#8 dkim=hardfail

opendkim (10)
Mario Zivic


I'm completely puzzled why this hardfail is happening. Server is up and running so you can check DNS configuration via dig.

Could you help me in the right direction?

Delivered-To: mario.zivic@gmail.com
Received: by with SMTP id m8csp112971oew;
Wed, 24 Oct 2012 13:50:33 -0700 (PDT)
Received: by with SMTP id r78mr9422020wei.152.1351111833491;
Wed, 24 Oct 2012 13:50:33 -0700 (PDT)
Return-Path: <mario@pitanje.hr>
Received: from odgovor.pitanje.hr ([])
by mx.google.com with ESMTPS id g54si10694626wep.64.2012.
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 24 Oct 2012 13:50:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of mario@pitanje.hr designates as permitted sender) client-ip=;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of mario@pitanje.hr designates as permitted sender) smtp.mail=mario@pitanje.hr; dkim=hardfail header.i=@pitanje.hr
Received: from odgovor.pitanje.hr (odgovor.pitanja.hr [])
by odgovor.pitanje.hr (8.13.8/8.13.8) with ESMTP id q9OKoWRL014559
for <mario.zivic@gmail.com>; Wed, 24 Oct 2012 20:50:32 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pitanje.hr;
s=odgovor; t=1351111832;
Received: (from mario@localhost)
by odgovor.pitanje.hr (8.13.8/8.13.8/Submit) id q9OKoWjJ014558
for mario.zivic@gmail.com; Wed, 24 Oct 2012 20:50:32 GMT
Date: Wed, 24 Oct 2012 20:50:32 GMT
From: mario@pitanje.hr
Message-Id: <201210242050.q9OKoWjJ014558@odgovor.pitanje.hr>
To: mario.zivic@gmail.com
Subject: qwe



  • Mario Zivic

    Mario Zivic - 2012-10-25

    It seams that I have found the root cause of the problem:
    http://www.opendkim.org/README - There are two features of the sendmail MTA which, if activated, can interfere with successful use of the DKIM service. The two features are MASQUERADE_AS and FEATURE(genericstable).

    All I want to achieve is to have mail address to send and receive mail such as user@pitanje.hr instead of user@odgovor.pitanje.hr. Is there any way without using MASQUERADE or genericstable?

  • Murray S. Kucherawy

    • status: open --> pending
  • Murray S. Kucherawy

    You can use MASQUERADE and genericstable, so long as you also tell opendkim what changes those features will make so that it can make them when generating the signature as well. Otherwise what you sign and what you send are different, and the DKIM signature will fail to verify.

    Check out the ReplaceRules feature ("--enable-replace_rules"). See the opendkim.conf(5) man page.

  • Murray S. Kucherawy

    • status: pending --> closed
  • Murray S. Kucherawy



Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks