From owner-freebsd-questions@freebsd.org Sun Sep 2 23:06:51 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D91E6FFC5A8 for ; Sun, 2 Sep 2018 23:06:50 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw1-xc2d.google.com (mail-yw1-xc2d.google.com [IPv6:2607:f8b0:4864:20::c2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6EEC38BDA3 for ; Sun, 2 Sep 2018 23:06:50 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw1-xc2d.google.com with SMTP id x83-v6so6830904ywd.4 for ; Sun, 02 Sep 2018 16:06:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vtt/WXrReQ0Gqg/DOyLlaiXBr3dzSLPofsXj09KrPJo=; b=Dnak8olddRUm5wsIDRM1msodmJ6zbvRIce8SufbR9s0qaHNLDAYXIIM4qSC0JHWuvr JS4WGV6paW9dysBAUNCzolChCc0pO21XVy2x0yFSehZ6wWaeBf68aFizzLEcC4pKCyoh 2LNfe4DZLoNrGT4jUl4UBeRQvgKuDLu0XAk6xHb9vw+wt8zp47j12drATSMfr0SrzNC1 Z3oIgjaaHiRnWpbjC9NOY/NbT1Mee1L5zBu9KOzNEaBstMutUh2MgO8FkNjEv9Lxz3R0 5NfwgC3owvv/RriIBxG8ezvvsH6LLoDBuUlf6H1O5ZoE1VrpN19ArXTnXLi2iwJoRGBr mrmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vtt/WXrReQ0Gqg/DOyLlaiXBr3dzSLPofsXj09KrPJo=; b=DZ/JLIaa6JIqtuWU4ccBUYmhW6QyLqAYq5wL0muT/4xRbGgi50bRjakoK1HZtSwyti h0CxVxzEpiz8abPvnu5bWsjxho/QWbPjMuBTTLhWsQnSylDGgj41MGipXoJU1XUzxXl5 aaDLb+bUZLLUDuKvo1WseExlwCHTuuACDKjzJcJK5SI6CUjn7krs/ShvHd1zqKtl6m7u W3ah2DVrz+gdQa+oDnVI+dzcm+Tbt6s9jNXHUHtjBU1QMjGQ/Ei/t86aeKM0sXZs7jkj nsmRf7aMSGEGv5ezA2oUnSWpNZiPbFl404qUyx7i/d2ZV2QddQOV0HBJd2CFn+0q3hW5 pA4A== X-Gm-Message-State: APzg51CLnjnqtFEcv02K56P1r1QoSzFmacqdrJ2GZXXELiMMF9GS/Clv v9SSpdt3cFi9py46dC6LyOepmJBi1RG8N3eZE7Td3uH4 X-Google-Smtp-Source: ANB0VdavXWWpI3mpkX+XKyljvVdldZvpWvwIBSZdUPPIhwhG45A+2hziXTGVQkgUX73Vr4xOkbOTQPIBhA7A/OAw/1U= X-Received: by 2002:a81:8882:: with SMTP id y124-v6mr13960398ywf.96.1535929609324; Sun, 02 Sep 2018 16:06:49 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d2cc:0:0:0:0:0 with HTTP; Sun, 2 Sep 2018 16:06:48 -0700 (PDT) From: William Dudley Date: Sun, 2 Sep 2018 19:06:48 -0400 Message-ID: Subject: DKIM is driving me nuts To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Sep 2018 23:06:51 -0000 I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail system. Since I don't know if the problem is sendmail or opendkim or DNS or what, I'm asking here. I followed this handy tutorial: https://www.dan.me.uk/blog/2016/06/01/add-dkim-signing-to-freebsd-servers And that "works" in the sense that emails end up with DKIM signatures. However, the DKIM test fails at the receiving end, depending on how the email is generated on my machine. The domain is casano.com MX is mail.casano.com, and reverse lookup of my (static) IP resolves to mail.casano.com. I have masquerade_as and masquerade_envelope set in sendmail.mc, so that email headers say the email comes from "casano.com", not " hostname.casano.com". ("hostname" is a place holder, see below.) The hostname (internally) of the machine is "dudley.casano.com". The external IP resolves to "mail.casano.com", which is exactly the same machine. So depending on how the email is generated, it appears to come from any of: casano.com dudley.casano.com mail.casano.com I have generated a DKIM key pair for each of the above. My selector is dudley-casano. I have tried putting the keys in corresponding DNS TXT records: dudley-casano._domainkey.casano.com dudley-casano._domainkey.mail.casano.com dudley-casano._domainkey.dudley.casano.com Still, emails sent from the command line (using Mail) fail DKIM check at the far end. Emails sent from my mailing list program, mailman, also fail. Emails sent from Thunderbird, which is running on another machine, passed, but I haven't tested that in a while and I've been dicking around with this for a few hours, so no guarantees. Questions(s): How does the DKIM key interact with the DNS records? Is there a way to make DKIM work regardless of how the machine is identified by the combination of MUA and sendmail ? Thanks, Bill Dudley