我试图在运行Debian和Postfix的邮件服务器上安装OpenDKIM。 这是我所做的configuration:
KeyTable :
mail._domainkey.domain1.com domain1.com:mail:/etc/opendkim/keys/domain1.com/mail.private mail._domainkey.domain2.com domain2.com:mail:/etc/opendkim/keys/domain2.com/mail.private SigningTable :
*.domain1.com mail._domainkey.domain1.com *.domain2.com mail._domainkey.domain2.com
TrustedHosts :
127.0.0.1 ::1 localhost
我的opendkim.conf读取:
# This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (eg Postfix) UMask 002 LogWhy yes OversignHeaders From TrustAnchorFile /usr/share/dns/root.key KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable ExternalIgnoreList /etc/opendkim/TrustedHosts InternalHosts /etc/opendkim/TrustedHosts
最后,我使用milter socket连接到Postfix:
后缀main.cf :
# Milters smtpd_milters = unix:/opendkim/opendkim.sock, unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock non_smtpd_milters = unix:/opendkim/opendkim.sock
在当前状态下,OpenDKIM确实能够正确validation传入邮件的签名,但由于某些原因,它不会签署传出邮件。 在尝试发送邮件时,这被logging在mail.log :
Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: %clienthostname% %clientip% not internal Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: not authenticated Nov 8 16:35:02 illium opendkim[30142]: 826DF501F39: no signature data
我相信not authenticated部分是不正确的,因为邮件是从客户端使用经过身份validation的SMTP提交给Postfix。
问题是由两件事引起的:
与opendkim.conf的注释相反, mode = sv 不是默认值。 我必须明确地设置它。
我在我的SigningTable中发生错误: *.domain1.com应该是*@domain1.com 。
纠正这两点之后,现在它正常工作。