0
votes

I tried to configure EXIM + OpenDKIM in CentOS 7... (everything a latest version from repositories)

I used this description to configure a system: https://www.rosehosting.com/blog/how-to-install-and-configure-dkim-with-opendkim-and-exim-on-a-centos-7-vps/ , butI didnt use a default selector, i tried to use unique.

The outgoing mail haven't DKIM signature, I use this config in EXIM:

remote_smtp:
    driver = smtp
    DKIM_DOMAIN = $sender_address_domain
    DKIM_SELECTOR = 20170915exim
    DKIM_PRIVATE_KEY = ${if exists{/etc/opendkim/keys/$sender_address_domain/20170915exim}{/etc/opendkim/keys/$sender_address_domain/20170915exim}{0}}
    DKIM_CANON = relaxed
    DKIM_STRICT = 0

with this, /etc/opendkim:

.
├── keys
│ └── valami.com
│ ├── 20170915exim
│ └── 20170915exim.txt
├── KeyTable
├── SigningTable
└── TrustedHosts

But when I send a mail (with mail, or by telnet, or any others), the EXIM dont use an OpenDKIM. Of course the opendkim listening on port:

tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 6663/opendkim

When I send a mail fromlocal host to outside:

2017-09-15 15:53:20 1dsr3M-0005fK-Ul <= [email protected] H=localhost [127.0.0.1] P=smtp S=341
2017-09-15 15:53:21 1dsr3M-0005fK-Ul => [email protected] R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.133.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes K C="250 2.0.0 OK o1si854413wrg.487 - gsmtp"
2017-09-15 15:53:21 1dsr3M-0005fK-Ul Completed

Why dont call an Exim daemon an OpenDKIM interface?

Thanks your help!

1
FYI: Exim doe not require OpenDKIM at all for the signing process; in fact, you do not need to keep OpenDKIM running at all. Still good for generating key pairs, though.DaSourcerer

1 Answers

0
votes

I SOLVED!
I have to add a 'dkim_sign_headers' variable to configuration file...

remote_smtp:
  driver = smtp
  dkim_domain = $sender_address_domain
  dkim_selector = 20170915exim
  dkim_private_key = ${if exists{/etc/opendkim/keys/$dkim_domain/$dkim_selector}{/etc/opendkim/keys/$dkim_domain/$dkim_selector}{0}}
  dkim_canon = relaxed
  dkim_strict = 0
  dkim_sign_headers = subject:to:from