5

I have configured DKIM:

Dec 27 11:10:03 mailer opendkim[378]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)
Dec 27 11:10:10 mailer postfix/postfix-script[551]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Dec 27 11:10:10 mailer postfix/postfix-script[719]: starting the Postfix mail system
Dec 27 11:10:10 mailer postfix/master[721]: daemon started -- version 3.4.13, configuration /etc/postfix

But the letters are not signed, I connect on port 25, there are no errors, tell me in which configuration file can there be problems? My key is being verified

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/postfix/dkim/mail.private
opendkim-testkey: checking key 'mail._domainkey.domain.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK

Configured exactly as in this guide https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf

Please tell me which way to look and where I could be wrong with the settings. Thanks in advance to everyone!

grep Socket /etc/opendkim.conf ->

# Socket smtp://localhost
# ##  Socket socketspec
#Socket                  inet:8892@localhost
#Socket    inet:12301@localhost
Socket inet:8891@localhost
#Socket    local:/run/opendkim/opendkim.sock

sammy@mailer:~$ grep -e 8891 -e unix /etc/postfix/main.cf
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Oleksandr
  • 161
  • 6
  • Does this answer your question? [opendkim-testkey: key not secure](https://serverfault.com/questions/1048491/opendkim-testkey-key-not-secure) – AlexD Dec 27 '21 at 13:53
  • What is the output of `grep Socket /etc/opendkim.conf`? – Paul Dec 27 '21 at 14:33
  • @Paul `# Socket smtp://localhost # ## Socket socketspec #Socket inet:8892@localhost #Socket inet:12301@localhost #Socket local:/run/opendkim/opendkim.sock` – Oleksandr Dec 27 '21 at 14:43
  • Please [edit](https://serverfault.com/posts/1088302/edit) the question to include the output (it makes it easier to read because `opendkim` and indeed nearly all configuration files interpret new lines, and I don't know where the lines begin and end within a comment.) – Paul Dec 27 '21 at 14:47
  • @Paul ok sorry) – Oleksandr Dec 27 '21 at 14:47
  • @Paul i updated the question – Oleksandr Dec 27 '21 at 14:54
  • Please post the output of `grep -e 8891 -e unix /etc/posfix/main.cf`. – Paul Dec 27 '21 at 15:02
  • @Paul i updated the question – Oleksandr Dec 27 '21 at 15:06
  • @Paul I am getting an error like this when posting a message `warning: connect to Milter service inet:localhost:8891: Connection refused` – Oleksandr Dec 27 '21 at 15:07
  • @Paul ^ I fixed this mistake by accidentally adding a number when editing socket – Oleksandr Dec 27 '21 at 15:15
  • @Paul Now I'm connecting to the socket, but the signature still does not happen – Oleksandr Dec 27 '21 at 15:15
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/132639/discussion-between-paul-and-oleksandr). – Paul Dec 27 '21 at 15:21

1 Answers1

6

It appears you have accidentally missed the section in the tutorial titled "Connect Postfix to OpenDKIM", which configures OpenDKIM on Unix domain sockets instead of the default TCP configuration.

The postfix process is chrooted in /var/spool/postfix, so supporting Unix sockets requires creating a directory for the sockets with appropriate permissions:

sudo mkdir /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim

Change the opendkim configuration to support domain sockets:

sudo nano /etc/opendkim.conf

Change to match:

#Socket inet:8891@localhost
Socket local:/var/spool/postfix/opendkim/opendkim.sock

Edit main.cf to support the configuration:

sudo nano /etc/postfix/main.cf

Change:

smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

Restart both processes:

sudo systemctl restart opendkim postfix
Paul
  • 2,755
  • 6
  • 24
  • 35