UPDATE
Now the validator at mail-tester.com says the DKIM signature is fine.
On the other hand the isnotspam.com still doesn't seem to like it.
I assume it is working fine now. Also gmail accepts the email.
The change I made:
I changed the
smtpd_tls_cert_file=..
smtpd_tls_key_file=..
to hold the keys for the primary domain. However my VPS contains several domains, so it still remains to be seen what happens with mails from
someone@example2.com
END OF UPDATE
I am getting a DKIM validation error. For your reference you can find the report at the end of this post.
I am confused about what to put in the /etc/postfix/main.cf
smtpd_tls_cert_file=???
smtpd_tls_key_file=???
should these be the certificate of the domain (e.g. example.com)?
Of which these are the most relevant parts:
DomainKeys check details:
Result: neutral (message not signed)
ID(s) verified: header.From=dexter@example.com
Selector=
domain=
DomainKeys DNS Record=
DKIM check details:
Result: fail
ID(s) verified: header.From=dexter@example.com
Selector=201608
domain=example.com
DomainKeys DNS Record=201608._domainkey.example.com
I did double check that the DNS (mxtoolbox) is what I would expect it to be.
My message is getting signed, but for some reason the signature does not match.
I really am running out of options that's why I am knocking on your doors.
I followed the steps outlined here to the letter:
https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8
(A very good tutorial I think. Nevertheless this would also give me another problem:
warning: connect to Milter service local:/opendkim/opendkim.sock: Permission denied, which I worked around by changing
UMask 000
to
UMask 002).
Thanks a lot.
dexter
From the isNOTspam service:
==========================================================
Summary of Results
SPF Check : pass
Sender-ID Check : pass
DomainKeys Check : neutral
DKIM Check : fail
SpamAssassin Check : ham (non-spam)
Details:
HELO hostname: server.example.com
Source IP: 37.97.206.208
mail-from: dexter@example.com
Anonymous To: ins-phz0j2aw@isnotspam.com
SPF check details:
Result: pass
ID(s) verified: smtp.mail=dexter@example.com
DNS record(s):
example.com. 74618 IN TXT "v=spf1 a mx ip4:37.97.206.208 ip6:2a01:7c8:aac3:aa::1/48 ~all"
Sender-ID check details:
Result: pass
ID(s) verified: smtp.mail=dexter@example.com
DNS record(s):
example.com. 74618 IN TXT "v=spf1 a mx ip4:37.97.206.208 ip6:2a01:7c8:aac3:aa::1/48 ~all"
DomainKeys check details:
Result: neutral (message not signed)
ID(s) verified: header.From=dexter@example.com
Selector=
domain=
DomainKeys DNS Record=
DKIM check details:
Result: fail
ID(s) verified: header.From=dexter@example.com
Selector=201608
domain=example.com
DomainKeys DNS Record=201608._domainkey.example.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
s=201608; t=1470311857;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=To:Subject:Date:From:From;
b=Xy3uCw55frNys0VUaYiEDRxnCB0uoO9JWuXwtQYM1n6uqyNenv7EL5RTFAxjABeiL
jlfOlSN8r4HPpaKvmWff8wYyEpCvU++t67n+uoCwRixYZRG0x62wuLtFXOJc5dI5o4
EJkFvKTXuj49v/pDxPk4RYwgXmBSCcFiSY3g5YzxM3TIByBi78/6fuIo0NWHXGrBHK
m+FwiB512yyETI4r/qK+VpqNVZtHKoZlYxrWSlPSTZZDKK0j7asR/yBqiA/UDqkqgt
uSHiROnxVuhzcOqd5SVzbP0G+VjpkrP/iEdgtYVBV6+t9YhDSncZX0umAn4hPqGfyo
4GPz7s/Sf/Qbw==
Best Answer
First the postfix SSL certs have absolutely nothing to do with DKIM so that was different issue you had.
Second if you still are getting errors at isnotspam.com then don't assume everything is alright until you get a green light on all tests.
Third create new signatures for each domain and make sure the DNS entry is correct as well as permissions on the signature files.
Also make sure your postfix/main.cf has the proper entries and the .sock actually exists.
Check mail logs for errors, warnings after restart opendkim, should look something like this: