[pfx] Re: Incoming OpenDKIM signature verification failing

Marvin Renich via Postfix-users: > * Matus UHLAR - fantomas via Postfix-users > [250513 10:08]: > > > Matus UHLAR - fantomas via Postfix-users: > > > > These should not be used globally but only at submission level. > > > > > > > > This can be achieved by using separate postfix instance for subm

[pfx] Re: Incoming OpenDKIM signature verification failing

* Matus UHLAR - fantomas via Postfix-users [250513 10:08]: > > Matus UHLAR - fantomas via Postfix-users: > > > These should not be used globally but only at submission level. > > > > > > This can be achieved by using separate postfix instance for submitted mail > > > - I don't see possibility of

[pfx] Re: Incoming OpenDKIM signature verification failing

On 10.05.25 13:32, Ken Biggs via Postfix-users wrote: > So continuing the saga ... digging into /etc/postfix/header_checks I found > a revision I made back in January to try to keep our outgoing email from > having headers with the IP address of the email client that sent the email > to the serve

[pfx] Re: Incoming OpenDKIM signature verification failing

On 11/05/2025 07:45, Dmitriy Alekseev via Postfix-users wrote: You can drop received header without dedicated postfix, just do it with milter instead. Rspamd can do it for you with very small Lua script, and do SPF/DKIM/DMARC & ARC all together. This discussion has reminded me of an option tha

[pfx] Re: Incoming OpenDKIM signature verification failing

You can drop received header without dedicated postfix, just do it with milter instead. Rspamd can do it for you with very small Lua script, and do SPF/DKIM/DMARC & ARC all together. -- *Best Regards,* Dmitriy Alekseev DevOps Engineer On Sat, 10 May 2025, 21:37 Ken Biggs via Postfix-users, < pos

[pfx] Re: Incoming OpenDKIM signature verification failing

Thank you all so much for all your help! I don't think I'm up for setting up a separate postfix instance for outgoing email. It's pretty obvious I'm a novice working with Postfix. Actually not really sure if removing the Received headers was accomplishing anything anyway. Google doesn't give

[pfx] Re: Incoming OpenDKIM signature verification failing

Matus UHLAR - fantomas via Postfix-users: > On 10.05.25 13:32, Ken Biggs via Postfix-users wrote: > > So continuing the saga ... digging into /etc/postfix/header_checks I found > > a revision I made back in January to try to keep our outgoing email from > > having headers with the IP address of

[pfx] Re: Incoming OpenDKIM signature verification failing

On 10.05.25 13:32, Ken Biggs via Postfix-users wrote: So continuing the saga ... digging into /etc/postfix/header_checks I found a revision I made back in January to try to keep our outgoing email from having headers with the IP address of the email client that sent the email to the server and

[pfx] Re: Incoming OpenDKIM signature verification failing

On 2025-05-10 at 14:51:36 UTC-0400 (Sat, 10 May 2025 20:51:36 +0200) Dmitriy Alekseev via Postfix-users is rumored to have said: Can you say why do you drop Mime-Version header? This should never be done! Indeed. It is also worth noting that missing that header in a MIME message correlates w

[pfx] Re: Incoming OpenDKIM signature verification failing

Can you say why do you drop Mime-Version header? This should never be done! You can without issues drop some received header, but your regex is bad. On Sat, 10 May 2025, 20:33 Ken Biggs via Postfix-users, < postfix-users@postfix.org> wrote: > So continuing the saga ... digging into /etc/postfix/h

[pfx] Re: Incoming OpenDKIM signature verification failing

So continuing the saga ... digging into /etc/postfix/header_checks I found a revision I made back in January to try to keep our outgoing email from having headers with the IP address of the email client that sent the email to the server and maybe keep Gmail from marking our outgoing email as SPA

[pfx] Re: Incoming OpenDKIM signature verification failing

On May 10, 2025 5:57:34 PM UTC, Dan Mahoney via Postfix-users wrote: >Mime-version was listed as a signed header but was absent. > >I suspect his header checks cleaned that out. > >Note that having a header listed in the H equals list, but having that header >be absent is legal, but I don’t kn

[pfx] Re: Incoming OpenDKIM signature verification failing

via Postfix-users skrev den 2025-05-09 16:18: > [...] >> your mail gives this result here > > Benny, you should read mail more carefully. I am not the OP and don't have > the problem. > >> On 09.05.25 17:00, Phil Stracchino via Postfix-users wrote: >> Conside

[pfx] Re: Incoming OpenDKIM signature verification failing

not the OP and don't have the problem. On 09.05.25 17:00, Phil Stracchino via Postfix-users wrote: Consider replacing policyd-spf, opendkim, AND opendmarc with rspamd. It does all of those jobs, does them *better*, and is actively maintained. This advice is irelevant, because none of the

[pfx] Re: Incoming OpenDKIM signature verification failing

Woo hoo! I think I found the issue! I'm guessing this is probably an obvious thing, but I went line by line through my main.cf and found: mime_header_checks = regexp:/etc/postfix/header_checks header_checks = regexp:/etc/postfix/header_checks Not sure when I added those (it's been quite a whil

[pfx] Re: Incoming OpenDKIM signature verification failing

dis=none) header.from=gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0...@xxx.com 1CD1B200DF Authentication-Results:y...@xxx.com; dkim=fail reason="signature verification failed" (2048-bit key, unprotected) header.d=gmail.comheader.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.

[pfx] Re: Incoming OpenDKIM signature verification failing

yyy.xxx.com 1CD1B200DF >> Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) >> header.from=gmail.com >> DKIM-Filter: OpenDKIM Filter v2.11.0...@xxx.com 1CD1B200DF >> Authentication-Results:y...@xxx.com; >> dkim=fail reason="signature verification failed" (

[pfx] Re: Incoming OpenDKIM signature verification failing

If any of those mailing lists are open, regular lists that I could be subscribed to, for testing, I’d be happy to try to do so to validate this for you. -Dan > On May 9, 2025, at 21:07, Nick Tait via Postfix-users > wrote: > > On 10/05/2025 15:29, Nick Tait via Postfix-users wrote: >> But of

[pfx] Re: Incoming OpenDKIM signature verification failing

On 10/05/2025 15:29, Nick Tait via Postfix-users wrote: But of course if the first scenario still exhibits the issue, then that probably disproves my theory immediately? Just thinking a bit more about this... If the first test fails, then you can compare the headers and body in the received em

[pfx] Re: Incoming OpenDKIM signature verification failing

yours, and (like Matus) I don't see any problems with OpenDKIM in my environment. So I agree that this is more likely a configuration/environment issue rather than a bug in OpenDKIM. My gut feel is that the email is being 'transposed' somewhere, after the Gmail server has generate

[pfx] Re: Incoming OpenDKIM signature verification failing

:11:37 xxx postfix/smtpd[815073]: 1CD1B200DF: client=mail-qk1-f169.google.com[209.85.222.169] May 9 15:11:37 xxx postfix/cleanup[815088]: 1CD1B200DF: message-id= May 9 15:11:37 xxx opendkim[671562]: 1CD1B200DF: mail-qk1-f169.google.com [209.85.222.169] not internal May 9 15:11:37 x

[pfx] Re: Incoming OpenDKIM signature verification failing

t=mail-qk1-f169.google.com[209.85.222.169] May 9 15:11:37 xxx postfix/cleanup[815088]: 1CD1B200DF: message-id= May 9 15:11:37 xxx opendkim[671562]: 1CD1B200DF: mail-qk1-f169.google.com [209.85.222.169] not internal May 9 15:11:37 xxx opendkim[671562]: 1CD1B200DF: not authenticated May

[pfx] Re: Incoming OpenDKIM signature verification failing

025-05-09 16:18: >> On 09.05.25 08:14, Ken Biggs via Postfix-users wrote: >>> Looking at the maillog, I notice policyd-spf is running before opendkim. >>> Could that be modifying the email before dkim validation? >> it should not. >> I use pyspf-milter which is

