On Mon, May 23, 2016 at 05:29:33PM +0100, list...@tutanota.com wrote: > I am testing dkim signing on my Postfix server. I am using the > opendkim milter. > > For sending mail to other domains, external and not mine, the > signing is working okay. > > But when I test it at the command line using 'sendmail' on the > Postfix server, where I am sending to my own domain > > sendmail -i -f root -t <<DKIMTEST
Do you have non_smtpd_milters set? This doesn't look like a very good test to me. "root" is not an email address. You're counting on Postfix to make it complete. > From: d...@mail.example.com > To: u...@example.com > Subject: test > test > DKIMTEST > > I receive the email but it is not DKIM signed. > > In my logs I have only this > > May 22 09:07:28 mail postfix/pickup[26683]: 3rD3N05mHTz2xDs: > uid=0 from=<root> > May 22 09:07:28 mail postfix/cleanup[26971]: 3rD3N05mHTz2xDs: > message-id=<3rd3n05mhtz2...@mail.example.com> > May 22 09:07:28 mail postfix/qmgr[26682]: 3rD3N05mHTz2xDs: > from=<r...@mail.example.com>, size=316, nrcpt=1 (queue active) (Which it did by appending @$myorigin, as you see here. And BTW, testing such as this really should not be done as root.) > May 22 09:07:29 mail postfix/relay/smtp[26984]: > 3rD3N05mHTz2xDs: to=<u...@example.com>, > relay=mail2.example.com[192.168.1.101]:10001, delay=0.62, > delays=0.02/0.01/0.36/0.23, dsn=2.0.0, status=sent (250 2.0.0 Ok: > queued as 0CC5A102F2D) > May 22 09:07:29 mail postfix/qmgr[26682]: 3rD3N05mHTz2xDs: removed > > In my master.cf I have this Postfix listener > > relay unix - - n - - smtp That's not a listener. That's a client. > -o syslog_name=postfix/relay > -o smtp_bind_address=192.168.1.101 > -o smtp_connect_timeout=5 > -o smtp_helo_timeout=5 > > and in the main.cf > > relay_domains = lmdb:/etc/postfix/relay_transports > transport_maps = lmdb:/etc/postfix/relay_transports > > and > > /etc/postfix/relay_transports > example.com relay-vpn:[mail2.example.com]:10001 And you are not using that client according to what you showed us. There's another one called "relay-vpn" which you didn't show. > ... > > I think it is the last piece to touch the email before it is > delivered? > > But I dont think I can add this > > -o smtpd_milters=unix:/var/run/opendkim/opendkim.sock > > to the relay listener because it is smtp, not smtpd? That's correct. > What can I do to make the self-sent message to my own domain be > signed by the milter? smtpd_milters, as documented, ONLY applies to mail received via smtpd. You used sendmail(1) to send this. You can add > -o smtpd_milters=unix:/var/run/opendkim/opendkim.sock to your master.cf submission command, and test using submission. Another choice is as suggested above, non_smtpd_milters. > I think I just need to understand *where* to put it correctly. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
