为什么OpenDKIM不签名和validation我的电子邮件？ （CentOS 6.5，Postfix和OpenDKIM）

我在跑：

CentOS 6.5 Postfix 2.6.6 opendkim: OpenDKIM Filter v2.9.0 Compiled with OpenSSL 1.0.1e-fips 11 Feb 2013 SMFI_VERSION 0x1000001 libmilter version 1.0.1 Supported signing algorithms: rsa-sha1 rsa-sha256 Supported canonicalization algorithms: relaxed simple Active code options: USE_DB USE_UNBOUND libopendkim 2.9.0: 

我已经安装了Zarafa，everythign运行完美。 然后我试图安装OpenDKIM，一直有麻烦。 我安装了另一台服务器，我运行Zimbra，没有任何问题。 这个服务器虽然不合作。 我的/ var / log / maillog文件甚至没有显示任何的openDKIM指示。 没有什么关于opendkimlogging。

我的DNSlogging已正确添加。 （通过DIGtesting）我已经尝试了两个不同的configuration文件，但这是当前的一个：

 AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode s Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp 

这里是/ etc / opendkim / SigningTable：

• Postfix'tlsv1提醒未知的ca'
• 后缀：dynamic重写服务器名称取决于发件人域
• 如何伪装SMTP会话上的Postfix？
• postfix / procmail – 在procmailrc中防止重复的电子邮件
• 更新后Postfixadmin不起作用“无法重新声明hex2bin”

 # OPENDKIM SIGNING TABLE # This table controls how to apply one or more signatures to outgoing messages based # on the address found in the From: header field. In simple terms, this tells # OpenDKIM "how" to apply your keys. # To use this file, uncomment the SigningTable option in /etc/opendkim.conf, # then uncomment one of the usage examples below and replace example.com with your # domain name, then restart OpenDKIM. # WILDCARD EXAMPLE # Enables signing for any address on the listed domain(s), but will work only if # "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf. # Create additional lines for additional domains. #*@example.com default._domainkey.example.com # NON-WILDCARD EXAMPLE # If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then # wildcards will not work. Instead, full user@host is checked first, then simply host, # then [email protected] (with all superdomains checked in sequence, so "foo.example.com" # would first check "[email protected]", then "[email protected]", then "[email protected]"), # then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under # "SigningTable" for more details. #example.com default._domainkey.example.com *@mydomain.com dk_default._domainkey.mydomain.com Here is /etc/opendkim/KeyTable: # OPENDKIM KEY TABLE # To use this file, uncomment the #KeyTable option in /etc/opendkim.conf, # then uncomment the following line and replace example.com with your domain # name, then restart OpenDKIM. Additional keys may be added on separate lines. #default._domainkey.example.com example.comefault:/etc/opendkim/keys/default.private dk_default._domainkey.mydomain.com mydomain.comk_default:/etc/opendkim/keys/mydomain.com/dk_default Here is /etc/opendkim/TrustedHosts: # OPENDKIM TRUSTED HOSTS # To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts # option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts # may be added on separate lines (IP addresses, hostnames, or CIDR ranges). # The localhost IP (127.0.0.1) should always be the first entry in this file. 127.0.0.1 #host.example.com #192.168.1.0/24 172.20.6.178 mydomain.com zarafa.mydomain.com 

编辑：

/etc/postfix/main.cf文件：

 # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_cert_file=/opt/yaffas/etc/ssl/certs/postfix.crt smtpd_tls_key_file=/opt/yaffas/etc/ssl/certs/postfix.key smtpd_use_tls=yes smtp_tls_security_level = may alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mydestination = myorigin = $mydomain mynetworks = [::1]/128, [::ffff:127.0.0.0]/104, 127.0.0.0/8 virtual_mailbox_domains = localhost, zarafa.mydomain.com, mydomain.com virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_alias_maps = regexp:/etc/postfix/virtual_users_global, hash:/opt/yaffas/config/postfix/local-aliases.cf, hash:/opt/yaffas/config/postfix/public-folder-aliases.cf, hash:/etc/postfix/ldap-group.cf, ldap:/etc/postfix/ldap-aliases.cf virtual_transport = lmtp:127.0.0.1:2003 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes content_filter = amavis:[127.0.0.1]:10024 smtpd_helo_required = yes smtpd_delay_reject = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain, check_client_access hash:/opt/yaffas/config/postfix/whitelist-postfix, check_policy_service inet:127.0.0.1:12525, sender_canonical_maps = hash:/etc/postfix/sender_canonical transport_maps = hash:/opt/yaffas/config/postfix/transport-deliver-to-public zarafa-publicfolder_destination_recipient_limit = 1 myhostname = zarafa.mydomain.com message_size_limit = 20971520 smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 

/etc/postfix/master.cf：

 # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - nn - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - nn - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks zarafa-publicfolder unix - nn - 10 pipe flags=DORu user=vmail argv=/opt/yaffas/libexec/mailalias/zarafa-deliver-to-public ${nexthop} 

编辑：另外，为什么OpenDKIM不validation电子邮件？ 当我发送一封电子邮件时，我总是在这样的日志中回复消息：

10月25日21:13:32 zarafa postfix / smtp [7201]：证书validation失败megawatt.resistor.net [208.69.177.116]：25：不可信发行人/ C = US / ST =纽约/ L =布鲁克林/ O = Eland Systems / OU = Eland CA/CN=Eland/[email protected]

而且，我发送消息的地方并不重要。 我已经发送到我自己的服务器上，我知道是通过DKIMvalidation，我仍然得到它。