I'm having the problem that opendkim testkey returns error "invalid data set type" unless I pass the domain and the selector to the command. Why does it happen? Details below:
Without domain and selector:
root@condor1796 /etc/opendkim # sudo -u opendkim opendkim-testkey -vvvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: invalid data set type
root@condor1796 /etc/opendkim #
with the domain and the selector specified:
root@condor1796 /etc/opendkim # sudo -u opendkim opendkim-testkey -vvvv -d numbeo.com -s mail
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.numbeo.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK
Key not secure output is, as I've learned in another thread:
The "key not secure" does not indicate an error. It is an expected
consequence of not using DNSSSEC.
This is my config file:
root@condor1796 /etc/opendkim # cat /etc/opendkim.conf
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
And these are referenced files:
root@condor1796 /etc # sudo -u opendkim cat /etc/opendkim/KeyTable
mail._domainkey.numbeo.com numbeo.com:mail:/etc/opendkim/keys/numbeo.com/mail.private
root@condor1796 /etc # sudo -u opendkim head -n 2 /etc/opendkim/keys/numbeo.com/mail.private
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDPqBmXSBbSXdmDIOqriDqI7/HJz1AqJNjK+Jqd0EQHEmXS5BHB
root@condor1796 /etc # sudo -u opendkim cat /etc/opendkim/SigningTable
*@numbeo.com mail._domainkey.numbeo.com
Any idea why I'm getting error with opendkim-testkey if I don't specify the domain and the selector?
Best Answer
I've solved the problem. This thread helped:
OpenDKIM not signing mail
opendkim.conf has to have this line
(without refile:/ prefix)
This now works: