Make postfix/opendkim sign mail from all domains

opendkimpostfix

So, at the moment I am signing mails from specific domains using opendkim and this works. But when I try to send mails from domains that opendkim does not know, they they are not signed.

What I want to do, is to make opendkim sign all emails going through postfix using a single domain, just like mailchimp etc is doing.

Example:
I am sending emails from myname@mydomain.com using mailchimp, and the signeture is something like the following:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; 
  d=mail2.suw13.rsgsv.net;
  h=Subject:From:Reply-To:To:Date:Message-ID:
    List-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; 
  i=*****mydomain.com@mail2.suw13.rsgsv.net; 
  bh=4Rla76/wHV31ER3IZqXOuA09j3OG2SuFbfD5Jc7Kn94=;  
  b=17jmyvz05JfeNC+avqWJmtESF2A58LA/CievFVtQ0sqwo4FYKAP
    0Gfpjtc5LSG7tr9ntS5CziAgSOa+UyEjRP3AhZOOXDFoQMUG0gn
    tqxg/gP074Vi7Hy0XvFzAiJYZfAhijwvaroY45hjuX+RN3nQ0xT
    fhWem5mv3+VVYpwvUo=

How do I achieve this?

Best Answer

like this answer the trick lies in the use of SigningTable and KeyTable:

/etc/opendkim.conf

...
SigningTable    refile:/etc/mail/dkim_signing_table
KeyTable        csl:keyname=example.com:selector:/etc/mail/selector.key

/etc/mail/dkim_signing_table

* keyname

So the SigningTable maps all domains to a key, and the KeyTable provides a domain/selector for the keyname.

Explanation

By default, OpenDKIM was combined with postfix through milter. Enabling/Disabling milter application was controlled by smtpd_milters and non_smtpd_milters parameters. For application who send email through smtpd, the correspondence parameter is smtpd_milters, for sendmail, the parameter is non_smtpd_milters

Solution

Replace non_smtpd_milters = with

non_smtpd_milters = inet:localhost:8891

Received spam spoofed from the domain is signed by opendkim, spf=pass by opendmarc

Despite the fact the mail was from an external source, the accepted return path is internal. It also appears the external host used your domain in its HELO command.

Return-Path: <accounting@mydomain.com>
Received: from mydomain.com (60-241-c-d.tpgi.com.au [60.241.c.d])
    by host.mydomain.com (Postfix) with SMTP id 934533DA0157
    for <techsupport@mydomain.com>; Thu,  8 Sep 2016 14:58:48 +0000 (UTC)

The message should have been rejected based on the domain in the return path and/or the domain in the HELO command. Try to configure your server to reject mail based on these factors. I would consider accepting the message is a configuration issue for the mail server.

I believe OpenDKIM behaved correctly signing a message from a local address despite the external IP address. This would be the behavior if you had authenticated from the internet before sending.

Best Answer

Related Solutions

Php – Postfix/OpenDKIM not signing PHP sent emails

Explanation

Solution

Received spam spoofed from the domain is signed by opendkim, spf=pass by opendmarc

Related Topic