Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Sep 2018 19:06:48 -0400
From:      William Dudley <>
To:        freebsd-questions <>
Subject:   DKIM is driving me nuts
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail system.
Since I don't know if the problem is sendmail or opendkim or DNS or what,
I'm asking here.

I followed this handy tutorial:

And that "works" in the sense that emails end up with DKIM signatures.

However, the DKIM test fails at the receiving end, depending on how the
is generated on my machine.

The domain is

MX is, and reverse lookup of my (static) IP resolves to

I have masquerade_as and masquerade_envelope set in, so that
email headers say the email comes from "", not "".
("hostname" is a place holder, see below.)

The hostname (internally) of the machine is "".
The external IP resolves to "", which is exactly the same

So depending on how the email is generated, it appears to come from any of:

I have generated a DKIM key pair for each of the above.

My selector is dudley-casano.

I have tried putting the keys in corresponding DNS TXT records:

Still, emails sent from the command line (using Mail) fail DKIM check at
the far end.
Emails sent from my mailing list program, mailman, also fail.
Emails sent from Thunderbird, which is running on another machine, passed,
but I haven't
tested that in a while and I've been dicking around with this for a few
hours, so no guarantees.


How does the DKIM key interact with the DNS records?

Is there a way to make DKIM work regardless of how the machine
is identified by the combination of MUA and sendmail ?

Bill Dudley

Want to link to this message? Use this URL: <>