Domain DKIM don't sign mail

[Orminor77]

Hello everyone,

I don't think i'm the only one to have this issue.
When I do all the configuration for domain and the DKIM box it's green, my mail don't pass dkim on gmail or other webmail, can someone help me to fix that please, i read some articles about openDKIM on mobodoa website or github but don't work for me, or I fail somewhere.

Thanks in advance for your answer.

[ghost]

Same issue for me, DKIM configuration is fine but all of my mails are not signed..

[Orminor77]

Same issue for me, DKIM configuration is fine but all of my mails are not signed..

I could see that Modoboa uses Amavis to sign mails but only locally, I don't understand the interest, there is surely a configuration to do with openDKIM which is also provided with the Modoboa installer. I also tried to install via CentOS 7, Debian 9-10 and Ubuntu 18.04-20.04 but still the same problem. I'm out of ideas.

[tonioo]

If you used the installer, then OpenDKIM should be installed to sign emails. If you did a manual setup, then you need to install either OpenDKIM or configure amavis to sign emails.

[yigitkeremoktay]

If you used the installer, then OpenDKIM should be installed to sign emails. If you did a manual setup, then you need to install either OpenDKIM or configure amavis to sign emails.

I did use the installer and yet, still does not sign emails.

[tonioo]

@yigitkeremoktay Do you see something in logs?

[Orminor77]

If you used the installer, then OpenDKIM should be installed to sign emails. If you did a manual setup, then you need to install either OpenDKIM or configure amavis to sign emails.

Personally I just used the quick installer and I also followed the tutorials of "Linuxbabe" on Debian, Ubuntu and Centos but on all three the mails do not sign

[yigitkeremoktay]

@yigitkeremoktay Do you see something in logs?

Is there a specific log that I should check?

[tonioo]

/var/log/mail.log

[Orminor77]

If you used the installer, then OpenDKIM should be installed to sign emails. If you did a manual setup, then you need to install either OpenDKIM or configure amavis to sign emails.

Personally I just used the quick installer and I also followed the tutorials of "Linuxbabe" on Debian, Ubuntu and Centos but on all three the mails do not sign

@tonioo Hello, do you have an idea of the issue?

[yigitkeremoktay]

/var/log/mail.log

I don't see anything suspcious but there is this

Apr 8 09:50:54 hostname opendkim[1078]: 2A7F2604F9: no signing table match for 'sender-from@another-domain.com'
Apr 8 09:50:54 hostname opendkim[1078]: 2A7F2604F9: no signature data

but there is nothing for our accounts, the ones hosted on our mail server

[tonioo]

Can you check the content of the dkim view in your database?

[Orminor77]

Can you check the content of the dkim view in your database?

How to do that? please

[yigitkeremoktay]

and I can confirm that that file is containing an RSA Key.

[mattg66]

Same issue here, installer installed, version 1.17.0

[rheinon]

Same here. Fresh install on Debian 10.9. Dkim key is installed in DNS. SPF all looks good. Email test score: 9/10. 1 point loss is from DKIM not signing.

Postfix version:
root@mail:~# postconf mail_version
mail_version = 3.4.14

Opendkim is running:
~# systemctl status opendkim
Apr 10 18:29:22 mail.domain.com systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...
Apr 10 18:29:22 mail.domain.com systemd[1]: Started OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Apr 10 18:29:22 mail.domain.com opendkim[14258]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)

/var/lib/dkim/domain.com.pem
Permission = 600, Owner =opendkim, private key looks good

/etc/default/opendkim:
RUNDIR=/var/run/opendkim
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=
SOCKET="inet:12345@localhost" # no effect if taking out the quotes or making it 127.0.0.1

/etc/postfix/main.cf:
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s

/etc/opendkim.conf:
KeyTable dsn:mysql://opendkim:vdRdiOWDEY9fjoFG@127.0.0.1/modoboa/table=dkim?keycol=id?datacol=domain_name,selector,private_key_path
SigningTable dsn:mysql://opendkim:vdRdiOWDEY9fjoFG@127.0.0.1/modoboa/table=dkim?keycol=domain_name?datacol=id
Socket inet:12345@localhost
PidFile /var/run/opendkim/opendkim.pid
ExternalIgnoreList /etc/opendkim.hosts
InternalHosts /etc/opendkim.hosts

/etc/opendkim.hosts:
127.0.0.1
::1
localhost

/run/opendkim/opendkim.pid
Owner is root:root. No effect if changing it to opendkim:opendkim

MariaDB [modoboa]> select * from dkim;

Here's the /var/log/mail.log when opendkim is restarted:
Apr 10 18:53:06 mail opendkim[14258]: OpenDKIM Filter: mi_stop=1
Apr 10 18:53:06 mail opendkim[14258]: OpenDKIM Filter v2.11.0 terminating with status 0, errno = 0
Apr 10 18:53:06 mail opendkim[17449]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)

[jefffryfry]

I can confirm same behavior. emails not signing. ran quick installer.
I did find this in the log...
Apr 15 14:00:08 mail opendkim[1307]: 53ED7121C0C: no signing table match for 'root@mail.replacedomain.tech'
Apr 15 14:00:08 mail opendkim[1307]: 53ED7121C0C: no signature data
but not sure where to remedy this

[camodebw]

I can confirm the same issue. Outgoing Emails are not DKIM signed.

Auto Installer on Debian 10 runs fine, DKIM Key is generated.

In the mail.log I can't see any opendkim error.

#postconf mail_version
mail_version = 3.4.14

#ls -l /var/lib/dkim/
total 9
-rw------- 1 opendkim opendkim 1679 Apr 15 16:44 mydomain.tld.pem
-rw------- 1 opendkim opendkim 1679 Apr 15 19:51 mydomain2.tld.de.pem

#postconf mail_version
mail_version = 3.4.14

#cat /etc/default/opendkim
RUNDIR=/var/run/opendkim
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=
SOCKET="inet:12345@localhost"

#cat /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = inet:127.0.0.1:12345
milter_default_action = accept
milter_content_timeout = 30s
milter_protocol = 6

#cat /etc/opendkim.conf
Syslog yes
SyslogSuccess Yes
LogWhy Yes
LogResults Yes
UMask 007
KeyTable dsn:pgsql://opendkim:PaSSword@127.0.0.1/modoboa/table=dkim?keycol=id?datacol=domain_name,selector,private_key_path
SigningTable dsn:pgsql://opendkim:PaSSword@127.0.0.1/modoboa/table=dkim?keycol=domain_name?datacol=id
SubDomains yes
Canonicalization relaxed/relaxed
Socket inet:12345@localhost
PidFile /var/run/opendkim/opendkim.pid
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
UserID opendkim
ExternalIgnoreList /etc/opendkim.hosts
InternalHosts /etc/opendkim.hosts

#cat /etc/opendkim.hosts
127.0.0.1
::1
localhost

#ls -l /run/opendkim/opendkim.pid
-rw-rw---- 1 root root 4 Apr 16 11:14 /run/opendkim/opendkim.pid

#modoboa=> postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
--------------+--------------+-----------+---------+-------+-----------------------
amavis | amavis | SQL_ASCII | C | C | =Tc/amavis +
| | | | | amavis=CTc/amavis +
| | | | | modoboa=CTc/amavis
modoboa | modoboa | SQL_ASCII | C | C |
postgres | postgres | SQL_ASCII | C | C |
spamassassin | spamassassin | SQL_ASCII | C | C |
template0 | postgres | SQL_ASCII | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | SQL_ASCII | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
(6 rows)

