Only these references to opendkim I found out in syslog:
Dec 3 14:35:09 debian systemd[1]: Stopping OpenDKIM DomainKeys
Identified Mail (DKIM) Milter...
Dec 3 14:35:13 debian opendkim[420]: OpenDKIM Filter: mi_stop=1
Dec 3 14:35:13 debian opendkim[420]: OpenDKIM Filter v2.11.0
terminating with status 0, errno = 0
Dec 3 14:35:13 debian systemd[1]: opendkim.service: Succeeded.
Dec 3 14:35:13 debian systemd[1]: Stopped OpenDKIM DomainKeys
Identified Mail (DKIM) Milter.
Dec 3 14:35:13 debian systemd[1]: Starting OpenDKIM DomainKeys
Identified Mail (DKIM) Milter...
Dec 3 14:35:13 debian systemd[1]: Started OpenDKIM DomainKeys
Identified Mail (DKIM) Milter.
Dec 3 14:35:13 debian opendkim[25690]: OpenDKIM Filter v2.11.0 starting
(args: -x /etc/opendkim.conf)
My opendkim.conf is here
# This is a basic configuration that can easily be adapted to suit a
standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2022' (e.g. 2022._domainkey.example.com)
Domain hope.cz
KeyFile /etc/dkimkeys/dkim.key
Selector 2022
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization simple
Mode sv
SubDomains no
# Socket smtp://localhost
#
# ## Socket socketspec
# ##
# ## Names the socket where this filter should listen for milter
connections
# ## from the MTA. Required. Should be in one of these forms:
# ##
# ## inet:port@address to listen on a specific interface
# ## inet:port to listen on all interfaces
# ## local:/path/to/socket to listen on a UNIX domain socket
#
#Socket inet:8892@localhost
Socket local:/var/run/opendkim/opendkim.sock
## PidFile filename
### default (none)
###
### Name of the file where the filter should write its pid before beginning
### normal operations.
#
PidFile /var/run/opendkim/opendkim.pid
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this
file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package
# ResolverConfiguration /etc/unbound/unbound.conf
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound
documentation
## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
LogResults yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
Can you see amy problem?
Thanks
On 03/12/2024 12:56, Bluejay Adametz via Postfix-users wrote:
Is it possible to upgrade OpenDKIM only?Will it solve the problem?
Are you sure your opendkim version is the problem and verifier.port25.com isn't just
saying "maybe your version might be the problem", especially since it's talking
about PowerMTA and not opendkim?
Send yourself an Email and examine the headers to see if there actually IS a DKIM
signature. Check your mail logs to see if you're signing at all (you're looking for
"DKIM-Signature field added"), and if not, why.
These options in your opendkim.conf should help:
Syslog yes
SyslogSuccess yes
LogWhy yes
LogResults yes
- Bluejay Adametz
I don't mind going nowhere
as long as it's an interesting path. - Ronald Mabbitt
NOTICE: This message, including any attachments, is only for the use of the
intended recipient(s) and may contain confidential, sensitive and/or privileged
information, or information otherwise prohibited from dissemination or
disclosure by law or regulation, including applicable export regulations. If
the reader of this message is not the intended recipient, you are hereby
notified that any use, disclosure, copying, dissemination or distribution of
this message or any of its attachments is strictly prohibited. If you received
this message in error, please contact the sender immediately by reply email and
destroy this message, including all attachments, and any copies thereof.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
--
This email has been checked for viruses by Avast antivirus software.
www.avast.com
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
