efa-project.org


https://forum.efa-project.org/

DKIM

https://forum.efa-project.org/viewtopic.php?t=5385

Page 1 of 1

DKIM

Posted: 30 Jun 2024 14:38
by elfranko
Before I start, I have firstly already setup DKIM on the old EFA 3 and 4 boxes we have used. And before I realised there was an EFA 5 I have built an Ubuntu Box and installed Postfix / opendkim from scratch (This is currently doing my signing as my old EFA box threw its hand in.
(Which isn't the issue as it was a 3 and had been configured to take email from another host to sign it. It doesn't receive external mail
This was done this way because EFA signed the email then appended a disclaimer - making a mess of the signature)

So i have built an EFA 5 on Centos Stream 9 Enabled opendkim, configured it. and couldn't get it to work. The error was Permission denied for reading the default.private no matter what permissions I gave it it still said that. Comparing to both alternative versions.

Moving forwards in case it was a touch of Problem in Chair I flattened it, and started again from scratch.
I am still unable to get it to work, and I am out of ideas.

Process i have followed today:
Minimal install of Centos 9 Stream
Install wget nano
update
run install script
Reboot
Configure
reboot
enable DKIM
followed viewtopic.php?t=4111
But it doesn't seem to work.
Has anyone created a HowTo

I have checked the permissions for the keys, and the config files they seem correct.

The Error I get is

Code: Select all

Jun 30 14:28:54 smtp opendkim[2511]: 4WBqkt5rV7zYl8cq: no signature data
Does anyone have any pointers?

Thanks in advance

Frank

Re: DKIM

Posted: 30 Jun 2024 17:14
by shawniverson
My first thought is whether SELinux is the reason you are getting permission denied. Do your files have etc_t as the type label?

Code: Select all

[root@smtp domain]# ll -Z
total 8
-rw-------. 1 opendkim opendkim unconfined_u:object_r:etc_t:s0 891 Mar 13  2023 default.private
-rw-------. 1 opendkim opendkim unconfined_u:object_r:etc_t:s0 315 Mar 13  2023 default.txt

Re: DKIM

Posted: 02 Jul 2024 11:54
by elfranko
Hi,
I never gave SELinux a thought, but I do now vaguely remember having to do something like that when I set up the EFA 3.

Upshot being:
Disable SELinux
Reboot
Test
Test successful
(Although I didn't have the files listed like your example)

Code: Select all

[root@smtp domain.uk]# ll
total 16
-rw-------. 1 opendkim opendkim 916 Jun 30 12:07 default.private
-rw-------. 1 opendkim opendkim 324 Jun 30 12:07 default.txt
-rw-------. 1 opendkim opendkim 916 Jun 30 12:48 selector1.private
-rw-------. 1 opendkim opendkim 329 Jun 30 12:48 selector1.txt
But it is signing now, which is progress :)

My only other Doh! moment was restarting opendkim and Postfix - I added some extra signing and it wasn't working. after about 5 minutes I worked out that i wasn't restarting opendkim, i was starting it.

Code: Select all

systemctl restart opendkim ; systemctl restart postfix
This was a good command to find out. Previously I had always done it one at a time.


Many thanks.

Frank
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited