postfix + opendkim not signing correctly. how to debug this?
Posted
by
Dean Hiller
on Server Fault
See other posts from Server Fault
or by Dean Hiller
Published on 2013-04-15T00:45:39Z
Indexed on
2013/11/12
3:58 UTC
Read the original article
Hit count: 848
EDIT: I did get a little further but all posts on my search say permissions are wrong or regenerate key but I fixed that to be 644 as well as owned by DKIM AND I keep regenerating the key but it is not helping. My latest error now is this
Apr 21 21:19:12 Sniffy opendkim[8729]: BB5BF3AA66: dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed
Apr 21 21:19:12 Sniffy postfix/cleanup[8627]: BB5BF3AA66: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.0 resource unavailable; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<abcs.com>
I am looking for a way to simply debug this(don't necessarily need the answer but a way to get logs from opendkim would be good).
If I stop opendkim, I see postfix log connection refused which is good. but when I send mail with opendkim started, I see no logs whatsoever. I even add the "LogWhy Yes" line to my opendkim.conf file as well and still see no logs there.
Since I see opendkim running under user opendkim, I changed the owner of /etc/opendkim/* and /etc/opendkim and /etc/opendkim.conf all to opendkim user.
I am running on ubuntu. My opendkim.conf file is
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
Domain sniffyapp.com
#KeyFile /etc/mail/dkim.key
KeyFile /etc/opendkim/keys/sniffyapp.com/default.private
#Selector 2007
Selector default
# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
Mode sv
#SubDomains no
#ADSPDiscard no
Socket inet:8891:localhost
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
LogWhy Yes
I of course have these lines added to main.cf in postgres
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
© Server Fault or respective owner