我在 ubuntu 16.04 主机上用 postfix 设置了 opendkim (2.10)。根据日志,一切正常(即没有错误),但邮件未被签名。我可以看到 postfix 正在将消息传递给 OpenDKIM(因为我停止了 opendkim,postfix 抱怨它不在那里),但我无法看到 OpenDKIM 本身。
这是我的配置:
opendkim.conf:
Canonicalization relaxed/relaxed
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
MinimumKeyBits 1024
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SigningTable refile:/etc/opendkim/SigningTable
# Must agree with value in /etc/default/opendkim.
Socket inet:8891@localhost
## Postfix puts itself in a chroot jail and can't see this in the
## default location. So just use TCP.
# Socket local:/var/run/opendkim/opendkim.sock
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim
# Always oversign From (sign using actual From and a null From to prevent malicious
# signatures header fields (From and/or others) between the signer and the verifier)
OversignHeaders From
# Hashing Algorithm
SignatureAlgorithm rsa-sha256
# Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops
AutoRestart Yes
键表:
nantes-1.p27.eu p27.eu:mail:/etc/opendkim/p27.eu.key
签名表:
*@p27.eu nantes-1.p27.eu
*@transport-nantes.com nantes-1.p27.eu
受信任的主机:
127.0.0.1
postfix/main.cf:
# [...]
# OpenDKIM
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
# Postfix v3 so milter protocol 6 and not 2.
milter_protocol = 6
# There was a time, at least, when "auth_type" was not passed by default.
# I've not been able to determine if this still matters or not.
milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen}"
测试:
发送邮件不会导致日志中出现任何错误,但邮件未经过 dkim 签名。我在本地测试时,看到以下内容:
[T] jeff@nantes-1:~ $ opendkim-testkey -d p27.eu -s mail -vvvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.p27.eu'
opendkim-testkey: key not secure
opendkim-testkey: key OK
[T] jeff@nantes-1:~ $ opendkim-testkey -d transport-nantes.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.transport-nantes.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK
[T] jeff@nantes-1:~ $
有什么建议我做错了什么或者如何进一步调试?
附录:解决方案
ubuntu 16.04 OpenDKIM 解决方案生成 OpenDKIM 如下:
/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/ope dkim.pid -p inet:8891@localhost
解决方案是/etc/opendkim.conf
而不是/etc/opendkim/opendkim.conf
。(我在某处读到/etc/opendkim/opendkim.conf
,无论正确与否,我永远都会把两者视为相同。)
答案1
ubuntu 16.04 OpenDKIM 解决方案生成 OpenDKIM 如下:
/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim \
-P /var/run/opendkim/ope dkim.pid -p inet:8891@localhost
解决方案是使用 /etc/opendkim.conf 而不是 /etc/opendkim/opendkim.conf。(我曾经在某个地方读过 /etc/opendkim/opendkim.conf,无论正确与否,我永远都认为它们是一样的。)
换句话说,这是人类大脑中已知的错误(看到接近正确的东西,但此后每次都看到相同的东西)和 OpenDKIM 的奇怪约定违反(通常人们会创建一个子目录,/etc/
而不是直接将文件放入/etc/
,特别是如果您以后需要更多文件)。