RE: Why are messages not being signed?

From: Murray S. Kucherawy <>
Date: Fri, 22 Oct 2010 10:47:11 -0700

> -----Original Message-----
> From: [] On Behalf Of Gary Mills
> Sent: Friday, October 22, 2010 9:38 AM
> To:
> Subject: Why are messages not being signed?
> When I run `opendkim-testkey', it reports that the keys do not match.
> I assume I can correct this by regenerating the keys, but does
> the opendkim check on this? Nothing was logged when it started up.

This isn't checked by the signing code. The net effect is that your signatures wouldn't verify, but it would still attach signatures.

> I reviewed the signing critera. The domain on the `From' header is
> correct, matching `Domain' in opendkim.conf. The
> client did not authenticate, but it did connect to That
> should be sufficient. The client did connect to port 25, which I
> suppose is excluded somehow. The macro list in opendkim.conf is
> empty.

Port 25 isn't specifically excluded. A connection to localhost should work unless your InternalHosts setting overrides it.

The OPERATION section of the opendkim(8) man page describes the signing test (i.e. the decision of whether or not to sign a message). This is unchanged since dkim-milter. Essentially two things have to happen: The domain has to match one of the signing domains, and the input source has to be considered "internal".

Of course, the filter also has to have signing mode enabled.

Can you attach your configuration and, if you have InternalHosts set, include the contents of that file or table? Also the command line arguments used to start it would be helpful.

Also, set LogWhy to "True", reload/restart, and try sending a message that should be signed. The resulting log entries will tell you what checks it did.

Received on Fri Oct 22 2010 - 17:47:21 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST