Hi All, I'm trying to get DKIM signing working on our postfix mail server.
We have a wildcard domain *.school.kiwi. We are providing a mail service for our clients - who each have their own sub-domain eg. abc.school.kiwi or cde.school.kiwi I have two servers, both are identical setups running centOS and Postfix 2. One is named mx01.school.kiwi and the other is named mx02.school.kiwi Note: When I created the 'default.private' - I did so on mx01 and copied it to mx02 so they are the same. I assume this is the correct approach ? I've followed the instructions per this page: https://www.stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/ > opendkim: OpenDKIM Filter v2.11.0 I've set up my KeyTable: > default._dkim.school.kiwi > school.kiwi:default:/etc/opendkim/keys/school.kiwi/default.private And my SigningTable: > *school.kiwi default._dkim.school.kiwi > > > .school.kiwi default._dkim.school.kiwi > > This is the current setup. I've tried different variations including *@school.kiwi, *@*school.kiwi, *@.school.kiwi and *@*.school.kiwi My TrustedHosts: > 127.0.0.1 > > > ::1 > > > school.kiwi > > > .school.kiwi > > And finally opendkim.conf itself with: > # KeyFile /etc/opendkim/keys/default.private > KeyTable /etc/opendkim/KeyTable > SigningTable refile:/etc/opendkim/SigningTable > ExternalIgnoreList refile:/etc/opendkim/TrustedHosts > InternalHosts refile:/etc/opendkim/TrustedHosts This is what I see in the /var/lo/maillog when I send an e-mail to my gmail account. > Dec 13 14:53:07 mx02 postfix/pickup[19928]: 280D82084426: uid=0 > from=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi> > Dec 13 14:53:07 mx02 postfix/cleanup[20008]: 280D82084426: > message-id=<fndqjlkx4fdbrd6gt1eku...@school.kiwi> > Dec 13 14:53:07 mx02 postfix/qmgr[18077]: 280D82084426: > from=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi>, size=4645, nrcpt=1 (queue > active) > Dec 13 14:53:08 mx02 postfix/smtp[20036]: Untrusted TLS connection > established to gmail-smtp-in.l.google.com[108.177.97.27]:25: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Dec 13 14:53:09 mx02 postfix/smtp[20036]: 280D82084426: > to=<abcdefghi...@gmail.com>, > relay=gmail-smtp-in.l.google.com[108.177.97.27]:25, delay=2.4, > delays=0.01/0/1.6/0.81, dsn=2.0.0, status=sent (250 2.0.0 OK 1513130134 > 33si417943ply.308 - gsmtp) > Dec 13 14:53:09 mx02 postfix/cleanup[20008]: 8A3D22084427: > message-id=<20171213015309.8a3d22084...@mx02.school.kiwi> > Dec 13 14:53:09 mx02 postfix/bounce[20012]: 280D82084426: sender delivery > status notification: 8A3D22084427 > Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 8A3D22084427: from=<>, size=2632, > nrcpt=1 (queue active) > Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 280D82084426: removed > Dec 13 14:53:09 mx02 postfix/pipe[20013]: 8A3D22084427: > to=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi>, relay=schoolkiwi, > delay=0.06, delays=0/0/0/0.06, dsn=2.0.0, status=sent (delivered via > schoolkiwi service) > Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 8A3D22084427: removed > When I view a received e-mail, I can see the following line in the message headers. > DKIM-Filter: OpenDKIM Filter v2.11.0 mx02.school.kiwi 7A8CB2084426 But not DKIM signature itself. I've obviously something, but not sure what to look at next. Any assistance appreciated to get this working with emails from n...@anysubdomain.school.kiwi thanks Kent.
