keytable and signingtable

From: Fabrizio Regalli <>
Date: Wed, 01 Dec 2010 10:40:11 +0100

I switched from dkim-militer to opendkim because it's more updated and
more developed but I need a clarification about keytable and
signingtable that replacing previous KeyList mechanism
My scenario: many users for many domains. Each domains have one key and
each user use it for signing.
Reading the man page I found an example on how to create keytable


but I don't understand very well what's "preskey" stay for.
Is it an alias? Is it the selector name?
Assuming "preskey" it's an alias, I create my keytable in this way:


"fab" it's the alias
"" it's the domain
"mail" it's the selector
"/var/db/dkim/" it's the key path

and my signingtable look like:

* fab

but unfortunately I can't send the e-mail, and my /var/log/mail.log

 opendkim[18308]: 8D2F0221AC error loading key `fab'

My /etc/opendkim.conf looks like:

Syslog yes
LogWhy yes
UMask 002
KeyTable refile:/etc/opendkim/keytable
SigningTable refile:/etc/opendkim/signingtable
On-Default accept
On-BadSignature accept
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security tempfail

and the permission of the key file seems to be ok

-rw------- 1 opendkim opendkim 887 dic
100:08 /var/db/dkim/

I have generated the key according the man page:

opendkim-genkey -s mail -d


opendkim-testkey -d -s mail
-k /var/db/dkim/

return nothing, so I suppose my key it's ok.

What I have missed?

Once again, thanks!

Received on Wed Dec 01 2010 - 09:40:36 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:50 PST