[pfx] Re: Incoming OpenDKIM signature verification failing

Matus UHLAR - fantomas via Postfix-users skrev den 2025-05-09 16:18: On 09.05.25 08:14, Ken Biggs via Postfix-users wrote: Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? it should not. I use pyspf-milter

[pfx] Re: Incoming OpenDKIM signature verification failing

On 09.05.25 08:14, Ken Biggs via Postfix-users wrote: Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? it should not. I use pyspf-milter which is from the same package I believe (python, there's also

[pfx] Re: Incoming OpenDKIM signature verification failing

Dnia 9.05.2025 o godz. 16:18:35 Matus UHLAR - fantomas via Postfix-users pisze: > I use pyspf-milter which is from the same package I believe (python, > there's also perl version policyd-spf) and it only accepts/rejects > e-mail and adds Authentication-Results: header. That may be the key. Check

[pfx] Re: Incoming OpenDKIM signature verification failing

omehow. I'm not using smtp proxy and I don't believe I have any content filter set up. I've tried running opendkim as the only milter (commenting out opendmarc and spamassassin). There were no changes to validation results. > On May 9, 2025, at 6:17 AM, Matus UHLAR - fantom

[pfx] Re: Incoming OpenDKIM signature verification failing

Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? > On May 9, 2025, at 8:04 AM, Ken Biggs via Postfix-users > wrote: > > I'm running spamass-milter. > /etc/mail/spamassassin/v312.pre al

[pfx] Re: Incoming OpenDKIM signature verification failing

On 09.05.25 12:58, Dmitriy Alekseev via Postfix-users wrote: Did maybe you considering spin up rspamd proxy + normal instead of sa+opendkim+opendmarc, even if you do not move in end to rspamd you will at least get what issue relates to. It useless to honestly trying to analyze eml with

[pfx] Re: Incoming OpenDKIM signature verification failing

Did maybe you considering spin up rspamd proxy + normal instead of sa+opendkim+opendmarc, even if you do not move in end to rspamd you will at least get what issue relates to. It useless to honestly trying to analyze eml with modifications due to anonymization in scope of understanding why dkim

[pfx] Re: Incoming OpenDKIM signature verification failing

On 08.05.25 15:06, Ken Biggs via Postfix-users wrote: OpenDKIM is failing signature verification on most incoming emails. Out of 1,146 incoming emails, 173 have been successfully verified and 973 have "bad signature data". The failing emails include email from google, amazon, sai

[pfx] Re: Incoming OpenDKIM signature verification failing

Nothing’s jumping out to me in your test message, other than that the mime-version header field is missing, but that’s legal. I might suggest trying the “Develop” branch of OpenDKIM from git, as there are some changes in that which *may* fix things, or at least…give something to compare. The

[pfx] Incoming OpenDKIM signature verification failing

OpenDKIM is failing signature verification on most incoming emails. Out of 1,146 incoming emails, 173 have been successfully verified and 973 have "bad signature data". The failing emails include email from google, amazon, sailthru, and many other reasonably technically capable fi

[pfx] Re: OpenDKIM is added twice

After I couldn't really get amavis to add the DKIM signature or verify the DKIM signature in conjunction with opendkim, I tried again with the settings in master.cf. Adding the following entries works wonderfully: submission inet n    -    y    -    -    smtpd   -o syslog_name=po

[pfx] Re: OpenDKIM is added twice

Hello! Here are my so far unsuccessful attempts to link opendkim with amavis in order to add or verify the DKIM signature to mails. _*/etc/opendkim.conf*_ Canonicalization    relaxed/simple Mode           sv SubDomains   no AutoRestart   yes

[pfx] Re: OpenDKIM is added twice

refused 2024-12-24T09:32:42.452405-06:00 axum postfix/amavis/smtp[2894]: 27613494CB: to=, relay=none, delay=505, delays=505/0.05/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused) Can you please tell me how you solved it with opendkim in amavis

[pfx] Re: OpenDKIM is added twice

.de> 2024-12-24T08:25:14.740324-06:00 axum opendkim[1028]: 6A6F348262: DKIM-Signature field added (s=default, d=meinedomain.de) 2024-12-24T08:25:14.834956-06:00 axum postfix/qmgr[1531]: 6A6F348262: from=, size=1005, nrcpt=1 (queue active) 2024-12-24T08:25:14.903476-06:00 axum postfix/amavis/smt

[pfx] Re: OpenDKIM is added twice

Hi Matus, As suggested by Wietse and you, I want to add the DKIM signature to amavis in conjunction with OpenDKIM, but I'm not yet where I need to be with the configuration. I manage to get a signature added, but there are problems with the socket. The following is configured in

[pfx] Re: OpenDKIM is added twice

y hash did not verify) header.i=@unimatrix030.de header.s=default header.b=kyrK6Z3o;* Perhaps I should test whether I let amavis handle the DKIM? Yeah, this should help. On systems with both amavis and opendkim I use amavis to dkim-sign. -- Matus UHLAR - fantomas, uh...@fantomas

[pfx] Re: OpenDKIM is added twice

If your content filter makes chnages to the content then that invalidates a DKIM signature. Best practice therefore is to verify signatures before making content changes, and to add signatures after making content changes. Wietse ___ Postfix-use

[pfx] Re: OpenDKIM is added twice

024 um 01:32 schrieb Wietse Venema via Postfix-users: Andreas Kuhlen via Postfix-users: Hello, I am running my Postfix server with Amavis, Spamassassin, Clamav and have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and receiving mail is working satisfactorily so far. However, I

[pfx] Re: OpenDKIM is added twice

Hi Wietse, thanks for your reply. Am 24.12.2024 um 01:32 schrieb Wietse Venema via Postfix-users: Andreas Kuhlen via Postfix-users: Hello, I am running my Postfix server with Amavis, Spamassassin, Clamav and have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and receiving

[pfx] Re: OpenDKIM is added twice

Andreas Kuhlen via Postfix-users: > Hello, > I am running my Postfix server with Amavis, Spamassassin, Clamav and > have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and > receiving mail is working satisfactorily so far. However, I noticed > today that a DKIM

[pfx] OpenDKIM is added twice

Hello, I am running my Postfix server with Amavis, Spamassassin, Clamav and have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and receiving mail is working satisfactorily so far. However, I noticed today that a DKIM signature field is inserted twice when I send a mail. The

[pfx] Re: smtp_header_checks and opendkim

Note: OpenDKIM does not require the (ancient, obsolete) setting ‘milter_protocol = 2’. It’s a cargo cult setting. Just drop it and leave it at the default. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to

[pfx] Re: smtp_header_checks and opendkim

Wietse Venema via Postfix-users: > Danil Smirnov via Postfix-users: > > Hi all, > > > > I want to manipulate the headers (add and replace) of the outgoing mail > > before the message is signed by Opendkim. If using smtp_header_checks I see > > that the signa

[pfx] Re: smtp_header_checks and opendkim

Danil Smirnov via Postfix-users: > Hi all, > > I want to manipulate the headers (add and replace) of the outgoing mail > before the message is signed by Opendkim. If using smtp_header_checks I see > that the signature is broken - probably because Opendkim has signed the > mess

[pfx] Re: smtp_header_checks and opendkim

On 18.11.23 18:16, Danil Smirnov via Postfix-users wrote: I want to manipulate the headers (add and replace) of the outgoing mail before the message is signed by Opendkim. If using smtp_header_checks I see that the signature is broken - probably because Opendkim has signed the message earlier in

[pfx] smtp_header_checks and opendkim

Hi all, I want to manipulate the headers (add and replace) of the outgoing mail before the message is signed by Opendkim. If using smtp_header_checks I see that the signature is broken - probably because Opendkim has signed the message earlier in the pipeline. The signing is configured via the

