OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
I am trying to revive my OpenDKIM installation. I had it working but managed to break it when I updated my ports.  It is running but not signing outgoing messages



My main.cf configuration relative to OpenDkim is

smtpd_milters =  inet:localhost:8891
non_smtpd_milters =  $smtpd_milters
milter_default_action = accept


My OpenDkim.conf is


AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
KeyTable                /usr/local/etc/opendkim/KeyTable
SigningTable            refile:/usr/local/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:[hidden email]
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

A I stated it is running 

opendkim  5845   0.0  0.1  23120  11940  -  Ss   13:18       0:00.74 /usr/local/sbin/opendkim -l -p inet:8891@localhost -u opendkim:mailnull -P /var/run/milteropendkim/pid


But not signing from a test site

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         none (message not signed)
ID(s) verified: 


Any thoughts would be appreciated


Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Dominic Raferd
On Thu, 24 Oct 2019 at 15:28, Jason Hirsh <[hidden email]> wrote:

>
> I am trying to revive my OpenDKIM installation. I had it working but managed to break it when I updated my ports.  It is running but not signing outgoing messages
>
> My main.cf configuration relative to OpenDkim is
>
> smtpd_milters =  inet:localhost:8891
> non_smtpd_milters =  $smtpd_milters
> milter_default_action = accept
>
> My OpenDkim.conf is
>
> AutoRestart             Yes
> AutoRestartRate         10/1h
> LogWhy                  Yes
> Syslog                  Yes
> SyslogSuccess           Yes
> Mode                    sv
> Canonicalization        relaxed/simple
> ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
> InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
> KeyTable                /usr/local/etc/opendkim/KeyTable
> SigningTable            refile:/usr/local/etc/opendkim/SigningTable
> SignatureAlgorithm      rsa-sha256
> Socket                  inet:8891@127.0.0.1
> UMask                   022
> UserID                  opendkim:opendkim
> TemporaryDirectory      /var/tmp
>
> As I stated it is running... But not signing from a test site...
>
> Any thoughts would be appreciated

Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
SigningTable set up correctly? Do you need to use KeyTable and
SigningTable - this is a more complex setup; standard setup uses
parameters Domain, Selector and KeyFile - see
http://www.opendkim.org/opendkim-README.
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
I have gone over my configuration with a fine tooth comb, but considering I put them together it is not surprising I can’t spot anything


O have been trying to locate opendkim action in my log file.  It appears that that the  mail is being reviewed but now header added



postfix/submission/smtpd[52375]: milter8_send: milter inet:localhost:8891
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_name = inet:localhost:8891
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_version = 6
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_actions = 273
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_events = 1050370
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_non_events = 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_state = 4
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_conn_timeout = 30
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_cmd_timeout = 30
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_msg_timeout = 300
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_action = accept
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_macro_list = 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: status
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: status
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: > c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 354 End data with <CR><LF>.<CR><LF>
Oct 25 12:45:14 triggerfish postfix/cleanup[52466]: E7D08CB4AA4: message-id=<[hidden email]>
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: status
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: status
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute value: 0
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: reason
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: reason
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
Oct 25 12:45:15 triggerfish postfix/qmgr[52120]: E7D08CB4AA4: from=<[hidden email]>, size=2250, nrcpt=1 (queue active)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: > c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 250 2.0.0 Ok: queued as E7D08CB4AA4
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: abort all milters
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: milter8_abort: abort milter inet:localhost:8891

The thing that concerns me is the appearance of “dummy”

Any thoughts any one/?
On Oct 24, 2019, at 11:29 AM, Jason Hirsh <[hidden email]> wrote:

Thank you  for the quick response


I am 99% certain they are…I had the OpenDkim running for about a week and did not change those (I think0

Trusted Hosts

127.0.0.1
localhost



KeyTable

default._domainkey.example.com:default:/usr/local/etc/opendkim/keys/example.com.com/default.private
default._domainkey.example1.com:default:/usr/local/etc/opendkim/keys/example1.com/default.private

SigningTable

*@example.com default._domainkey.example.com
*@example1.com default._domainkey.example1.com

In my maillog.  I did find something a little strange response to an outgoing message


Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found
Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69: s=verifier201208 d=port25.com SSL 
Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A: s=verifier201208 d=port25.com SSL 
Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found

Light and Motion was who the message was going to and has no presence in my mail system


Is this log entry a clue??


