Opendkim LDAP and signing table references unknown key

From: Sistemisti Posta <>
Date: Fri, 18 Dec 2015 15:14:12 +0100

Hello opendkim users,

  I'm new in this world. I would ask your help to configure this good
software. I tried to configure opendkim as follow:


KeyTable is a file which contains:


LDAP entries of signing users is like this:

        dn: ...
        o: keyID_it

My goal is to force all users having LDAP entry with
        o: keyID_it
to sign. All other user can send without sign.

With this configuration, if a user (from) matches o=keyID_it then
opendkim signs the mail and all works as expected. I'm happy.

But if a user doesn't match (such as 'o' attribute doesn't exists in its
LDAP entry) I see:

opendkim[25959]: 3pMVKK6y5HzDc: signing table references unknown key ''
postfix/cleanup[26327]: 3pMVKK6y5HzDc: milter-reject: END-OF-MESSAGE
from[xx.xx.xx.xx]: 4.7.1 Service unavailable - try again
later; from=<> to=<> proto=ESMTP

So my question is: how can I configure the KeyTable to force only
existing references to sign? With my current configuration if a signing
selector doesn't exists the opendkim forces a milter-reject.

I have already tried "On-SignatureError accept".

Thank you very much
Best Regards
Received on Fri Dec 18 2015 - 14:14:24 PST

This archive was generated by hypermail 2.3.0 : Fri Dec 18 2015 - 14:18:01 PST