[pfx] Re: dkim and submission and opendkim

d_milters > >milter_default_action = accept > >spfpolicy_time_limit = 3600 > >milter_protocol = 6 > > > >DKIM is 8891, DMARC is 8892 we had questions that it is not signing those > >who use smtps or submission > > dmarc does no signing, DKIM does, but the milt

[pfx] Re: dkim and submission and opendkim

, DMARC is 8892 we had questions that it is not signing those who use smtps or submission dmarc does no signing, DKIM does, but the milter must decide to sign. look at your dkim config, with opendkim perhaps the "LogWhy" option. master.cf says smtps inet n

[pfx] dkim and submission and opendkim

Howdy, been out of sysadmining for a few years as I was promoted to network ops, but with dose of that-virus going round our office the sysadmin teams are all evicted for 2 weeks :) I need a refresher hand with DKIM, we have in main.cf smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8892 non_

[pfx] Re: postfix and opendkim

On 10.04.23 16:00, Fourhundred Thecat via Postfix-users wrote: I am setting up opendkim on my postfix server: what is the practical difference between using inet or UNIX domain socket in /etc/opendkim.conf ? UNIX domain socket must be in postfix chroot. That's why I use inet socke

[pfx] Re: postfix and opendkim

On 4/10/23 10:00, Fourhundred Thecat via Postfix-users wrote: Hello, I am setting up opendkim on my postfix server: I actually just recently *switched* from separate OpenDKIM, OpenDMARC, and spf-engine to letting rspamd (which is actively maintained) handle all of those. It's a si

[pfx] Re: postfix and opendkim

Fourhundred Thecat via Postfix-users: > Hello, > > I am setting up opendkim on my postfix server: > > what is the practical difference between using inet or UNIX domain > socket in /etc/opendkim.conf ? > > If I leave socket at the default settings: > >S

[pfx] Re: postfix and opendkim

what is the practical difference between using inet or UNIX domain socket in /etc/opendkim.conf ? @ http://www.opendkim.org/staging/opendkim-README see section "SOCKET SELECTION" What do I need to put into /etc/postfix/main.cf instead of inet:localhost ? smtpd_milters = inet

[pfx] postfix and opendkim

Hello, I am setting up opendkim on my postfix server: what is the practical difference between using inet or UNIX domain socket in /etc/opendkim.conf ? If I leave socket at the default settings: Socket local:/var/run/opendkim/opendkim.sock What do I need to put into /etc/postfix/main.cf

[pfx] Helping OpenDKIM and OpenDMARC

Hey there all, I am one of the people who has maintainer access to OpenDKIM and OpenDMARC. I use both regularly, but I’m also a novice as a C-coder. (Sysadmin, not developer). As mentioned in another thread, I don’t have access to the web hosting stuff or the list management stuff, though

Re: Postfix with opendkim generates "ssl error"

A sáb, 11-02-2023 às 14:37 -0500, Viktor Dukhovni escreveu: > On Sat, Feb 11, 2023 at 06:46:14PM +, Nicholas Jacobs wrote: > > > > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding > > > > routines:ASN1_get_object:header too long > > >

Re: Postfix with opendkim generates "ssl error"

On Sat, Feb 11, 2023 at 07:47:43PM +0100, Benny Pedersen wrote: > > No, I checked that too. > > opendkim-testkey -d complete-web-solutions.com -k > > /etc/dkimkeys/202302081.private -s 202302081 -v -x /etc/opendkim.conf > > gives: > > opendkim-testkey: key secure

Re: Postfix with opendkim generates "ssl error"

On Sat, Feb 11, 2023 at 06:46:14PM +, Nicholas Jacobs wrote: > > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding > > > routines:ASN1_get_object:header too long > > > opendkim[3223]: F29AA21C4C: dkim_eom(): resource unavailable: > > > d2i_Priv

Re: Postfix with opendkim generates "ssl error"

Nicholas Jacobs skrev den 2023-02-11 18:24: No, I checked that too. opendkim-testkey -d complete-web-solutions.com -k /etc/dkimkeys/202302081.private -s 202302081 -v -x /etc/opendkim.conf gives: opendkim-testkey: key secure is only dnssec ?, not if dkim pass ?, or both ?

