PvDMrqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2705G/gicNRlbP4ZjPTL2yqshKy1DNRfw4vSgUpMRfQVfcPeag32geSayoVEmu+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB" This means that you need to modify your dkim-filter.conf to sign for the zaaam.com domain instead of example.com. You also have a few entries in your /etc/mail/hosts which have example.com appended to them, which seems incorrect, but I do not know for sure what local host names you give to your machines. One final note: development has stopped for this dkim-filter. It was forked back in 2009 and a new project was started called opendkim, it's on sourceforge, and the home website is http://www.opendkim.org. The current version is opendkim-2.1.3 and an opendkim-2.2.0 release is probably a week or so away. Regards.... Todd On Sun, Sep 26, 2010 at 5:24 PM, alforreca_2...@yahoo.com <alforreca_2...@yahoo.com> wrote: > > I'm running ubuntu 10.04 with postfix and dkim-filter. > All my configuration checks out ok...or at least I think so. But dkim sig is > not being accepted by yahoo and gmail servers. > My postfix main.cf > # DKIM > milter_default_action = accept > milter_protocol = 2 > smtpd_milters = inet:localhost:8891 > non_smtpd_milters = inet:localhost:8891 > My /etc/default/dkim-filter > SOCKET="inet:8...@localhost" # Ubuntu default - listen on loopback on port > 8891 > My /etc/dkim-filter.conf > Syslog yes > LogWhy True > # Required to use local socket with MTAs that access the socket as a non- > # privileged user (e.g. Postfix) > #UMask 002 > # Sign for example.com with key in /etc/mail/dkim.key using > # selector '2007' (e.g. 2007._domainkey.example.com) > Domain example.com > KeyFile /etc/mail/mail.key > Selector mail > InternalHosts /etc/mail/hosts > # Common settings. See dkim-filter.conf(5) for more information. > AutoRestart yes > Background yes > Canonicalization relaxed/relaxed > DNSTimeout 5 > Mode sv > SignatureAlgorithm rsa-sha256 > SubDomains yes > #ADSPDiscard no > #Version rfc4871 > X-Header no > ############################################### > # Other (less-standard) configuration options # > ############################################### > My InternalHosts file /etc/mail/hosts > 127.0.0.1/8 > 192.168.1.0/24 > localhost > example.com > www.example.com > mail.example.com > cerebrus.example.com > umongus.example.com > My Bind9 Dns entries for the example domain > mail._domainkey IN TXT "k=rsa; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBcAtF+RCk9wpagy3b3Y8566FWZ354fMjlz7ZmYYJzg+GT1ruGl/lvwXZkQTzMyvpGgBM5ShUmopVswN3Cv/+M1UTU8lto1fnTFJb2bu$ > _domainkey IN TXT "t=y; o=-" > My Maddog domain dns entries: > mail._domainkeyv=DKIM1; g=*; k=rsa; t=y; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiAB > Gx96PvDMrqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2 > 705G/gicNRlbP4ZjPTL2yqshKy1DNRfw4vSgUpMRfQVfcPeag32geSayoVEm > u+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB1 Hour > _domainkeyt=y; o=-1 Hour > > Tests DONE: > mail.log shows > Sep 26 23:51:48 hostname dkim-filter[6880]: 7440A1C72EFF mode select: signing > tests online: > http://domainkeys.sourceforge.net/policycheck.html > > Testing example.com > > Policy TXT=t=y; o=- > > This policy record appears valid. > > http://domainkeys.sourceforge.net/selectorcheck.html > > mail._domainkey.example.com > > TXT Record length = 230 > > k=rsa; t=y; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiABGx96PvDM > > ...rqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2705G/gicNRlbP4ZjPTL2yqshKy1D > > ...NRfw4vSgUpMRfQVfcPeag32geSayoVEmu+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB > > This selector appears valid. > > TagValueExplanation > krsaThe public key algorithm used to verify the signature > pMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB > gQCdVfaH7HsphCUPCmEi...Modulus Size=1024 > Exponent=65537 > tyThis Selector is in test mode > > EMAIL RESPONSES FROM YAHOO HEADERS: > > Received-SPF: pass (mta1259.mail.ac4.yahoo.com: domain of exam...@example.com > designates "MY IP" as permitted sender) > > X-YMailISG: c.gT32wcZAq6BhWv1Ruvg855nFbd_y5ko.Kp_udqSapMrJKA > > _49jz8gJqUMIJbLm7CB1JrGSYyus_6sTpfVpBb_Eamd3vwqlgv2.mcBfIQhn > > IHf9p9h26.gUl4Mg8qVCm1sWDZz4ZsFzTul5hOI9MDKEwuKH7PNx_NfppAfE > > T5yYi9rUFe8Un5RdTeTj0ExUnwD1t9YG._qzYUX9o.MDd2JawZ.Vxy9.uHYa > > fj.ss65SfUrVBJ1myXnc8XQBbCPi6wUV_HgmiTsUyxaLEo3woAP_fPVtuz4C > > OqC5sB_Qc9FOzuNnnxYKbUa7lXPLDy.9ALT6BpRt7CeCL0LhJOSwM02g4ikf > > 4K9sZ2eFGS3uQ_IFJxEt_asaa2lOaFkwooP6YdqAtWwAOjDoDRnE1ecv6MUf > > bVhVJGgMksYXb.faMi0EriW1vkBqFu3hcwwQUSbi75TTCWN3ScBbSb1njm5X > > 2dmWhYkox602qDW4pzXoZIQ2gmNB > > X-Originating-IP: [MY IP] > > Authentication-Results: mta1259.mail.ac4.yahoo.com from=example.com; > domainkeys=neutral (no sig); from=example.com; dkim=permerror (bad sig) > > DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=zaaam.com; s=mail; > > t=1285544437; bh=+RXOTVB28eXhx0k/tu8av/BLmD8wZpkVU5Pa6hB6w4I=; > > h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type; > > b=bu3Eqt4KXl2um8ivT6+BHKDLYTibUHK6eTAmYMPW9vDVVyg2lqfzntL06n5bBe4AK > > BagYp+tKc8dtY+q+uH4uFHUOHwV03ZrUdcCNMjaFkR+jTUuC8yCrr0kTZSc9GhsVUr > > v9MaeaOKra20C9+dgeXhjfTUDvGI1bniquZA/ITc= > > EMAIL RESPONSES FROM GMAIL HEADERS: > > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > em...@example.com designates "MY IP" as permitted sender) > smtp.mail=em...@example.com; dkim=hardfail (test mode) header...@example.com > Received: from host.example.com (host.example.com [LAN IP]) > by host.example.com (Postfix) with ESMTP id 9C8431C72F00 > for <em...@gmail.com>; Sun, 26 Sep 2010 23:51:48 +0000 (GMT) > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaaam.com; s=mail; > t=1285545108; bh=p8pafqTNhtsModsSazJmcokGeAFPfXlSGnULI/Z7QDU=; > h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type; > b=UlDd4VZo826VxOkDdNR5ER+3jGjMRiPQoB5lEdPWKSUvbibdqTGQmL5PrIKoZpIqX > c7DGlc504Y1FCQb/pW8M2bYNtrt5nRfJ9XqlfdE9as9ECb44KoqJZCldvBEvCZSCYo > hQEMUT2LeDezo+EtEpgXAmO87pWN8QaxbKY2a9J0= > > I'm out of ideas... full day trying and testing this?!?!?! What can be wrong? > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > dkim-milter-discuss mailing list > dkim-milter-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > -- Regards... Todd I seek the truth...it is only persistence in self-delusion and ignorance that does harm. -- Marcus Aurealius ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