On Oct 24, 2019, at 10:50 AM, Dominic Raferd <[hidden email]> wrote:

On Thu, 24 Oct 2019 at 15:28, Jason Hirsh <[hidden email]> wrote:

I am trying to revive my OpenDKIM installation. I had it working but managed to break it when I updated my ports.  It is running but not signing outgoing messages

My main.cf configuration relative to OpenDkim is

smtpd_milters =  inet:localhost:8891
non_smtpd_milters =  $smtpd_milters
milter_default_action = accept

My OpenDkim.conf is

AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
KeyTable                /usr/local/etc/opendkim/KeyTable
SigningTable            refile:/usr/local/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:[hidden email]
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

As I stated it is running... But not signing from a test site...

Any thoughts would be appreciated

Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
SigningTable set up correctly? Do you need to use KeyTable and
SigningTable - this is a more complex setup; standard setup uses
parameters Domain, Selector and KeyFile - see
http://www.opendkim.org/opendkim-README.


Reply | Threaded
Open this post in threaded view
|

RE: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

angelo

 

From what I can tell the DNS record was not found.

 

Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found

 

And I can’t find it…..

 

[root@exa02dbadm01 ~]# dig -t txt zendesk1._domainkey.lightandmotion.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -t txt zendesk1._domainkey.lightandmotion.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33283

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;zendesk1._domainkey.lightandmotion.com.        IN TXT

 

;; AUTHORITY SECTION:

lightandmotion.com.     10800   IN      SOA     dns042.a.register.com. root.register.com. 2019021518 28800 7200 604800 14400

 

;; Query time: 65 msec

;; SERVER: 137.99.25.14#53(137.99.25.14)

;; WHEN: Fri Oct 25 13:12:38 EDT 2019

;; MSG SIZE  rcvd: 126

 

 

 

-ANGELO FAZZINA

 

[hidden email]

University of Connecticut,  ITS, SSG, Server Systems

860-486-9075

 

From: [hidden email] <[hidden email]> On Behalf Of Jason Hirsh
Sent: Friday, October 25, 2019 12:53 PM
To: Dominic Raferd <[hidden email]>; [hidden email]
Subject: Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

 

I have gone over my configuration with a fine tooth comb, but considering I put them together it is not surprising I can’t spot anything

 

 

O have been trying to locate opendkim action in my log file.  It appears that that the  mail is being reviewed but now header added

 

 

 

 

Any thoughts any one/?

On Oct 24, 2019, at 11:29 AM, Jason Hirsh <[hidden email]> wrote:

 

Thank you  for the quick response

 

 

I am 99% certain they are…I had the OpenDkim running for about a week and did not change those (I think0

 

Trusted Hosts

 

127.0.0.1

localhost

 

 

 

KeyTable

 

default._domainkey.example.com:default:/usr/local/etc/opendkim/keys/example.com.com/default.private

default._domainkey.example1.com:default:/usr/local/etc/opendkim/keys/example1.com/default.private

 

SigningTable

 

 

In my maillog.  I did find something a little strange response to an outgoing message

 

 

Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found
Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69: s=verifier201208 d=port25.com SSL 
Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A: s=verifier201208 d=port25.com SSL 
Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found

 

Light and Motion was who the message was going to and has no presence in my mail system

 

 

Is this log entry a clue??

 

 

Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
Ahh ..  Interesting I had not understood that

But I am still not signing ….

On Oct 25, 2019, at 2:00 PM, Fazzina, Angelo <[hidden email]> wrote:

From your original email
 
Mode                    sv
 
 
You are verifying and signing so yes that seems to be the case as you describe.
 
