OpenDKIM isn't signing nor throwing any errors in log

From: Antony <>
Date: Fri, 09 Mar 2012 19:27:36 -0600

Hi all,

I am in the process of setting up DKIM on the Amazon EC2 cloud, but am
currently to get OpenDKIM to sign outgoing mails at all.
First of all, before I get to OpenDKIM, I can verify that I was able to
send email via Postfix 2.7 (running in Satellite mode), which is relayed
by Amazon SES. I verified with the following test
su - info
echo test | mail -s "test email sent abc"

For OpenDKIM, I followed through this wonderful tutorial _at_
However, in the log, I would see something like the following
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32168]: OpenDKIM Filter: mi_stop=1
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32168]: OpenDKIM Filter v2.0.2
terminating with status 0, errno = 0
Mar 9 23:35:48 ip-10-64-6-122 opendkim[32270]: OpenDKIM Filter v2.0.2
starting (args: -x /etc/opendkim.conf -u opendkim -P
Mar 9 23:36:11 ip-10-64-6-122 postfix/pickup[32184]: E5377982ED:
uid=1002 from=<info>
Mar 9 23:36:11 ip-10-64-6-122 postfix/cleanup[32246]: E5377982ED:
Mar 9 23:36:11 ip-10-64-6-122 postfix/qmgr[32185]: E5377982ED:
from=<>, size=332, nrcpt=1 (queue active)
Mar 9 23:36:12 ip-10-64-6-122 postfix/pipe[32248]: E5377982ED:
to=<>, relay=aws-email, delay=0.51,
delays=0.03/0/0/0.48, dsn=2.0.0, status=sent (delivered via aws-email
Mar 9 23:36:12 ip-10-64-6-122 postfix/qmgr[32185]: E5377982ED: removed

And that's it. The only reference I see is that OpenDKIM started and
listens on port 8891, but there is no sign of OpenDKIM ever picking up a
message and doing anything with it before handing it over to aws-email
for delivery.

In the /etc/opendkim.conf, I have the following settings
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/
SignatureAlgorithm rsa-sha1
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891_at_localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim
#OmitHeaders Message-Id,Date,Bounces-To,Return-Path
OmitHeaders "."
SignHeaders "."

Note that I have enabled LogWhy to Yes, but that doesn't seem to produce
more log inside /var/log/mail.log

Inside the /etc/opendkim, here are the permission. Certain that
opendkim:opendkim has access to the directory and its subdirs
sudo chown -R opendkim:opendkim /etc/opendkim
ls -la
drwxr-xr-x 3 opendkim opendkim 4096 2012-03-09 23:34 .
drwxr-xr-x 89 root root 4096 2012-03-10 01:04 ..
drwx------ 3 opendkim opendkim 4096 2012-03-09 22:26 keys
-rw-r--r-- 1 opendkim opendkim 81 2012-03-09 22:17 KeyTable
-rw-r--r-- 1 opendkim opendkim 42 2012-03-09 22:19 SigningTable
-rw-r--r-- 1 opendkim opendkim 97 2012-03-09 23:34 TrustedHosts

sudo cat ./SigningTable

sudo cat ./KeyTable

sudo cat ./TrustedHosts

sudo cat ./keys/
{This will output the private key, intentionally not included in this email}

sudo cat ./keys/
main._domainkey IN TXT "v=DKIM1; g=*; k=rsa;
; ----- DKIM main for

nslookup -type=txt
{returns the following} text = "k=rsa\;

Lastly, for /etc/postfix/
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,, localhost.ec2.internal,
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
#inet_interfaces = loopback-only
inet_protocols = all
default_transport = aws-email
smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Well, I have been checking , double checking, and banging my head with
the configs, and can't seem to figure out what went wrong. If there are
any other parameters I can try in opendkim.conf to produce more logs,
please let me know. I just simply don't know why OpenDKIM isn't signing
the outgoing mails.

Thanks a bunch in advance!
Received on Sat Mar 10 2012 - 01:27:44 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:38 PST