Re: Postfix with opendkim generates "ssl error"

A sáb, 11-02-2023 às 13:33 -0500, Viktor Dukhovni escreveu: > On Sat, Feb 11, 2023 at 03:41:06PM +, nj140...@yahoo.com wrote: > > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding > > routines:ASN1_get_object:header too long > > opendkim[3223]: F29AA21C

Re: Postfix with opendkim generates "ssl error"

On Sat, Feb 11, 2023 at 03:41:06PM +, nj140...@yahoo.com wrote: > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding > routines:ASN1_get_object:header too long > opendkim[3223]: F29AA21C4C: dkim_eom(): resource unavailable: > d2i_PrivateKey_bio() failed The ASN.1 enc

Re: Postfix with opendkim generates "ssl error"

A sáb, 11-02-2023 às 10:36 -0700, Shawn Heisey escreveu: > On 2/11/23 08:41, nj140...@yahoo.com wrote: > > opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding > > routines:ASN1_get_object:header too long > > Others running into something similar found that the

Re: Postfix with opendkim generates "ssl error"

te-web-solutions.com results in the following > > > > messages > > > > in mail.log: > > > > ... > > > > > > > But opendkim seems correctly configured because the command: > > > > opendkim-testkey -d complete-web-solutions.com -s 20230208

Re: Postfix with opendkim generates "ssl error"

On 2/11/23 08:41, nj140...@yahoo.com wrote: opendkim[3223]: F29AA21C4C: SSL error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long Others running into something similar found that the file either was in DOS format or had a BOM at the beginning -- characters were present that

Re: Postfix with opendkim generates "ssl error"

On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote: > Trying to send an email from n...@complete-web-solutions.com on the > host sv9.complete-web-solutions.com results in the following > messages > in mail.log: > ... > But opendkim seems correctly configured b

Re: Postfix with opendkim generates "ssl error"

t; messages > > in mail.log: > > ... > > > But opendkim seems correctly configured because the command: > > opendkim-testkey -d complete-web-solutions.com -s 202302081 -v -x > > /etc/opendkim.conf > > gives the result: > > opendkim-testkey: key secure &g

Re: Postfix with opendkim generates "ssl error"

On February 11, 2023 3:41:06 PM UTC, nj140...@yahoo.com wrote: >Trying to send an email from n...@complete-web-solutions.com on the >host sv9.complete-web-solutions.com results in the following messages >in mail.log: >... >But opendkim seems correctly configured because the com

Postfix with opendkim generates "ssl error"

Trying to send an email from n...@complete-web-solutions.com on the host sv9.complete-web-solutions.com results in the following messages in mail.log: postfix/cleanup[40982]: F29AA21C4C: message- id=<20230211151120.f29aa21...@sv9.complete-web-solutions.com> opendkim[3223]: F29AA21C4C: SSL

OT: OpenDKIM (was: Re: Spammer succeeded in relaying through my server)

On 28/12/22 15:06, Dan Mahoney wrote: (Speaking with my Trusted Domain Project hat on). Yes, we'll take help. I have commit access to all the Github repos, and am trying to push out a new release of OpenDKIM. I've been meaning to do this for months, but life and family stuf

Re: opendkim - permission issue?

Maurizio Caloro: > > On 27.06.2022 00:24, Wietse Venema wrote: > > Maurizio Caloro: > > > > setup also opendkim and will appear now the error " > >> *key data is not secure: / is writeable and owned by uid 110 which is > >> not the executing uid (1

Re: opendkim - permission issue?

