View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions DKIM with Postfix (Ubuntu 12.04)
Log in to Ask a Question

DKIM with Postfix (Ubuntu 12.04)

email

I'm trying to set up DKIM on my Postfix Mail Server, and I can't see to get it right. This is the error I get when I test:

casey@cosmos:~$ sudo opendkim-testkey -d friday-next.com -s fnmail -k /etc/mail/fnmail.private -vvv
opendkim-testkey: key loaded from /etc/mail/fnmail.private
opendkim-testkey: checking key 'fnmail._domainkey.friday-next.com'
opendkim-testkey: syntax error in key data (ASCII 0x49 at offset 18)

Here are my entries in the Linode DNS manager:

name = fnmail._domainkey
value = v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPp6yCuv7p0Y0mAq1DpstOF7BqnmJivvexUarDDp5ohrqSysLbrlxCXmMb8WhCpUL+n6yHD+zD3PZH+PC9sZPzuU1d4inNGb8c7GRd1Wksyw5J+x6nPEoGs+QziEN10DIOuEcHoxEttStI8Skxo+562ecyCAdVi8vHZvAbKTe7LQIDAQAB

name = domainkey
value = t=y; o=~;

I didn't copy the entire fnmail.txt file, just the part in the quotes. When I first copied the entire .txt file into value, this was the error I got:

casey@cosmos:~$ sudo opendkim-testkey -d friday-next.com -s fnmail -k fnmail.private -vvv
opendkim-testkey: key loaded from fnmail.private
opendkim-testkey: checking key 'fnmail._domainkey.friday-next.com'
opendkim-testkey: 'fnmail._domainkey.friday-next.com' record not found

Is this an issue of the DNS value not propagating because it takes a while, or am I missing something easy here? Also, when I set up the values in /etc/opendkim.conf for Domain, Keyfile, and Selector - do I just add more of those in that same config file for the other domains on my Linode?

3 Replies

I waited a bit longer, and I'm now getting the following successful output from the test:

casey@cosmos:~$ sudo opendkim-testkey -d friday-next.com -s fnmail -k /etc/mail/fnmail.private -vvv
opendkim-testkey: key loaded from /etc/mail/fnmail.private
opendkim-testkey: checking key 'fnmail._domainkey.friday-next.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK

When I sent a test message, I could see the header was being successfully added to the message, so all is well! Now my question is how do I enable DKIM for all mail-account domains on my Linode?

I have these lines in my /etc/opendkim.conf file:

Domain                  friday-next.com
KeyFile                       /etc/mail/fnmail.private
Selector                      fnmail

Do I simply repeat those lines for every domain that needs DKIM on my Linode?

I used KeyTable and SigningTable to achieve DKIM for multiple domains on the same Linode. You can find the tutorial I used here:

http://blog.tjitjing.com/index.php/2012 … ebian.html">http://blog.tjitjing.com/index.php/2012/03/guide-to-install-opendkim-for-multiple-domains-with-postfix-and-debian.html

@casey_friday: 

opendkim-testkey: checking key 'fnmail._domainkey.friday-next.com'
opendkim-testkey: key not secure


Glad you seem to have everything sorted. If you want to get rid of the "key not secure" warning you'll want to change the ownership/permissions on the private key files to make them unreadable by anyone but the user that opendkim is running under.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct