RE: OpenDKIM not doing anything on RHEL 6.1

From: Rory Jaffe <>
Date: Tue, 20 Sep 2011 16:04:26 +0000

Victory! Thanks to all for your help. Adding a "" line to
SigningTable fixed the problem.

And to Steve's question, I built my own key immediately after installing the
program. Then, when I started opendkim for the first time, it went ahead and
also made a key. I was a bit flustered by that, but checking the configuration
files I had built, notice that the automatically created key wasn't addressed
in the config files, so it was still using my key. I suspect that this state
of affairs will confuse some people, and I wish there were some mechanism to
help with startup. For example, including a configuration script that can be
optionally run by someone immediately after installation, which would ask a
couple of questions, such as--are you relaying mail that should get signed,
what domains should be covered, should all or some subdomains also be covered,
yada yada yada--and then spit out the proper configuration files.

And a note about an earlier suggestion that it may not be signing mails to the
same domain, which might be expected behavior with my configuration--I tried
sending to the domain, and it signed the email.

While I still have your attention, a question about email client behavior and

1. Should the public key be placed in both the and the
DNS records, or will a DKIM-aware client know to check if there is
no entry at

-----Original Message-----
From: Murray S. Kucherawy []
Sent: Monday, September 19, 2011 8:18 PM
To: Rory Jaffe
Subject: RE: OpenDKIM not doing anything on RHEL 6.1

On Tue, 20 Sep 2011, Rory Jaffe wrote:
> Thanks--changing the entries to file: didn't do anything, but changing
> the logging gave the following information when I restarted it and
> tried sending again:
> [...]
> Sep 19 20:12:50 www opendkim[29591]: B56FB2A0B7A: no signing table
> match for ''

According to your first email, your signing table entry is:

The string "" doesn't match "". Try adding a second
line for "" (an explicit match), or simply prepend a "." to the
one you have (which means "all subdomains of"). If you also
want to sign for "" itself, you'll want two lines:


Received on Tue Sep 20 2011 - 16:04:39 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:20 PST