-ANGELO FAZZINA
 
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075
 
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Wietse Venema
In reply to this post by Jason Hirsh-2
Jason Hirsh:
> I have gone over my configuration with a fine tooth comb, but considering I put them together it is not surprising I can?t spot anything
>
>
> O have been trying to locate opendkim action in my log file.  It appears that that the  mail is being reviewed but now header added
>

I'm not encouraging you to post more logging here, but you might
want to know that Milter content operations do not happen in smtpd,
but in the cleanup daemon.

However, the real work happens in OpenDKIM. Postfix just sits between
the queue file and OpenDKIM, moving bits fro one to the other and
vice versa.

        Wietse

>
> postfix/submission/smtpd[52375]: milter8_send: milter inet:localhost:8891
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_name = inet:localhost:8891
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_version = 6
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_actions = 273
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_events = 1050370
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_non_events = 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_state = 4
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_conn_timeout = 30
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_cmd_timeout = 30
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_msg_timeout = 300
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_action = accept
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr milter_macro_list = 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: status
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: status
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute value: 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: > c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 354 End data with <CR><LF>.<CR><LF>
> Oct 25 12:45:14 triggerfish postfix/cleanup[52466]: E7D08CB4AA4: message-id=<[hidden email]>
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: status
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: status
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute value: 0
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: reason
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: reason
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute value: (end)
> Oct 25 12:45:15 triggerfish postfix/qmgr[52120]: E7D08CB4AA4: from=<[hidden email]>, size=2250, nrcpt=1 (queue active)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup socket: wanted attribute: (list terminator)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute name: (end)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: > c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 250 2.0.0 Ok: queued as E7D08CB4AA4
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: abort all milters
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: milter8_abort: abort milter inet:localhost:8891
>
> The thing that concerns me is the appearance of ?dummy?
>
> Any thoughts any one/?
> > On Oct 24, 2019, at 11:29 AM, Jason Hirsh <[hidden email]> wrote:
> >
> > Thank you  for the quick response
> >
> >
> > I am 99% certain they are?I had the OpenDkim running for about a week and did not change those (I think0
> >
> > Trusted Hosts
> >
> > 127.0.0.1
> > localhost
> > example.com <http://example.com/>
> > example1.com <http://example1.com/>
> >
> >
> >
> > KeyTable
> >
> > default._domainkey.example.com <http://domainkey.example.com/>:default:/usr/local/etc/opendkim/keys/example.com.com/default.private <http://example.com.com/default.private>
> > default._domainkey.example1.com <http://domainkey.example1.com/>:default:/usr/local/etc/opendkim/keys/example1.com/default.private <http://example1.com/default.private>
> >
> > SigningTable
> >
> > *@example.com default._domainkey.example.com <http://domainkey.example.com/>
> > *@example1.com default._domainkey.example1.com <http://domainkey.example1.com/>
> >
> > In my maillog.  I did find something a little strange response to an outgoing message
> >
> >
> > Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com <http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com <http://domainkey.lightandmotion.com/>' record not found
> > Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69: s=verifier201208 d=port25.com <http://port25.com/> SSL
> > Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A: s=verifier201208 d=port25.com <http://port25.com/> SSL
> > Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key retrieval failed (s=zendesk1, d=lightandmotion.com <http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com <http://domainkey.lightandmotion.com/>' record not found
> >
> > Light and Motion was who the message was going to and has no presence in my mail system
> >
> >
> > Is this log entry a clue??
> >
> >
> >> On Oct 24, 2019, at 10:50 AM, Dominic Raferd <[hidden email] <mailto:[hidden email]>> wrote:
> >>
> >> On Thu, 24 Oct 2019 at 15:28, Jason Hirsh <[hidden email] <mailto:[hidden email]>> wrote:
> >>>
> >>> I am trying to revive my OpenDKIM installation. I had it working but managed to break it when I updated my ports.  It is running but not signing outgoing messages
> >>>
> >>> My main.cf configuration relative to OpenDkim is
> >>>
> >>> smtpd_milters =  inet:localhost:8891
> >>> non_smtpd_milters =  $smtpd_milters
> >>> milter_default_action = accept
> >>>
> >>> My OpenDkim.conf is
> >>>
> >>> AutoRestart             Yes
> >>> AutoRestartRate         10/1h
> >>> LogWhy                  Yes
> >>> Syslog                  Yes
> >>> SyslogSuccess           Yes
> >>> Mode                    sv
> >>> Canonicalization        relaxed/simple
> >>> ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
> >>> InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
> >>> KeyTable                /usr/local/etc/opendkim/KeyTable
> >>> SigningTable            refile:/usr/local/etc/opendkim/SigningTable
> >>> SignatureAlgorithm      rsa-sha256
> >>> Socket                  inet:8891@127.0.0.1 <mailto:8891@127.0.0.1>
> >>> UMask                   022
> >>> UserID                  opendkim:opendkim
> >>> TemporaryDirectory      /var/tmp
> >>>
> >>> As I stated it is running... But not signing from a test site...
> >>>
> >>> Any thoughts would be appreciated
> >>
> >> Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
> >> SigningTable set up correctly? Do you need to use KeyTable and
> >> SigningTable - this is a more complex setup; standard setup uses
> >> parameters Domain, Selector and KeyFile - see
> >> http://www.opendkim.org/opendkim-README <http://www.opendkim.org/opendkim-README>.
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
I am trying to get rid of the amount of background