#modoboa-> postgres=#\dt
List of relations
Schema | Name | Type | Owner
--------+-------------------------------------+-------+---------
public | admin_alarm | table | modoboa
public | admin_alias | table | modoboa
public | admin_dnsblresult | table | modoboa
public | admin_domain | table | modoboa
public | admin_domainalias | table | modoboa
public | admin_mailbox | table | modoboa
public | admin_mailboxoperation | table | modoboa
public | admin_mxrecord | table | modoboa
public | admin_quota | table | modoboa
public | admin_senderaddress | table | modoboa
public | auth_group | table | modoboa
public | auth_group_permissions | table | modoboa
public | auth_permission | table | modoboa
public | authtoken_token | table | modoboa
public | core_extensionupdatehistory | table | modoboa
public | core_localconfig | table | modoboa
public | core_log | table | modoboa
public | core_objectaccess | table | modoboa
public | core_user | table | modoboa
public | core_user_groups | table | modoboa
public | core_user_user_permissions | table | modoboa
public | django_content_type | table | modoboa
public | django_migrations | table | modoboa
public | django_session | table | modoboa
public | django_site | table | modoboa
public | dnstools_dnsrecord | table | modoboa
public | limits_domainobjectlimit | table | modoboa
public | limits_userobjectlimit | table | modoboa
public | maillog_maillog | table | modoboa
public | modoboa_admin_aliasrecipient | table | modoboa
public | modoboa_contacts_addressbook | table | modoboa
public | modoboa_contacts_category | table | modoboa
public | modoboa_contacts_contact | table | modoboa
public | modoboa_contacts_contact_categories | table | modoboa
public | modoboa_contacts_emailaddress | table | modoboa
public | modoboa_contacts_phonenumber | table | modoboa
public | otp_static_staticdevice | table | modoboa
public | otp_static_statictoken | table | modoboa
public | otp_totp_totpdevice | table | modoboa
public | postfix_autoreply_arhistoric | table | modoboa
public | postfix_autoreply_armessage | table | modoboa
public | radicale_accessrule | table | modoboa
public | radicale_sharedcalendar | table | modoboa
public | radicale_usercalendar | table | modoboa
public | relaydomains_recipientaccess | table | modoboa
public | reversion_revision | table | modoboa
public | reversion_version | table | modoboa
public | transport_transport | table | modoboa
(48 rows)

#modoboa-> postgres=#\dv
List of relations
Schema | Name | Type | Owner
--------+------+------+---------
public | dkim | view | modoboa
(1 row)

#modoboa=> select * from dkim;
-[ RECORD 1 ]----+----------------------------------------
id | 3
domain_name | mydomain.tld
private_key_path | /var/lib/dkim/mydomain.tld.pem
selector | myd
-[ RECORD 2 ]----+----------------------------------------
id | 2
domain_name | mydomain2.tld
private_key_path | /var/lib/dkim/mydomain2.tld.pem
selector | myd2

[walfloresh]

Same exact issue, fresh modoboa 1.17 install on Debian 10, DKIM is generated correctly from GUI, configured on DNS, DKIM Key is present on mysql db but opendkim is not signing any outgoing email. No dkim errors on mail.log whatsoever.

Any advice?

[dev-mg]

I just had the same problem on Ubuntu 20.4 and fixed it that way:

• In /etc/postfix/master.cf search for:

# Amavis return path
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
(...)
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

• Remove no_milters
• Restart postfix

Works fine now :)

[rheinon]

I just had the same problem on Ubuntu 20.4 and fixed it that way:

• In /etc/postfix/master.cf search for:

# Amavis return path
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
(...)
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

• Remove no_milters
• Restart postfix

Works fine now :)

I can confirm this works with Debian 10 as well. Great work!

[ghost]

I will try this

[Orminor77]

Thanks for your time all, its worked for me !

[mattg66]

Please reopen this issue to ensure it is resolved in the installer @Orminor77

[Orminor77]

Please reopen this issue to ensure it is resolved in the installer @Orminor77

Ok no problem ;)

[mattg66]

This fix does not work on Debian 10, Postfix refuses to send mail after the change. Postfix repsonds with a 451 4.7.1

[rheinon]

This fix does not work on Debian 10, Postfix refuses to send mail after the change. Postfix repsonds with a 451 4.7.1

Is that a fresh install? I got 2 Debian 10.9 setups, fresh install, both working perfectly after the fix. You might want to post your /etc/postfix/main.cf and check settings against the default setups posted above.

[tonioo]

I've just fixed the installer: modoboa/modoboa-installer@c9d6725.
Thank you for the analysis!

[rodrigoslayertech]

I just had the same problem on Ubuntu 20.4 and fixed it that way:

• In /etc/postfix/master.cf search for:

# Amavis return path
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
(...)
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

• Remove no_milters
• Restart postfix

Works fine now :)

Thanks!
You saved me!

[mattg66]

This fix does not work on Debian 10, Postfix refuses to send mail after the change. Postfix repsonds with a 451 4.7.1

This was due to a permissions error on the DKIM keys from server migration.