Thanks for the responses to my previous post regarding DKIM signatures,
I have DMARC working as well and testing some new SA rules now.
I want to LDAP SigningTable and KeyTable, where we already have Postfix
transport and other lookup records. But I continue to receive no signing
table match unless I put the entire email....
opendkim[97334]: 7A761D7BC7: no signing table match for 'w...@example.com'
This is what I'm using in my opendkim.conf file:
#LDAPAuthMechanism simple
LDAPBindPassword <snip>
LDAPBindUser <snip>
LDAPUseTLS false
SigningTable
ldaps://directory.example.com/ou=Domains,dc=example,dc=com?DKIMSelector?sub?(DKIMIdentity=$d)
KeyTable
ldaps://directory.example.com/ou=Domains,dc=example,dc=com?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
#MultipleSignatures yes
I get an error when trying to use the mechanism that the authentication
is not supported even though I have LDAP support in opendkim and it
works with full email in the DKIMIdentity attribute value. This is an
example layout of how I have records I have now, I've only found one
post on the web as guidance:
# example.com, Domains, example.com
dn: dc=example.com,ou=Domains,dc=example,dc=com
dc: example.com
objectClass: dNSDomain
objectClass: top
objectClass: inetLocalMailRecipient
objectClass: ipHost
objectClass: domainRelatedObject
objectClass: DKIM
mailRoutingAddress: x.x.x.x
DKIMSelector: default
DKIMDomain: example.com
DKIMIdentity: @example.com
DKIMKey: <snip>
cn: example.com
mailLocalAddress: mail.example.com
ipHostNumber: x.x.x.x
associatedDomain: anotherdomain.com
Do I have the DKIM attributes setup correctly or how can I get it to
match for all mail on the domain?
The opendkim mailing lists still appear to be down :(
--
Robert
