* Enrico Morelli via Postfix-users <[email protected]>:
> Dear all,
>
> I tried to configure my mail server to use DKIM to sign outgoing mails on my
> Debian 11 with Postfix 3.5.25 and OpenDKIM 2.11.0.
>
> Seems that Postfix is not calling the milter.
How would you tell? Did you look at the log? Did you send a message and
there's no DKIM signature?
> My main.cf configuration related to the milters:
>
> ## To use rspamd and DKIM
> smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:11332
> non_smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:11332
> milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
> milter_default_action = accept
> milter_protocol = 6
>
> The OpenDKIM seems configured well:
>
> # opendkim-testkey -d cerm.unifi.it -s default -vvv
> opendkim-testkey: using default configfile /etc/opendkim.conf
> opendkim-testkey: key loaded from
> /etc/opendkim/keys/cerm.unifi.it/default.private
> opendkim-testkey: checking key 'default._domainkey.cerm.unifi.it'
> opendkim-testkey: key not secure
> opendkim-testkey: key OK
>
> In the opendkim.conf I had set:
>
> Socket inet:[email protected]
>
> and it is running:
>
> # ss -lnpt | grep 8891
> LISTEN 0 4096 127.0.0.1:8891 0.0.0.0:*
> users:(("opendkim",pid=2382553,fd=3))
>
> Using "journalctl -u opendkim -f" to check what happens when I try to send an
> email, nothing appears. I
> see only DKIM verifications
>
> I addedd
> debug_peer_level = 3
> debug_peer_list = 127.0.0.1
>
> to main.cf to check for connections problem, but nothing appears.
Did you configure opendkim to verify *and* sign messages? From the docs:
## Selects operating modes. Valid modes are s (sign) and v (verify). Default
is v.
## Must be changed to s (sign only) or sv (sign and verify) in order to sign
outgoing
## messages.
Mode s
Did you send a message that specifies an envelope sender *and* a From:-header?
> Where can I investigate?
# opendkim.conf
## Log additional entries indicating successful signing or verification of
messages.
SyslogSuccess yes
## If logging is enabled, include detailed logging about why or why not a
message was
## signed or verified. This causes an increase in the amount of log data
generated
## for each message, so set this to No (or comment it out) if it gets too
noisy.
LogWhy yes
p@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
