我刚刚配置了opendkim和postfix,它被用来签署我的电子邮件,但事实并非如此.
我使用/usr/sbin / opendkim-testkey来测试密钥,它们似乎没问题,但我发送给check-auth@verifier.port25.com的邮件继续说:
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: pass DKIM check: neutral sender-id check: pass SpamAssassin check: ham
有任何想法吗?我得到这样的postfix配置文件:
# OpenDKIM milter_default_action = accept milter_protocol = 6 smtpd_milters =,inet:127.0.0.1:8891,inet:127.0.0.1:12768 non_smtpd_milters = $smtpd_milters
我确实检查了我的日志文件很多次,似乎没有任何错误.我正在使用Centos 6.
这也是我的opendkim.conf
## BASIC OPENDKIM CONfigURATION FILE ## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more ## BEFORE running OpenDKIM you must: ## - make your MTA (Postfix,Sendmail,etc.) aware of OpenDKIM ## - generate keys for your domain (if signing) ## - edit your DNS records to publish your public keys (if signing) ## See /usr/share/doc/opendkim/INSTALL for detailed instructions. ## CONfigURATION OPTIONS # Specifies the path to the process ID file. PidFile /var/run/opendkim/opendkim.pid # Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. # Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing # messages. Mode v # Log activity to the system log. Syslog yes # Log additional entries indicating successful signing or verification of messages. SyslogSuccess yes # If logging is enabled,include detailed logging about why or why not a message was # signed or verified. This causes an increase in the amount of log data generated # for each message,so set this to No (or comment it out) if it gets too noisy. LogWhy yes # Attempt to become the specified user before starting operations. UserID opendkim:opendkim # Create a socket through which your MTA can communicate. Socket inet:8891@localhost # required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) Umask 002 # This specifies a text file in which to store DKIM transaction statistics. # OpenDKIM must be manually compiled with --enable-stats to enable this feature. #Statistics /var/spool/opendkim/stats.dat ## SIGNING OPTIONS # Selects the canonicalization method(s) to be used when signing messages. Canonicalization relaxed/relaxed # Domain(s) whose mail should be signed by this filter. Mail from other domains will # be verified rather than being signed. Uncomment and use your domain name. # This parameter is not required if a SigningTable is in use. #Domain example.com # Defines the name of the selector to be used when signing messages. Selector mail # Specifies the minimum number of key bits for acceptable keys and signatures. MinimumKeyBits 1024 # Gives the location of a private key to be used for signing ALL messages. This # directive is ignored if KeyTable is enabled. KeyFile /etc/opendkim/keys/default.private # Gives the location of a file mapping key names to signing keys. In simple terms,# this tells OpenDKIM where to find your keys. If present,overrides any KeyFile # directive in the configuration file. Requires SigningTable be enabled. KeyTable /etc/opendkim/KeyTable # Defines a table used to select one or more signatures to apply to a message based # on the address found in the From: header field. In simple terms,this tells # OpenDKIM how to use your keys. Requires KeyTable be enabled. SigningTable refile:/etc/opendkim/SigningTable # Identifies a set of "external" hosts that may send mail through the server as one # of the signing domains without credentials as such. ExternalIgnoreList refile:/etc/opendkim/TrustedHosts # Identifies a set "internal" hosts whose mail should be signed rather than verified. InternalHosts refile:/etc/opendkim/TrustedHosts
顺便说一句,这是我的日志:
May 29 07:34:07 s18378428 opendkim[5801]: OpenDKIM Filter v2.10.1 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid) May 29 07:35:02 s18378428 opendkim[5801]: 5562C18C60060: verifier.port25.com [38.95.177.125] not internal May 29 07:35:02 s18378428 opendkim[5801]: 5562C18C60060: not authenticated May 29 07:35:02 s18378428 opendkim[5801]: 5562C18C60060: DKIM verification successful
谢谢你的时间.
P.D.:以防万一,我得到了正确的DNS记录和我的域名的propper密钥.
在你的opendkim.conf文件中
Mode v
将操作模式设置为仅验证,因此您的外发邮件将永远不会被签名.
相关行上方的注释中对此进行了解释:
Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
messages.
我怀疑您的日志条目来自正在验证的传入邮件(即来自verifier.port25.com)而不是签名的传出邮件.
用于签署外发消息的“好”日志条目将是
opendkim[23616]: 085726031E: DKIM-Signature header added (s=mail1,d=example.tld)