On Mon, Jun 27, 2022 at 07:19:59AM +0200, Maurizio Caloro wrote: > On 27.06.2022 00:24, Wietse Venema wrote: > > Maurizio Caloro: > > > > setup also opendkim and will appear now the error " > > > *key data is not secure: / is writeable and owned by uid 110 w

Re: opendkim - permission issue?

On Mon, Jun 27, 2022 at 12:00:20AM +0200, Maurizio Caloro wrote: > > setup also opendkim and will appear now the error "key data is not secure: / > is writeable and owned by uid 110 which is not the executing uid (115)" > it's seem that i have permissio

Re: opendkim - permission issue?

On 27.06.22 00:00, Maurizio Caloro wrote: setup also opendkim and will appear now the error "key data is not secure: / is writeable and owned by uid 110 which is not the executing uid (115)" this looks like you have set owner of root directory to non-root user it's s

Re: opendkim - permission issue?

On 27.06.2022 00:24, Wietse Venema wrote: Maurizio Caloro: setup also opendkim and will appear now the error " *key data is not secure: / is writeable and owned by uid 110 which is not the executing uid (115)* *or the superuser*" it's seem that i have permission issue? Loo

Re: opendkim - permission issue?

Maurizio Caloro: > > setup also opendkim and will appear now the error "key data is not > secure: / is writeable and owned by uid 110 which is not the executing > uid (115)" > it's seem that i have permission issue? Look at the output from: ls -ld / Wietse

opendkim - permission issue?

setup also opendkim and will appear now the error "key data is not secure: / is writeable and owned by uid 110 which is not the executing uid (115)" it's seem that i have permission issue? # opendkim -V     opendkim: OpenDKIM Filter v2.11.0     Compiled with OpenSSL 1.1.

Re: opedmarc and opendkim

> On Mar 31, 2021, at 1:09 PM, David Bürgin wrote: > > Dominic Raferd: >> On 31/03/2021 17:29, Benny Pedersen wrote: >>> On 2021-03-31 18:21, Dan Mahoney wrote: >>> > problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? >>> atleast

Re: opedmarc and opendkim

Dominic Raferd: On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depric

opedmarc and opendkim

After integrate tls 1.2, 1.3 now hopefully the last point I will watch... Please why i will recieve the following fail from Caloro.ch (that's me) Mar 31 nmail opendkim[12519]: 7E66B40237: no signing table match for 'mauri...@caloro.ch' Mar 31 nmail opendkim[12519]: 7E66B4023

Re: opedmarc and opendkim

On 2021-03-31 18:33, Dominic Raferd wrote: On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bu

Re: opedmarc and opendkim

On 31/03/2021 17:29, Benny Pedersen wrote: On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID

Re: opedmarc and opendkim

On 2021-03-31 18:21, Dan Mahoney wrote: problem is your setup used Sender-ID with is long time depricated Why would you advise not using libspf2? atleast not in opendmarc, sid-milter is imho fine but it bulds in both cases of depricated Sender-ID

Re: opedmarc and opendkim

Why would you advise not using libspf2? Sent from my iPad > On Mar 31, 2021, at 09:01, Benny Pedersen wrote: > > On 2021-03-31 17:51, Maurizio Caloro wrote: > >> SPFIgnoreResults true >> SPFSelfValidate true > > set both to false > > and dont use libspf2 > > problem is your setup used Send

Re: opedmarc and opendkim

On 2021-03-31 17:51, Maurizio Caloro wrote: SPFIgnoreResults true SPFSelfValidate true set both to false and dont use libspf2 problem is your setup used Sender-ID with is long time depricated

Re: OpenDKIM but no log of postfix milter running or trying to run

Oh, that's awesome, thanks.  So for the first time I got a log message concerning the milter.  And so this is, indeed, an OpenDKIM issue. Many thanks, I'll go look over there for my problems. Jeff Abrahamson http://p27.eu/jeff/ http://transport-nantes.com/ On 14/10/2020 16:43, I