I was pretty sure that OPenDKIM should be doing the hard lifting.    The think that is throwing me for a loop  is the absence of any indication of it operating in conjunction with the outgoing mail in the mallow.  As show else where it is involved with INCOMING.

I have verified that ts process is running

opendkim 50261   0.0  0.1  25164  13000  -  Ss   10:45       0:00.23 /usr/local/sbin/opendkim -l -p inet:8891@localhost -u opendkim:mailnull -P /var/run/milteropendkim/pid

Last week I had it running.  I had an issue with BIND which I corrected.. so I am 80% sure about the associated tables.

I was kind of hoping it was something simple and obvious.  So much for that idea

Thanks to all for the their time and efforts


On Oct 25, 2019, at 2:55 PM, Wietse Venema <[hidden email]> wrote:

Jason Hirsh:
I have gone over my configuration with a fine tooth comb, but considering I put them together it is not surprising I can?t spot anything


O have been trying to locate opendkim action in my log file.  It appears that that the  mail is being reviewed but now header added


I'm not encouraging you to post more logging here, but you might
want to know that Milter content operations do not happen in smtpd,
but in the cleanup daemon.

However, the real work happens in OpenDKIM. Postfix just sits between
the queue file and OpenDKIM, moving bits fro one to the other and
vice versa.

Wietse
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Christian Kivalo
In reply to this post by Jason Hirsh-2
On October 25, 2019 6:52:52 PM GMT+02:00, Jason Hirsh <[hidden email]> wrote:
>I have gone over my configuration with a fine tooth comb, but
>considering I put them together it is not surprising I can’t spot
>anything
>
>
>O have been trying to locate opendkim action in my log file.  It
>appears that that the  mail is being reviewed but now header added

You should revert to non debug logging for postfix as it makes it extremely hard to discover the relevant log messages.

I have the same opendkim config with regard to the Syslog, SyslogSuccess, Logwhy  options

My opendkim logs show up in mail.log and syslog as that's how rsyslog in Debian is configured. Opendkim logs with the mail.* facility to syslog so whatever syslog daemon you use it's configuration should tell you where the logging can be found.

