Re: Allowing mail from multiple domains

From: Phil Stracchino <>
Date: Mon, 21 Apr 2014 15:10:46 -0400

On 04/21/14 14:07, Murray S. Kucherawy wrote:
> On Sat, 19 Apr 2014, Phil Stracchino wrote:
>>> I think I just figured out how to do this. It looks as though what I
>>> need to do is use ExternalIgnoreList.
>> ...and no, that does not appear to be entirely working. I'm still
>> seeing this message:
>> Apr 19 19:26:41 epsilon3 opendkim[12316]: 2EDFFA34B1: external host
>> attempted to send as
>> The DKIM-Signature does, however, appear to be being added now even
>> though I'm still getting the external host warning. When I send test
>> messages out and reflect back in, though, I'm getting an authentication
>> error because the key was not found, which is peculiar...
> "Key not found" is a DNS problem. Is your public key visible from the
> outside at the right location?

Thanks for responding, Murray.

It's supposed to be, yes, both internally and externally. The TXT
record is set in both the internal and external view of the domain. I
could tell there was a DNS issue, what's not clear to me is *why* there
is a DNS issue. Everything looks correct to me at the DNS level. Do
you have any advice for troubleshooting this specific problem? How
would you go about troubleshooting a failure of opendkim to retrieve the

> ExternalIgnoreList, set correctly, should remove the warning you're
> getting. How did you set it?

As follows, in /etc/opendkim/opendkim.conf:

Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Selector dkim
KeyFile /etc/opendkim/dkim.private
Socket inet:8891_at_localhost
SendReports yes
PidFile /var/run/opendkim/
UserID milter
Statistics /var/lib/opendkim/stats.dat

(adding to Domain was an experiment, I don't
know whether it's doing anything for me. It doesn't appear to be helping.)

  Phil Stracchino
  Babylon Communications
  Landline: 603.293.8485
Received on Mon Apr 21 2014 - 19:10:57 PST

This archive was generated by hypermail 2.3.0 : Mon Apr 21 2014 - 19:18:02 PST