#20 No signing table match

[Amal Francis]

I installed opendkim on centos 6.5. The problem is that i can't get emails sent by postfix to get signed. In /var/log/maillog i get no signing table match for test@mydomain.com

In Keytable i have
mydomain.com mydomain.com:email:/etc/opendkim/keys/mydomain.com/email.private

In Signing table i have
* mydomain.com

In trusted hosts i have
127.0.0.1

I have set sv as mode in opendkim.config and also refile for table files....

Any help please?

[Murray S. Kucherawy]

What's in your opendkim.conf?

[Amal Francis]

## BASIC OPENDKIM CONFIGURATION FILE
## See opendkim.conf(5) or %{_pkgdocdir}/opendkim.conf.sample for more

## BEFORE running OpenDKIM you must:

## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
## - generate keys for your domain (if signing)
## - edit your DNS records to publish your public keys (if signing)

## See %{_pkgdocdir}/INSTALL for detailed instructions.

## CONFIGURATION OPTIONS

# Specifies the path to the process ID file.
PidFile /var/run/opendkim/opendkim.pid

# Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
# Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
# messages.
Mode    sv

# Log activity to the system log.
Syslog  yes

# Log additional entries indicating successful signing or verification of messages.
SyslogSuccess   yes

# If logging is enabled, include detailed logging about why or why not a message was
# signed or verified. This causes an increase in the amount of log data generated
# for each message, so set this to No (or comment it out) if it gets too noisy.
LogWhy  yes

# Attempt to become the specified user before starting operations.
UserID  opendkim:opendkim

# Create a socket through which your MTA can communicate.
Socket  inet:8891@localhost

# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
Umask   022

# This specifies a text file in which to store DKIM transaction statistics.
# OpenDKIM must be manually compiled with --enable-stats to enable this feature.
#Statistics /var/spool/opendkim/stats.dat

## SIGNING OPTIONS

# Selects the canonicalization method(s) to be used when signing messages.
Canonicalization    relaxed/simple
#SubDomains              yes

# Domain(s) whose mail should be signed by this filter. Mail from other domains will
# be verified rather than being signed. Uncomment and use your domain name.
# This parameter is not required if a SigningTable is in use.
#Domain example.com

# Defines the name of the selector to be used when signing messages.
#Selector   default

# Specifies the minimum number of key bits for acceptable keys and signatures.
MinimumKeyBits 1024

# Gives the location of a private key to be used for signing ALL messages. This
# directive is ignored if KeyTable is enabled.
#KeyFile    /etc/opendkim/keys/default.private

# Gives the location of a file mapping key names to signing keys. In simple terms,
# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
# directive in the configuration file. Requires SigningTable be enabled.
KeyTable    /etc/opendkim/KeyTable

# Defines a table used to select one or more signatures to apply to a message based
# on the address found in the From: header field. In simple terms, this tells
# OpenDKIM how to use your keys. Requires KeyTable be enabled.
SigningTable    refile:/etc/opendkim/SigningTable

# Identifies a set of "external" hosts that may send mail through the server as one
# of the signing domains without credentials as such.
ExternalIgnoreList  refile:/etc/opendkim/TrustedHosts

# Identifies a set "internal" hosts whose mail should be signed rather than verified.
InternalHosts   refile:/etc/opendkim/TrustedHosts

[Murray S. Kucherawy]

Try this:

opendkim -Q

Then at the prompt type:

refile:/etc/opendkim/SigningTable
test@mydomain.com/1

You should get back "mydomain.com". CTRL-D to exit. Then:

opendkim -Q

Then:

refile:/etc/opendkim/KeyTable
mydomain.com/3

You should get back "mydomain.com", "email", and "/etc/opendkim/keys/mydomain.com/email.private" on separate lines.

[Amal Francis]

Okay... Let me try it...

[Amal Francis]

I get
opendkim: dkimf_db_get(): record not found
opendkim: enter 'query/n' where 'n' is number of fields to request

for test@mydomain.com/1

[Murray S. Kucherawy]

I think there's a bug in the code that loads refiles. Confirm that you have only a single space character between "mydomain.com" and the rest of the line, and no trailing spaces.

[Murray S. Kucherawy]

And the same for the single entry in your SigningTable.

[Amal Francis]

I just check and its the same...

[Amal Francis]

I just tried file: and it works perfect... So, i think as you said there is a bug in the refile...

[Murray S. Kucherawy]

Can you tar up your opendkim.conf, KeyTable, and SigningTable, and attach them? I don't need the private key.

[Amal Francis]

Sure....

[Murray S. Kucherawy]

There are CR characters in your SigningTable. That would definitely trip the bug I found.

[Amal Francis]

You are awesome... So, i am using windows on my pc.. I just tried editing with linux on vps and saving in non DOS format with LF and refile works perfect... Thanks... :)

[Murray S. Kucherawy]

v2.9.1 released.