>The thing that concerns me is the appearance of “dummy”
>
>Any thoughts any one/?
>> On Oct 24, 2019, at 11:29 AM, Jason Hirsh <[hidden email]> wrote:
>>
>> Thank you  for the quick response
>>
>>
>> I am 99% certain they are…I had the OpenDkim running for about a week
>and did not change those (I think0
>>
>> Trusted Hosts
>>
>> 127.0.0.1
>> localhost
>> example.com <http://example.com/>
>> example1.com <http://example1.com/>
>>
>>
>>
>> KeyTable
>>
>> default._domainkey.example.com
><http://domainkey.example.com/>:default:/usr/local/etc/opendkim/keys/example.com.com/default.private
><http://example.com.com/default.private>
>> default._domainkey.example1.com
><http://domainkey.example1.com/>:default:/usr/local/etc/opendkim/keys/example1.com/default.private
><http://example1.com/default.private>
>>
>> SigningTable
>>
>> *@example.com default._domainkey.example.com
><http://domainkey.example.com/>
>> *@example1.com default._domainkey.example1.com
><http://domainkey.example1.com/>
>>
>> In my maillog.  I did find something a little strange response to an
>outgoing message
>>
>>
>> Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key
>retrieval failed (s=zendesk1, d=lightandmotion.com
><http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com
><http://domainkey.lightandmotion.com/>' record not found
>> Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69:
>s=verifier201208 d=port25.com <http://port25.com/> SSL
>> Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A:
>s=verifier201208 d=port25.com <http://port25.com/> SSL
>> Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key
>retrieval failed (s=zendesk1, d=lightandmotion.com
><http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com
><http://domainkey.lightandmotion.com/>' record not found
>>
>> Light and Motion was who the message was going to and has no presence
>in my mail system
>>
>>
>> Is this log entry a clue??
>>
>>
>>> On Oct 24, 2019, at 10:50 AM, Dominic Raferd
><[hidden email] <mailto:[hidden email]>> wrote:
>>>
>>> On Thu, 24 Oct 2019 at 15:28, Jason Hirsh <[hidden email]
><mailto:[hidden email]>> wrote:
>>>>
>>>> I am trying to revive my OpenDKIM installation. I had it working
>but managed to break it when I updated my ports.  It is running but not
>signing outgoing messages
>>>>
>>>> My main.cf configuration relative to OpenDkim is
>>>>
>>>> smtpd_milters =  inet:localhost:8891
>>>> non_smtpd_milters =  $smtpd_milters
>>>> milter_default_action = accept
>>>>
>>>> My OpenDkim.conf is
>>>>
>>>> AutoRestart             Yes
>>>> AutoRestartRate         10/1h
>>>> LogWhy                  Yes
>>>> Syslog                  Yes
>>>> SyslogSuccess           Yes
>>>> Mode                    sv
>>>> Canonicalization        relaxed/simple
>>>> ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
>>>> InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
>>>> KeyTable                /usr/local/etc/opendkim/KeyTable
>>>> SigningTable            refile:/usr/local/etc/opendkim/SigningTable
>>>> SignatureAlgorithm      rsa-sha256
>>>> Socket                  inet:8891@127.0.0.1 <mailto:8891@127.0.0.1>
>>>> UMask                   022
>>>> UserID                  opendkim:opendkim
>>>> TemporaryDirectory      /var/tmp
>>>>
>>>> As I stated it is running... But not signing from a test site...
>>>>
>>>> Any thoughts would be appreciated
>>>
>>> Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
>>> SigningTable set up correctly? Do you need to use KeyTable and
>>> SigningTable - this is a more complex setup; standard setup uses
>>> parameters Domain, Selector and KeyFile - see
>>> http://www.opendkim.org/opendkim-README
><http://www.opendkim.org/opendkim-README>.
>>

--
Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
I am getting entries in my maiillog, but only in regards to OpenDKIM working to verify INCOMING
These are clearly entries from OpenDKIM.  There is nothing corresponding for actions relative to outgoing mail

