Author Topic: [Resolved] Is my DKIM fully Ok ?  (Read 687 times)

Offline ewok2

  • Jr. Member
  • **
  • Posts: 11
[Resolved] Is my DKIM fully Ok ?
« on: July 20, 2022, 12:44:15 PM »
Hello
I have a postfix/dovecot/roundcube server working.
I have configure DKIM in the server and in my DNS zone.

When I send a test email to Gmail account and on the right side of an opened email message in Gmail, if I click the show original button from the drop-down menu, I can see the authentication results. => Which is
Quote
DKIM :    'PASS' with domaine mydomain.net

But when I try https://www.mail-tester.com I get only 9/10 because it says message not sign with DKIM

Is there many level of DKIM ?
How can I double chek if Google ou mail-tester.com is wrong?

PS : when I test on the server It seem's Ok
Quote
sudo opendkim-testkey -d mydomain.net -s default -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.mydomain.net'
opendkim-testkey: key not secure
opendkim-testkey: key OK
« Last Edit: July 23, 2022, 05:28:24 AM by ewok2 »

Offline ewok2

  • Jr. Member
  • **
  • Posts: 11
Re: Is my DKIM fully Ok ?
« Reply #1 on: July 22, 2022, 09:08:03 AM »
Ok I change one statement...
Google does not see anymore DKIM pass...

I think with log :
Quote
opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal
opendkim[25905]: 0787A180209: not authenticated
opendkim[25905]: 0787A180209: no signature data

it show that indeed the mail is not sign...

In my "/etc/opendkim/trusted.hosts" I have
Quote
127.0.0.1
localhost
192.168.0.1/24

*.mydomain.net

I look like the opendkim is not looking at the "trusted.hosts" ?

Any idee to find where I mis configure?

Many thanks

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,782
    • SKaero - Custom Roundcube development
Re: Is my DKIM fully Ok ?
« Reply #2 on: July 22, 2022, 05:13:16 PM »
Did you configure your mail server to sign the email with the DKIM key? It sounds like that is where the problem is.

Offline ewok2

  • Jr. Member
  • **
  • Posts: 11
Re: Is my DKIM fully Ok ?
« Reply #3 on: July 23, 2022, 04:43:19 AM »
Thanks for help

I have a opendkim service running.
I have configure the socket in /etc/opendkim.conf & /etc/default/opendkim to "local:/var/spool/postfix/opendkim/opendkim.sock"

And I tell postfix in "/etc/postfix/main.cf" to connect to opendkim by adding this line at the end :
Quote
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

but your right, I did not tell postfix "sign all the mail by using Milter" somewhere...
I have follow this howto https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf#comment-750644 and maybe I have missed something?

But the fact I get "opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal" did not show that is is trying to sign ?


Offline ewok2

  • Jr. Member
  • **
  • Posts: 11
[Resolved]: Is my DKIM fully Ok ?
« Reply #4 on: July 23, 2022, 05:27:57 AM »
Verry strange...
But resolved!

I was performing submission to port 25 without TLS.
I had an error with a let's encrypt certificate with thr root authority not checked...
I have had the path of a Fullchain.crt for let's encrypt in config.php of roundcube and activate tls on 587 port for submission
=> The send on 587 works
=> And the mail is now signed!