Miscellaneous > Roundcube Discussion
[Resolved] Is my DKIM fully Ok ?
(1/1)
ewok2:
Hello
I have a postfix/dovecot/roundcube server working.
I have configure DKIM in the server and in my DNS zone.
When I send a test email to Gmail account and on the right side of an opened email message in Gmail, if I click the show original button from the drop-down menu, I can see the authentication results. => Which is
--- Quote ---DKIM : 'PASS' with domaine mydomain.net
--- End quote ---
But when I try https://www.mail-tester.com I get only 9/10 because it says message not sign with DKIM
Is there many level of DKIM ?
How can I double chek if Google ou mail-tester.com is wrong?
PS : when I test on the server It seem's Ok
--- Quote ---sudo opendkim-testkey -d mydomain.net -s default -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.mydomain.net'
opendkim-testkey: key not secure
opendkim-testkey: key OK
--- End quote ---
ewok2:
Ok I change one statement...
Google does not see anymore DKIM pass...
I think with log :
--- Quote ---opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal
opendkim[25905]: 0787A180209: not authenticated
opendkim[25905]: 0787A180209: no signature data
--- End quote ---
it show that indeed the mail is not sign...
In my "/etc/opendkim/trusted.hosts" I have
--- Quote ---127.0.0.1
localhost
192.168.0.1/24
*.mydomain.net
--- End quote ---
I look like the opendkim is not looking at the "trusted.hosts" ?
Any idee to find where I mis configure?
Many thanks
SKaero:
Did you configure your mail server to sign the email with the DKIM key? It sounds like that is where the problem is.
ewok2:
Thanks for help
I have a opendkim service running.
I have configure the socket in /etc/opendkim.conf & /etc/default/opendkim to "local:/var/spool/postfix/opendkim/opendkim.sock"
And I tell postfix in "/etc/postfix/main.cf" to connect to opendkim by adding this line at the end :
--- Quote ---# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
--- End quote ---
but your right, I did not tell postfix "sign all the mail by using Milter" somewhere...
I have follow this howto https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf#comment-750644 and maybe I have missed something?
But the fact I get "opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal" did not show that is is trying to sign ?
ewok2:
Verry strange...
But resolved!
I was performing submission to port 25 without TLS.
I had an error with a let's encrypt certificate with thr root authority not checked...
I have had the path of a Fullchain.crt for let's encrypt in config.php of roundcube and activate tls on 587 port for submission
=> The send on 587 works
=> And the mail is now signed!
Navigation
[0] Message Index
Go to full version