Re: OpenDKIM but no log of postfix milter running or trying to run

Shutdown OpenDKIM, set "milter_default_action = tempfail", reload postfix and try to send something. If your mail is rejected, then Postfix configuration is ok, and you need to grep maillog (or other logs) for DKIM On Wed, Oct 14, 2020 at 5:28 PM Jeff Abrahamson wrote: > On 14/10/2

Re: OpenDKIM but no log of postfix milter running or trying to run

On 14/10/2020 16:02, IL Ka wrote: > > The config file is active, however.  > > You can check your milter config with > > $  postconf smtpd_milters non_smtpd_milters milter_default_action > > or even > > $ postconf  | grep milter > > You can probably post output it here. > Also, try to increase logg

Re: OpenDKIM but no log of postfix milter running or trying to run

On 14/10/2020 16:06, Wietse Venema wrote: > Jeff Abrahamson: >> I've set up OpenDKIM.? I've noted the config below, but the basic issue >> is that my mails aren't being DKIM signed and my logs, while showing no >> mail-related errors, also don't show any ev

Re: OpenDKIM but no log of postfix milter running or trying to run

Jeff Abrahamson: > I've set up OpenDKIM.? I've noted the config below, but the basic issue > is that my mails aren't being DKIM signed and my logs, while showing no > mail-related errors, also don't show any evidence of milters running or > trying to run.? So I&#

Re: OpenDKIM but no log of postfix milter running or trying to run

> The config file is active, however. You can check your milter config with $ postconf smtpd_milters non_smtpd_milters milter_default_action or even $ postconf | grep milter You can probably post output it here. Also, try to increase logging: http://www.postfix.org/DEBUG_README.html

Re: OpenDKIM but no log of postfix milter running or trying to run

gt; send mail.  > You should probably get some errors in maillog. > Check your syslog config, to make sure opendkim logs are also written. > > Check your dkim is running (telnet 127.0.0.1 8891). > > Btw, I have not set "milter_mail_macros" explicitly.  > The de

Re: OpenDKIM but no log of postfix milter running or trying to run

Set "milter_default_action" to "reject", reload postfix, and try to send mail. You should probably get some errors in maillog. Check your syslog config, to make sure opendkim logs are also written. Check your dkim is running (telnet 127.0.0.1 8891). Btw, I have not set

OpenDKIM but no log of postfix milter running or trying to run

I've set up OpenDKIM.  I've noted the config below, but the basic issue is that my mails aren't being DKIM signed and my logs, while showing no mail-related errors, also don't show any evidence of milters running or trying to run.  So I'm suspecting postfix config error

Re: postfix3 with opendkim

gt; > > Hello.! > > > > > > In the mail.cf i add this options: > > > # OpenDKIM > > > smtpd_milters = inet:127.0.0.1:8891 > > > non_smtpd_milters = $smtpd_milters > > > milter_default_action = accept > > > milter_

Re: postfix3 with opendkim

., 10 de mar. de 2020 a la(s) 10:58, Dominic Raferd > (domi...@timedicer.co.uk) escribió: >> >> On Tue, 10 Mar 2020 at 13:52, SysAdmin EM wrote: >> > >> > Hello.! >> > >> > In the mail.cf i add this options: >> > # OpenDKIM &

Re: postfix3 with opendkim

Tue, 10 Mar 2020 at 13:52, SysAdmin EM wrote: > > > > Hello.! > > > > In the mail.cf i add this options: > > # OpenDKIM > > smtpd_milters = inet:127.0.0.1:8891 > > non_smtpd_milters = $smtpd_milters > > milter_default_action = ac

Re: postfix3 with opendkim

On Tue, 10 Mar 2020 at 13:52, SysAdmin EM wrote: > > Hello.! > > In the mail.cf i add this options: > # OpenDKIM > smtpd_milters = inet:127.0.0.1:8891 > non_smtpd_milters = $smtpd_milters > milter_default_action = accept > milter_protocol =

  1   2   3   >