DKIM: Difference between revisions

From DWIKI
Line 82: Line 82:
Probably means you have no DNSSEC
Probably means you have no DNSSEC


 
==opendkim-testkey: keys do not match==
probably means double check Keytable


== opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory ==
== opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory ==

Revision as of 09:31, 16 June 2022

DomainKeys Identified Mail

Links

 


OpenDKIM Howto

cd /etc/opendkim/keys

The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files

opendkim-genkey -s somename -d domain.name

Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim

SigningTable

  1. somename is the first field in Keytable
*@domain.name somename

KeyTable

Here the name of the selector (the part before ._domainkey) is the one you publish in dns

somename domain.name:selectorname:/path/to/somename.private

Configuration file /etc/opendkim.conf

Mode    s
KeyTable        /etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable

Postfix

In /etc/postfix/main.cf:

 

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

 

Checking

opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private

This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.

WARNING:Unsafe permissions

make readable for user opendkim only

FAQ

opendkim: no signing table match for

In opendkim.conf use:

refile:/etc/opendkim/SigningTable

opendkim-testkey key not secure

Probably means you have no DNSSEC

opendkim-testkey: keys do not match

probably means double check Keytable

opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory

Means it's defined in opendkim.conf, and you're not using KeyTable

 

This doesn't seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode

??