postfix relay with opendkim

Question

i'm using opendkim + postfix as a MTA for my website , everything is working: mail are signed by DKIM , gmail mark them as "pass"

the issue is when i'm using this config as a relay from another vm ( via ssmtp ):

As a relay, mails are sent succesfully but never signed by the couple postfix / opendkim

for each test, the sender and the recipiant are the same

here are the logs: direct (mail sent + dkim ok ):

> Apr  7 16:07:16 media-perso postfix/pickup[32522]: CD59C2408AC: uid=0
> from=<me@****.net> Apr  7 16:07:16 media-perso postfix/cleanup[32753]:
> CD59C2408AC: message-id=<20170407140716.CD59C2408AC@ip-***-***-***.eu>
> Apr  7 16:07:16 media-perso postfix/qmgr[32523]: CD59C2408AC:
> from=<me@****.net>, size=379, nrcpt=1 (queue active) Apr  7 16:07:17
> media-perso postfix/qmgr[32523]: CD59C2408AC: removed

when postfix is the relay ( mail sent, but no dkim sign ):

Apr  7 16:07:01 media-perso postfix/smtpd[32750]: connect from repl.****.com[149.***.***.***]
Apr  7 16:07:01 media-perso postfix/smtpd[32750]: 1BD99240365: client=repl.****.com[149.***.***.***]
Apr  7 16:07:02 media-perso postfix/cleanup[32753]: 1BD99240365: message-id=<>
Apr  7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: from=<me@****.net>, size=491, nrcpt=1 (queue active)
Apr  7 16:07:02 media-perso postfix/smtpd[32750]: disconnect from repl.****.com[149.***.***.***]
Apr  7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: removed

of course i would like to sign with DKIM in any case ( direct + relay ) here is the ssmtp config:

root=postmaster
mailhub=mailhub ( postfix server )
hostname=FQDN
FromLineOverride=YES
UseSTARTTLS=YES ( i tried with/without this )

Posfix conf:

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = ip-***-176.eu, *****.net, media-perso, localhost.localdomain, localhost
myhostname = ip-****176.eu
mynetworks = hash:/etc/postfix/trusted_client
myorigin = *****.net
non_smtpd_milters = local:/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relayhost =
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 20
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scace
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = local:/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport

what am i missing ?

config: debian 8

installation from: https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8

Answer 1

The source of the issue was the trusted host list

If the smtp client isn't in that list, no error or any log is printed. The mail is sended but with no DKIM signature

In my case, here is my configs

/etc/opendkim.conf
ExternalIgnoreList              refile:/etc/opendkim/trusted.hosts

to resolve this, just add the IP / fqdn of the client on /etc/opendkim/trusted.hosts

then restart opendkim deamon