Submitted by xgarreau on Mon, 07/23/2018 - 11:54
Hi,
Up to date Virtualmin on up to date Debian 9 : Webmin version 1.883 Usermin version 1.741 Virtualmin version 6.03
All outgoing mails are signed whatever the from domain is.
This is because the Domain directive in opendkim.conf is beign ignored as states the opendkim.conf (5) man page :
Domain (dataset)
A set of domains whose mail should be signed by this filter. Mail from other domains will be verified rather than being
signed.
This parameter is not required if a SigningTable is in use; in that case, the list of signed domains is implied by the
lines in that file.
This parameter is ignored if a KeyTable is defined.
Additionnaly all emails have a double signature. But this is another issue and I couldn't find why at the moment.
Best Regards, Xavier
Status:
Active
Comments
Submitted by JamieCameron on Mon, 07/23/2018 - 15:20 Comment #1
Is there a
SigningTable
entry inopendkim.conf
, and if so what domains are in the file that it points to?Submitted by xgarreau on Thu, 07/26/2018 - 05:58 Comment #2
Hi Jamie,
Thank you for your answer.
Here is the configuration details you asked for :
In /etc/opendkim.conf : SigningTable refile:/etc/dkim-signingtable KeyTable /etc/dkim-keytable
In /etc/dkim-signingtable : * default
In /etc/dkim-keytable : default %:manxgo2018:/etc/dkim.key
The domains to sign for are in /etc/dkim-domains.txt
I tested on 3 different recent servers. The default installation always lead to this configuration.
Best regards, Xavier
Submitted by JamieCameron on Thu, 07/26/2018 - 18:36 Comment #3
As a quick fix, try removing
refile:
from thatSigningTable
line.Submitted by xgarreau on Fri, 07/27/2018 - 04:10 Comment #4
Hi Jamie.
Actually, event without "refile:" it keeps double signing outgoing emails for all domains.
Regards, Xavier