Postfix
OpenDKIM 給出未找到密鑰的錯誤
所以我已經用 Postfix 設置了 OpenDKIM,我仍然可以發送電子郵件,但是當我這樣做時:
opendkim-testkey -d example.com -s mail -vvv
我回來了:
opendkim-testkey: using default configfile /etc/opendkim.conf opendkim-testkey: checking key 'mail._domainkey.example.com' opendkim-testkey: No key
如果我使用 check-auth@verifier.port25.com 它說
DKIM check: permerror
和result: permerror (no usable key records)
但在電子郵件中,我可以在帶有 s=mail 和 d=mydomain.com 等的電子郵件標頭中看到我的公鑰…
/etc/opendkim/ 設置為 opendkim:opendkim 用於使用者和組。
我的 opendkim.conf:
# This is a basic configuration that can easily be adapted to suit a standard # installation. For more advanced options, see opendkim.conf(5) and/or # /usr/share/doc/opendkim/examples/opendkim.conf.sample. # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) #Domain example.com #KeyFile /etc/mail/dkim.key Selector mail # Commonly-used options; the commented-out versions show the defaults. #Canonicalization simple #Mode sv #SubDomains no #ADSPAction continue # Always oversign From (sign using actual From and a null From to prevent # malicious signatures header fields (From and/or others) between the signer # and the verifier. From is oversigned by default in the Debian pacakge # because it is often the identity key used by reputation systems and thus # somewhat security sensitive. OversignHeaders From # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures # (ATPS) (experimental) #ATPSDomains example.com ########################### # My Config Setup Below # ########################### AutoRestart Yes AutoRestartRate 10/1h SyslogSuccess Yes LogWhy Yes Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable Mode sv PidFile /var/run/opendkim/opendkim.pid SignatureAlgorithm rsa-sha256 UserID opendkim:opendkim Socket inet:12301@localhost
我的 KeyTable 文件:
example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
我的簽名表文件:
*@example.com example.com
非常感謝您對此的任何幫助。
現在整理好了。
我將公鑰放在主要部分的 DNS 記錄中,而我應該將它放在子域部分中,並以 mail._domainkey.example.com 作為名稱/子域。