Opendkim and Postfix: Not all outgoing mails are verified

Question

I configured a send-only postfix server to send mails but don't listen to incoming connections from the outside world. I'm running a Grafana instance and postfix only exists so Grafana can send password reminders, etc. To ensure these mails are not trapped in users junk folders, I set up SPF and DKIM.

Sending a mail with my local non-root users using the following command sends a properly signed mail:

echo "This is the body of the email" | mail -s "This is the subject line" myname@gmail.com

But when Grafana sends a mail, it doesn't get signed and I wonder why. There aren't any errors in the log:

Apr 13 21:09:12 monitoring postfix/pickup[14383]: 64492408BBD8: uid=1000 from=<myuser>
Apr 13 21:09:12 monitoring postfix/cleanup[14540]: 64492408BBD8: message-id=<20170413190912.64492408BBD8@example.com>
Apr 13 21:09:12 monitoring opendkim[5416]: 64492408BBD8: DKIM-Signature field added (s=key1, d=example.com)
Apr 13 21:09:12 monitoring postfix/qmgr[5518]: 64492408BBD8: from=<myuser@example.com>, size=574, nrcpt=1 (queue active)
Apr 13 21:09:14 monitoring postfix/smtp[14543]: 64492408BBD8: to=<private@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.133.26]:25, delay=2.1, delays=0.03/0.02/1.5/0.57, dsn=2.0.0, status=sent (250 2.0.0 OK 1492110554 w75si32240747wrc.239 - gsmtp)
Apr 13 21:09:14 monitoring postfix/qmgr[5518]: 64492408BBD8: removed

Looks good. But this is the part where grafana sends a mail:

Apr 13 21:10:24 monitoring postfix/smtpd[14549]: connect from localhost[::1]
Apr 13 21:10:24 monitoring postfix/smtpd[14549]: A5975408BBD8: client=localhost[::1]
Apr 13 21:10:24 monitoring postfix/cleanup[14540]: A5975408BBD8: message-id=<20170413191024.A5975408BBD8@example.com>
Apr 13 21:10:24 monitoring postfix/smtpd[14549]: disconnect from localhost[::1]
Apr 13 21:10:24 monitoring postfix/qmgr[5518]: A5975408BBD8: from=<grafana@example.com>, size=20682, nrcpt=1 (queue active)
Apr 13 21:10:25 monitoring postfix/smtp[14543]: A5975408BBD8: to=<private@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1b]:25, delay=0.44, delays=0/0/0.15/0.28, dsn=2.0.0, status=sent (250 2.0.0 OK 1492110625 c19si37462413wre.200 - gsmtp)
Apr 13 21:10:25 monitoring postfix/qmgr[5518]: A5975408BBD8: removed

Any ideas?

I know you modified your from domain, but are they actually the same from domain... (dkim based on from domain) — Jacob Evans, Apr 13 '17 at 20:12

score 0 · Answer 1 · answered Apr 26 '17 at 08:58

Have you checked you configured correctly a TrustedHosts file? You should have in your opendkim.conf file:

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts

and in this file, you should have the hosts allowed to send and sign (in your case, seems you're using localhost IPV6)

127.0.0.1
::1

If the connection ip is not allowed, the process won't sign

Opendkim and Postfix: Not all outgoing mails are verified

1 Answers1