Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Sep 2018 19:06:48 -0400
From:      William Dudley <wfdudley@gmail.com>
To:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   DKIM is driving me nuts
Message-ID:  <CAFsnNZJy34ZLnjnh-x8UKnoD0ucZyss+x+GK=0Ze751pvgF3BQ@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail system.
Since I don't know if the problem is sendmail or opendkim or DNS or what,
I'm asking here.

I followed this handy tutorial:

https://www.dan.me.uk/blog/2016/06/01/add-dkim-signing-to-freebsd-servers

And that "works" in the sense that emails end up with DKIM signatures.

However, the DKIM test fails at the receiving end, depending on how the
email
is generated on my machine.

The domain is casano.com

MX is mail.casano.com, and reverse lookup of my (static) IP resolves to
mail.casano.com.

I have masquerade_as and masquerade_envelope set in sendmail.mc, so that
email headers say the email comes from "casano.com", not "
hostname.casano.com".
("hostname" is a place holder, see below.)

The hostname (internally) of the machine is "dudley.casano.com".
The external IP resolves to "mail.casano.com", which is exactly the same
machine.

So depending on how the email is generated, it appears to come from any of:

casano.com
dudley.casano.com
mail.casano.com

I have generated a DKIM key pair for each of the above.

My selector is dudley-casano.

I have tried putting the keys in corresponding DNS TXT records:

dudley-casano._domainkey.casano.com

dudley-casano._domainkey.mail.casano.com

dudley-casano._domainkey.dudley.casano.com

Still, emails sent from the command line (using Mail) fail DKIM check at
the far end.
Emails sent from my mailing list program, mailman, also fail.
Emails sent from Thunderbird, which is running on another machine, passed,
but I haven't
tested that in a while and I've been dicking around with this for a few
hours, so no guarantees.

Questions(s):

How does the DKIM key interact with the DNS records?

Is there a way to make DKIM work regardless of how the machine
is identified by the combination of MUA and sendmail ?

Thanks,
Bill Dudley



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAFsnNZJy34ZLnjnh-x8UKnoD0ucZyss+x+GK=0Ze751pvgF3BQ>