Apr 9 09:40:14 rx200 mail.info opendkim[4396]: C03DE1014429:
foobar.example.com [192.0.2.10] not internal
It seems that the domain you want to sign is not in the KeyTable or
SigningTable! Note that if you put "refile:" before config file path in
/etc/opendkim.conf the syntax changes!
If
What's your key-size?
My DNS provider does not support 2048, I found it out the hard way. 1024
seems to be the most popular size and google demands at least 1024.
Ounce you get the signing working you can regen a 2048 and check if you
can feed it in DNS TXT, but for first testing stick to 1024
Why do use
inet:localhost:8891
Instead of a socket?
I conf'ed it using this tutorial:
https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = local:opendkim/opendkim.sock
The sockets are relative
Thank you for quick responses!
Dominic Raferd's reply was the most helpful and a good how-to :)
Just to summarize, how many From sender spoofing methods are there?
1) envelope-sender (What Viktor said)
2) Header FromĀ senderĀ (What Dominic said)
3) Privileged domain in text sender (What Dominic