RE: OpenDKIM problems with Postfix

From: Justin T. Stear <>
Date: Fri, 26 Oct 2012 09:03:31 -0500

The opendkim.conf...
# Log additional entries indicating successful signing or verification
of messages.
SyslogSuccess yes

# If logging is enabled, include detailed logging about why or why not a
message was
# signed or verified. This causes an increase in the amount of log data
# for each message, so set this to No (or comment it out) if it gets too
LogWhy yes

# Attempt to become the specified user before starting operations.
UserID opendkim:opendkim

# Create a socket through which your MTA can communicate.
Socket inet:8891_at_localhost

# Required to use local socket with MTAs that access the socket as a
# privileged user (e.g. Postfix)
Umask 002

# This specifies a text file in which to store DKIM transaction
Statistics /var/spool/opendkim/stats.dat


# Selects the canonicalization method(s) to be used when signing
Canonicalization relaxed/simple

# Domain(s) whose mail should be signed by this filter. Mail from other
domains will
# be verified rather than being signed. Uncomment and use your domain
# This parameter is not required if a SigningTable is in use.

# Defines the name of the selector to be used when signing messages.
Selector default

# Gives the location of a private key to be used for signing ALL
#KeyFile /etc/opendkim/keys/default.private

# Gives the location of a file mapping key names to signing keys. In
simple terms,
# this tells OpenDKIM where to find your keys. If present, overrides any
# setting in the configuration file.
KeyTable refile:/etc/opendkim/KeyTable

# Defines a table used to select one or more signatures to apply to a
message based
# on the address found in the From: header field. In simple terms, this
# OpenDKIM how to use your keys.
SigningTable refile:/etc/opendkim/SigningTable

# Identifies a set of "external" hosts that may send mail through the
server as one
# of the signing domains without credentials as such.
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

# Identifies a set internal hosts whose mail should be signed rather
than verified.
InternalHosts refile:/etc/opendkim/TrustedHosts

Justin Stear

-----Original Message-----
From: Steve Jenkins []
Sent: Thursday, October 25, 2012 6:48 PM
To: Justin T. Stear
Subject: Re: OpenDKIM problems with Postfix

On Thu, Oct 25, 2012 at 2:02 PM, Justin T. Stear
<> wrote:
> Steve,
> It appears you have fixed a networking problem as well. Now I am
> getting,
> opendkim]# service opendkim start
> Generating default DKIM keys: [ OK ]
> Default DKIM keys for created in /etc/opendkim/keys.
> Starting OpenDKIM Milter: opendkim: smfi_opensocket() failed
> So, it looks like once smfi_opensocket error gets fixed I should be
> to go.
> Thank you for your help!

Cool - I figured that would fix the networking stuff, but the
smfi_opensocket() stuff... that's strange. You might get that if the
socket is already open, or if you're trying to use both TCP and Unix
sockets simultanerously.

That section of my looks like this:

smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
#milter_protocol = 2
milter_default_action = accept

(I comment out the milter_protocol because I'm using a modern version
of Postfix)

Can you share your opendkim.conf file?


***Privacy Statement*** This message and/or attached documents may contain
privileged/confidential information and is intended for use by the intended
recipient only. If you are not the intended recipient indicated in this message
(or responsible for delivery of the message to such person), you may not
transmit, copy, disclose, store, or utilize this communication in any manner.
If you received this message in error, please notify the sender immediately
and permanently delete this message from your computer. If you or your employer
does not consent to internet e-mail messages of this kind, please notify the
sender immediately. The views, opinions, conclusions, and other information
expressed in this message are not given or endorsed by Maurer-Stutz, Inc. unless
it’s related to official business.
Received on Fri Oct 26 2012 - 14:03:45 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:44 PST