dkim help with dkim-milter, ubuntu 10.04 and postfix

Hi,

I have been trying to set up my linode to mostly send emails without getting them dumped into junkmail, or worse just being discarded. To that end I have configured spf, which seems to be working. Then the other thing I was going to do was dkim. However, following many guides on the subject, I have installed dkim-milter with postfix, but there are a few problems:

The main problem is I can't seem to get it to sign my emails. I send an email from my computer using smtp, and it simply looks like there is no dkim signature attached. I sent to check-auth@verifier.port25.com, and it said neutral message not signed. This seems odd, as i have followed the steps in the articles I found exactly, putting the supposedly right config in postfix's files, quoted below:

milterdefaultaction = accept

milter_protocol = 2

smtpd_milters = inet:localhost:8891

nonsmtpdmilters = inet:localhost:8891

However, it simply will not sign. I have no idea where this is going wrong, as there is no sign in the /var/log/mail.log that any milters are being called, nor can I find a dkim-milter log. Any help is appreciated to troubleshoot this issue. If you need me to send you an email to inspect the headers I will gladly do so.

Thanks,

-Michael.

5 Replies

Hi,

I finally hit on a keyword in google that allowed me to (hopefully) understand why this wasn't working: I need to add my other email servers to the internal hosts file. However, this only solves the problem when the host has a static IP E.G. on other linodes i have. In the case of me sending from my computer at home, it does no good. So is there any way to get dkim-milter to sign emails from authenticated users E.G. using SASL?

Thanks,

-Michael.

Hi,

Ok, maybe I've got something wrong still. I tried doing a test after figuring out that by default it only signs emails from 127.0.0.1, and sure enough gmail did not report any dkim results, whether negative, positive, or anything else. This makes me think that for some reason it's not signing… but Why.

Thanks,

-Michael.

First, dkim-milter is obsolete and should be replaced with OpenDKIM

However to troubleshoot your problems, consider the following:

Is the service running and listening? netstat -ltnp
If so, is it working for verifying incoming emails that are dkim signed? If it is then at least you know the service is talking to postfix, and it it probably something wrong with your signing config. Do you have the dkim-milter configuration and signing keys properly set up to sign for the domains you are sending from?

@Stever:

First, dkim-milter is obsolete and should be replaced with OpenDKIM

However to troubleshoot your problems, consider the following:

Is the service running and listening? netstat -ltnp
If so, is it working for verifying incoming emails that are dkim signed? If it is then at least you know the service is talking to postfix, and it it probably something wrong with your signing config. Do you have the dkim-milter configuration and signing keys properly set up to sign for the domains you are sending from?
Ok, here goes:

I switched to opendkim, not so hard, but still appears to have this error – but no errors in the log at all related to open dkim, in fact nothing except start and stop and restart notifications.

Yes, it appears to be listening properly, tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 11870/opendkim (sorry about any poor spacing in that last one, my screen reader can often copy things from ssh weirdly).

Not sure about postfix, although I'd guess it is not even communicating with it, as like I said there's not a whisper in /var/log/mail.log to do with dkim except for stop and start notifications.

I put the following in the /etc/postfix/main.cf:

# DKIM
milter_default_action = accept
 milter_protocol = 2
 smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Not sure why it's not talking, but I'd guess that's why it's not signing.

Any help is appreciated.

-Michael.

Hi,

Well after a bit more googling (who would'a thought that googling 'why won't postfix and opendkim work together' or something similar would produce results) I found that if I use postconf -e, it works fine. However if i simply use nano to update /etc/postfix/main.cf… no go. So that's what i did.

After quite a bit more googling and troubleshooting…

…I have it working! woo hoo!

Just one question: Is it supposed to sign for any email that originates, say, from my home computer but is sent through the mail server with smtp? E.G. if I send an email from my home computer to somewhere else, but use my own email server as the smtp server to send to say, a gmail address, should it sign? It looks like it's doing that -- and this is just what I want it to do -- but just wanted to make sure everything is working right and in a week or two it won't suddenly stop signing emails that aren't in the InternalHosts file :)

-Michael.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct