May 142013
 

Ci spiace, ma questo articolo è disponibile soltanto in Inglese Americano.

Popular Posts:

Flattr this!

  13 Responses to “(English) Using OpenDKIM to Sign Postfix Mails on Debian”

  1. Interesting article. Thanks!

    Does this also work for vitual domains? Perhaps you might do another howto for using OpenDKIM with virtual domains.

  2. Of course it works, one just needs to create separate setting for each of his domains. Check step 3. 🙂

  3. You could perhaps modify the schema : publish/retrieve the public key (and not the private key)

  4. Why did you set milter protocol 2, not 6?

  5. at first: thank you very much for your tutorial, but i found one thing not working as expected when sending emails to this test service:
    http://www.brandonchecketts.com/emailtest.php
    it tells mit that “public key: does not support hash algorithm ‘sha256′”, so i recreated the keys with the following option removed: “-h rsa-sha256”
    No everything works like a charm.

  6. Thank you very much for your helpful tutorial.

    I had an issue with opendkim failing to find the key, throwing an error like this:
    signing table references unknown key 'example.com'

    I was able to solve this problem by modifying the entry for KeyTable in the opendkim configuration file (shown in step 10 above). Removing the “refile:” portion of the KeyTable line did the trick:
    KeyTable /etc/opendkim/KeyTable

    (Note that the SigningTable entry should still use “refile:”.)

    For reference, I am using opendkim 2.6.8. Perhaps the format for the configuration file has changed between versions.

  7. The “-h” parameter should be only “sha256” and not “rsa-sha256”.
    From the reference RFC: http://tools.ietf.org/html/rfc6376#page-27

    key-h-tag = %x68 [FWS] "=" [FWS] key-h-tag-alg
    *( [FWS] ":" [FWS] key-h-tag-alg )
    key-h-tag-alg = "sha1" / "sha256" / x-key-h-tag-alg
    x-key-h-tag-alg = hyphenated-word ; for future extension

  8. Help me out whenever I need to freshly set up my server! You should consier accepting tips via Bitcoin. 😉

  9. Thank so much, this article is very helpful, but i found error in “OversignHeaders From” on step 10, i don’t know how to fix this. please help me.

  10. Nice guide but it needs an update opendkim-genkey -r -h rsa-sha256 -d example.com -s mail should be
    opendkim-genkey -r -h sha256 -d example.com -s mail

    else it generates a permerror testing dkim at elandsys auto test

  11. steel alive?
    at today I’m looking for solution to error “unknown hash ‘rsa-sha256′” when testing my record key on my dns, i’m testing and looking to fix and no solution, i had generated the key by some ways with or without the -h sha256, -h SHA256 parameters and updated the record file them testing and receive the same error “unknown hash ‘rsa-sha256’

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*