Opendkim+Sendmail error

Status: Inactive

Brought to you by: cm-msk, gushi

This project can now be found here.

#120 Opendkim+Sendmail error

Milestone: 2.4.2

Status: closed

Owner: nobody

Labels: opendkim (95)

Priority: 5

Updated: 2012-06-21

Created: 2012-06-20

Creator: dimn

Private: No

opendkim: OpenDKIM Filter v2.4.2
Compiled with OpenSSL 1.0.0e 6 Sep 2011
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
USE_DB
USE_LUA
USE_UNBOUND
_FFR_REPLACE_RULES
_FFR_REPORT_INTERVALS
_FFR_SELECTOR_HEADER
_FFR_STATS
libopendkim 2.4.2:

In mail.err dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed.

Discussion

Murray S. Kucherawy - 2012-06-20

This means the openssl library was unable to parse your private key file when preparing to sign a message. Try regenerating your private key, or confirm that you can manipulate the private key with the "openssl rsa" command.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-20

milestone: --> 2.4.2

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

Tried to regenerate private key - error remained.

'opendkim-testkey' doesn't show errors...

what may be the problem?

Thank You!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

status: pending --> open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-20

What are the steps you're using to generate and test the keys?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-20

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

status: pending --> open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

Tried 3 varients

1) opendkim-genkey -s mail -d site.com
2) openssl genrsa -out site.com.key 1024
openssl rsa -in site.com.key -pubout > site.com.pub
3) http://www.port25.com/support/support_dkwz.php

Each varient recorded DNS.

Tested DNS -
dig -t txt mail._domainkey.site.com

If everything is correct - 'opendkim-testkey' doesn't show errors.

Mails aren't sent, in log it is written "dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed."

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-20

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-20

I'm looking for more detail than that. For example, after "opendkim-genkey", what did you do with the files produced? What options to "opendkim-testkey" did you provide?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

Files
/etc/opendkim/keys/mail.private
/etc/opendkim/keys/mail.txt

1) Create a DNS TXT (/etc/opendkim/keys/mail.txt) record for mail._domainkey.site.com IN TXT "k=rsa;p={PUBLIC_KEY}"

2) edit /etc/opendkim/KeyTable
mail._domainkey.site.com
site.com:mail:/etc/opendkim/keys/mail.private

3) edit /etc/opendkim/SigningTable
*@site.com mail._domainkey.site.com

4) edit /etc/opendkim.conf
Mode sv
Syslog yes
SyslogSuccess yes
Socket inet:8891@localhost
Umask 002
Canonicalization relaxed/simple
Domain site.com
Selector mail
KeyFile /etc/opendkim/keys/mail.private
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable

5) opendkim-testkey -d site.com -s mail -k /etc/opendkim/keys/mail.private

6) /etc/init.d/opendkim restart

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-20

status: pending --> open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-21

The d2i_PrivateKey_bio() function is called only if the private key file doesn't start with the required ASCII armor, namely:

-----BEGIN RSA PRIVATE KEY-----

Some part of your key generation and installation process appears to be messing with this. If that line is there, d2i_PrivateKey_bio() is never called, and PEM_read_bio_PrivateKey() is used instead.

Also, you are mixing configuration styles. You either need Domain/Selector/KeyFile, or KeyTable/SigningTable. You don't need both groups, because they have the same effect. (In fact, it's possible that's confusing the filter somehow; I'll try it.)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-21

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Murray S. Kucherawy - 2012-06-21

Also your SigningTable entry is wrong. Remove the "*@". It should be just "site.com" on the left.

But the combined configuration file style is fine; "Domain" is ignored with that setup.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-21

Problem is solved!

KeyFile /etc/opendkim/keys/mail.private
#KeyTable /etc/opendkim/KeyTable
#SigningTable /etc/opendkim/SigningTable

Thank You!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimn - 2012-06-21

status: pending --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.