Jason

> On Oct 25, 2019, at 3:52 PM, Christian Kivalo <[hidden email]> wrote:
>
> On October 25, 2019 6:52:52 PM GMT+02:00, Jason Hirsh <[hidden email]> wrote:
>> I have gone over my configuration with a fine tooth comb, but
>> considering I put them together it is not surprising I can’t spot
>> anything
>>
>>
>> O have been trying to locate opendkim action in my log file.  It
>> appears that that the  mail is being reviewed but now header added
>
> You should revert to non debug logging for postfix as it makes it extremely hard to discover the relevant log messages.
>
> I have the same opendkim config with regard to the Syslog, SyslogSuccess, Logwhy  options
>
> My opendkim logs show up in mail.log and syslog as that's how rsyslog in Debian is configured. Opendkim logs with the mail.* facility to syslog so whatever syslog daemon you use it's configuration should tell you where the logging can be found.
>
>> The thing that concerns me is the appearance of “dummy”
>>
>> Any thoughts any one/?
>>> On Oct 24, 2019, at 11:29 AM, Jason Hirsh <[hidden email]> wrote:
>>>
>>> Thank you  for the quick response
>>>
>>>
>>> I am 99% certain they are…I had the OpenDkim running for about a week
>> and did not change those (I think0
>>>
>>> Trusted Hosts
>>>
>>> 127.0.0.1
>>> localhost
>>> example.com <http://example.com/>
>>> example1.com <http://example1.com/>
>>>
>>>
>>>
>>> KeyTable
>>>
>>> default._domainkey.example.com
>> <http://domainkey.example.com/>:default:/usr/local/etc/opendkim/keys/example.com.com/default.private
>> <http://example.com.com/default.private>
>>> default._domainkey.example1.com
>> <http://domainkey.example1.com/>:default:/usr/local/etc/opendkim/keys/example1.com/default.private
>> <http://example1.com/default.private>
>>>
>>> SigningTable
>>>
>>> *@example.com default._domainkey.example.com
>> <http://domainkey.example.com/>
>>> *@example1.com default._domainkey.example1.com
>> <http://domainkey.example1.com/>
>>>
>>> In my maillog.  I did find something a little strange response to an
>> outgoing message
>>>
>>>
>>> Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key
>> retrieval failed (s=zendesk1, d=lightandmotion.com
>> <http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com
>> <http://domainkey.lightandmotion.com/>' record not found
>>> Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69:
>> s=verifier201208 d=port25.com <http://port25.com/> SSL
>>> Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A:
>> s=verifier201208 d=port25.com <http://port25.com/> SSL
>>> Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key
>> retrieval failed (s=zendesk1, d=lightandmotion.com
>> <http://lightandmotion.com/>): 'zendesk1._domainkey.lightandmotion.com
>> <http://domainkey.lightandmotion.com/>' record not found
>>>
>>> Light and Motion was who the message was going to and has no presence
>> in my mail system
>>>
>>>
>>> Is this log entry a clue??
>>>
>>>
>>>> On Oct 24, 2019, at 10:50 AM, Dominic Raferd
>> <[hidden email] <mailto:[hidden email]>> wrote:
>>>>
>>>> On Thu, 24 Oct 2019 at 15:28, Jason Hirsh <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>>>>
>>>>> I am trying to revive my OpenDKIM installation. I had it working
>> but managed to break it when I updated my ports.  It is running but not
>> signing outgoing messages
>>>>>
>>>>> My main.cf configuration relative to OpenDkim is
>>>>>
>>>>> smtpd_milters =  inet:localhost:8891
>>>>> non_smtpd_milters =  $smtpd_milters
>>>>> milter_default_action = accept
>>>>>
>>>>> My OpenDkim.conf is
>>>>>
>>>>> AutoRestart             Yes
>>>>> AutoRestartRate         10/1h
>>>>> LogWhy                  Yes
>>>>> Syslog                  Yes
>>>>> SyslogSuccess           Yes
>>>>> Mode                    sv
>>>>> Canonicalization        relaxed/simple
>>>>> ExternalIgnoreList      refile:/usr/local/etc/opendkim/TrustedHosts
>>>>> InternalHosts           refile:/usr/local/etc/opendkim/TrustedHosts
>>>>> KeyTable                /usr/local/etc/opendkim/KeyTable
>>>>> SigningTable            refile:/usr/local/etc/opendkim/SigningTable
>>>>> SignatureAlgorithm      rsa-sha256
>>>>> Socket                  inet:8891@127.0.0.1 <mailto:8891@127.0.0.1>
>>>>> UMask                   022
>>>>> UserID                  opendkim:opendkim
>>>>> TemporaryDirectory      /var/tmp
>>>>>
>>>>> As I stated it is running... But not signing from a test site...
>>>>>
>>>>> Any thoughts would be appreciated
>>>>
>>>> Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
>>>> SigningTable set up correctly? Do you need to use KeyTable and
>>>> SigningTable - this is a more complex setup; standard setup uses
>>>> parameters Domain, Selector and KeyFile - see
>>>> http://www.opendkim.org/opendkim-README
>> <http://www.opendkim.org/opendkim-README>.
>>>
>
> --
> Christian Kivalo

Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Christian Kivalo


On October 25, 2019 9:58:28 PM GMT+02:00, Jason Hirsh <[hidden email]> wrote:
>I am getting entries in my maiillog, but only in regards to OpenDKIM
>working to verify INCOMING
>These are clearly entries from OpenDKIM.  There is nothing
>corresponding for actions relative to outgoing mail
What happens when you comment the ExternalIgnoreList and InternalHost settings in opendkim.conf, restart the service and send a test mail originating from one of the domains you're trying to sign?
What do the logs show?

My opendkim.conf has refile: prefix also for the KeyTable option.

Regards
Christian
--
Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
In reply to this post by angelo
The thing is … that isn an INCOMING not an outgoing email..   Maybe its is failing a DKIM test for incoming


I can’t seem to get OpenDKIM to sign my OUTGOING

On Oct 25, 2019, at 1:17 PM, Fazzina, Angelo <[hidden email]> wrote:

 
From what I can tell the DNS record was not found.
 
Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed (s=zendesk1, d=lightandmotion.com): 'zendesk1._domainkey.lightandmotion.com' record not found
 
And I can’t find it…..
 
[root@exa02dbadm01 ~]# dig -t txt zendesk1._domainkey.lightandmotion.com
 
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -t txt zendesk1._domainkey.lightandmotion.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33283
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zendesk1._domainkey.lightandmotion.com.        IN TXT
 
;; AUTHORITY SECTION:
lightandmotion.com.     10800   IN      SOA     dns042.a.register.com. root.register.com. 2019021518 28800 7200 604800 14400
 
;; Query time: 65 msec
;; SERVER: 137.99.25.14#53(137.99.25.14)
;; WHEN: Fri Oct 25 13:12:38 EDT 2019
;; MSG SIZE  rcvd: 126
 
 
 
-ANGELO FAZZINA
 
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075
 
Reply | Threaded
Open this post in threaded view
|

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh-2
In reply to this post by Jason Hirsh-2
You actually got me on right track.  Peeled back the onion abit to how OpenDkim was being started

I looked in more depth at start up script used  by rc.cof.    It was looking for a opendkim.conf in /usr/local/etc/mail not /usr/local/etc/opemdkim

Copied opedkim.conf back that and all is good


There is a mystery how opendkim started with out its conf file but ai issue it used defaults and thus the fault

Thanks to all and sorry for polluting the mailing list

Jason

On Oct 25, 2019, at 4:12 PM, Fazzina, Angelo <[hidden email]> wrote:

Hi again,
Maybe this will help you trouble shoot where the misconfiguration is  ?

Hi, here's my signing table
[root@mta5 opendkim]# more SigningTable  |grep -v "#"


*@appmail.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu
*@uconn.edu dkim1._domainkey.mta5.uits.uconn.edu
*@uits.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu
*@mta5.uits.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu
*@localhost dkim1._domainkey.mta5.uits.uconn.edu