i'm using opendkim + postfix as a MTA for my website , everything is working: mail are signed by DKIM , gmail mark them as "pass"
the issue is when i'm using this config as a relay from another vm ( via ssmtp ):
As a relay, mails are sent succesfully but never signed by the couple postfix / opendkim
for each test, the sender and the recipiant are the same
here are the logs:
direct (mail sent + dkim ok ):
> Apr 7 16:07:16 media-perso postfix/pickup[32522]: CD59C2408AC: uid=0
> from=<me@****.net> Apr 7 16:07:16 media-perso postfix/cleanup[32753]:
> CD59C2408AC: message-id=<20170407140716.CD59C2408AC@ip-***-***-***.eu>
> Apr 7 16:07:16 media-perso postfix/qmgr[32523]: CD59C2408AC:
> from=<me@****.net>, size=379, nrcpt=1 (queue active) Apr 7 16:07:17
> media-perso postfix/qmgr[32523]: CD59C2408AC: removed
when postfix is the relay ( mail sent, but no dkim sign ):
Apr 7 16:07:01 media-perso postfix/smtpd[32750]: connect from repl.****.com[149.***.***.***]
Apr 7 16:07:01 media-perso postfix/smtpd[32750]: 1BD99240365: client=repl.****.com[149.***.***.***]
Apr 7 16:07:02 media-perso postfix/cleanup[32753]: 1BD99240365: message-id=<>
Apr 7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: from=<me@****.net>, size=491, nrcpt=1 (queue active)
Apr 7 16:07:02 media-perso postfix/smtpd[32750]: disconnect from repl.****.com[149.***.***.***]
Apr 7 16:07:02 media-perso postfix/qmgr[32523]: 1BD99240365: removed
of course i would like to sign with DKIM in any case ( direct + relay )
here is the ssmtp config:
root=postmaster
mailhub=mailhub ( postfix server )
hostname=FQDN
FromLineOverride=YES
UseSTARTTLS=YES ( i tried with/without this )
Posfix conf:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = ip-***-176.eu, *****.net, media-perso, localhost.localdomain, localhost
myhostname = ip-****176.eu
mynetworks = hash:/etc/postfix/trusted_client
myorigin = *****.net
non_smtpd_milters = local:/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relayhost =
slow_destination_concurrency_limit = 2
slow_destination_recipient_limit = 20
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scace
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = local:/opendkim/opendkim.sock
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
what am i missing ?
config: debian 8
installation from: https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8
Best Answer
The source of the issue was the trusted host list
If the smtp client isn't in that list, no error or any log is printed. The mail is sended but with no DKIM signature
In my case, here is my configs
to resolve this, just add the IP / fqdn of the client on /etc/opendkim/trusted.hosts
then restart opendkim deamon