Think you are missing something like this in main.cf
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
http://www.postfix.org/postconf.5.html#smtpd_milters
On 2017-12-13 03:10, Kent wrote:
Hi All,
I'm trying to get DKIM signing working on our postfix mail server.
We have a wildcard domain *.school.kiwi. We are providing a mail
service for our clients - who each have their own sub-domain eg.
abc.school.kiwi or cde.school.kiwi
I have two servers, both are identical setups running centOS and
Postfix 2. One is named mx01.school.kiwi and the other is named
mx02.school.kiwi
Note: When I created the 'default.private' - I did so on mx01 and
copied it to mx02 so they are the same. I assume this is the correct
approach ?
I've followed the instructions per this page:
https://www.stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/
opendkim: OpenDKIM Filter v2.11.0
I've set up my KeyTable:
default._dkim.school.kiwi
school.kiwi:default:/etc/opendkim/keys/school.kiwi/default.private
And my SigningTable:
*school.kiwi default._dkim.school.kiwi
.school.kiwi default._dkim.school.kiwi
This is the current setup. I've tried different variations including
*@school.kiwi, *@*school.kiwi, *@.school.kiwi and *@*.school.kiwi
My TrustedHosts:
127.0.0.1
::1
school.kiwi
.school.kiwi
And finally opendkim.conf itself with:
# KeyFile /etc/opendkim/keys/default.private
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
This is what I see in the /var/lo/maillog when I send an e-mail to
my gmail account.
Dec 13 14:53:07 mx02 postfix/pickup[19928]: 280D82084426: uid=0
from=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi>
Dec 13 14:53:07 mx02 postfix/cleanup[20008]: 280D82084426:
message-id=<fndqjlkx4fdbrd6gt1eku...@school.kiwi>
Dec 13 14:53:07 mx02 postfix/qmgr[18077]: 280D82084426:
from=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi>, size=4645, nrcpt=1
(queue active)
Dec 13 14:53:08 mx02 postfix/smtp[20036]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[108.177.97.27]:25: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Dec 13 14:53:09 mx02 postfix/smtp[20036]: 280D82084426:
to=<abcdefghi...@gmail.com>,
relay=gmail-smtp-in.l.google.com[108.177.97.27]:25, delay=2.4,
delays=0.01/0/1.6/0.81, dsn=2.0.0, status=sent (250 2.0.0 OK
1513130134 33si417943ply.308 - gsmtp)
Dec 13 14:53:09 mx02 postfix/cleanup[20008]: 8A3D22084427:
message-id=<20171213015309.8a3d22084...@mx02.school.kiwi>
Dec 13 14:53:09 mx02 postfix/bounce[20012]: 280D82084426: sender
delivery status notification: 8A3D22084427
Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 8A3D22084427: from=<>,
size=2632, nrcpt=1 (queue active)
Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 280D82084426: removed
Dec 13 14:53:09 mx02 postfix/pipe[20013]: 8A3D22084427:
to=<fndqjlkx4fdbrd6gt1eku...@hooks.school.kiwi>, relay=schoolkiwi,
delay=0.06, delays=0/0/0/0.06, dsn=2.0.0, status=sent (delivered via
schoolkiwi service)
Dec 13 14:53:09 mx02 postfix/qmgr[18077]: 8A3D22084427: removed
When I view a received e-mail, I can see the following line in the
message headers.
DKIM-Filter: OpenDKIM Filter v2.11.0 mx02.school.kiwi 7A8CB2084426
But not DKIM signature itself. I've obviously something, but not
sure what to look at next.
Any assistance appreciated to get this working with emails from
n...@anysubdomain.school.kiwi
thanks
Kent.
