Roundcube Community Forum

 

[Resolved] Is my DKIM fully Ok ?

Started by ewok2, July 20, 2022, 12:44:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ewok2

July 20, 2022, 12:44:15 PM Last Edit: July 23, 2022, 05:28:24 AM by ewok2
Hello
I have a postfix/dovecot/roundcube server working.
I have configure DKIM in the server and in my DNS zone.

When I send a test email to Gmail account and on the right side of an opened email message in Gmail, if I click the show original button from the drop-down menu, I can see the authentication results. => Which is
QuoteDKIM :    'PASS' with domaine mydomain.net

But when I try https://www.mail-tester.com I get only 9/10 because it says message not sign with DKIM

Is there many level of DKIM ?
How can I double chek if Google ou mail-tester.com is wrong?

PS : when I test on the server It seem's Ok
Quotesudo opendkim-testkey -d mydomain.net -s default -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.mydomain.net'
opendkim-testkey: key not secure
opendkim-testkey: key OK

ewok2

#1
July 22, 2022, 09:08:03 AM
Ok I change one statement...
Google does not see anymore DKIM pass...

I think with log :
Quoteopendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal
opendkim[25905]: 0787A180209: not authenticated
opendkim[25905]: 0787A180209: no signature data

it show that indeed the mail is not sign...

In my "/etc/opendkim/trusted.hosts" I have
Quote127.0.0.1
localhost
192.168.0.1/24

*.mydomain.net

I look like the opendkim is not looking at the "trusted.hosts" ?

Any idee to find where I mis configure?

Many thanks

SKaero

#2
July 22, 2022, 05:13:16 PM
Did you configure your mail server to sign the email with the DKIM key? It sounds like that is where the problem is.

ewok2

#3
July 23, 2022, 04:43:19 AM
Thanks for help

I have a opendkim service running.
I have configure the socket in /etc/opendkim.conf & /etc/default/opendkim to "local:/var/spool/postfix/opendkim/opendkim.sock"

And I tell postfix in "/etc/postfix/main.cf" to connect to opendkim by adding this line at the end :
Quote# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

but your right, I did not tell postfix "sign all the mail by using Milter" somewhere...
I have follow this howto https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf#comment-750644 and maybe I have missed something?

But the fact I get "opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal" did not show that is is trying to sign ?

ewok2

#4
July 23, 2022, 05:27:57 AM
Verry strange...
But resolved!

I was performing submission to port 25 without TLS.
I had an error with a let's encrypt certificate with thr root authority not checked...
I have had the path of a Fullchain.crt for let's encrypt in config.php of roundcube and activate tls on 587 port for submission
=> The send on 587 works
=> And the mail is now signed!

Print
Go Up Pages1
User actions