Miscellaneous > Roundcube Discussion

[Resolved] Is my DKIM fully Ok ?

(1/1)

ewok2:
Hello
I have a postfix/dovecot/roundcube server working.
I have configure DKIM in the server and in my DNS zone.

When I send a test email to Gmail account and on the right side of an opened email message in Gmail, if I click the show original button from the drop-down menu, I can see the authentication results. => Which is

--- Quote ---DKIM :    'PASS' with domaine mydomain.net
--- End quote ---

But when I try https://www.mail-tester.com I get only 9/10 because it says message not sign with DKIM

Is there many level of DKIM ?
How can I double chek if Google ou mail-tester.com is wrong?

PS : when I test on the server It seem's Ok

--- Quote ---sudo opendkim-testkey -d mydomain.net -s default -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.mydomain.net'
opendkim-testkey: key not secure
opendkim-testkey: key OK
--- End quote ---

ewok2:
Ok I change one statement...
Google does not see anymore DKIM pass...

I think with log :

--- Quote ---opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal
opendkim[25905]: 0787A180209: not authenticated
opendkim[25905]: 0787A180209: no signature data
--- End quote ---

it show that indeed the mail is not sign...

In my "/etc/opendkim/trusted.hosts" I have

--- Quote ---127.0.0.1
localhost
192.168.0.1/24

*.mydomain.net
--- End quote ---

I look like the opendkim is not looking at the "trusted.hosts" ?

Any idee to find where I mis configure?

Many thanks

SKaero:
Did you configure your mail server to sign the email with the DKIM key? It sounds like that is where the problem is.

ewok2:
Thanks for help

I have a opendkim service running.
I have configure the socket in /etc/opendkim.conf & /etc/default/opendkim to "local:/var/spool/postfix/opendkim/opendkim.sock"

And I tell postfix in "/etc/postfix/main.cf" to connect to opendkim by adding this line at the end :

--- Quote ---# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
--- End quote ---

but your right, I did not tell postfix "sign all the mail by using Milter" somewhere...
I have follow this howto https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf#comment-750644 and maybe I have missed something?

But the fact I get "opendkim[25905]: 0787A180209: xxx.mydomain.net [192.168.zz.yy] not internal" did not show that is is trying to sign ?

ewok2:
Verry strange...
But resolved!

I was performing submission to port 25 without TLS.
I had an error with a let's encrypt certificate with thr root authority not checked...
I have had the path of a Fullchain.crt for let's encrypt in config.php of roundcube and activate tls on 587 port for submission
=> The send on 587 works
=> And the mail is now signed!

Navigation

[0] Message Index