2

I've setup opendkim with my sendmail and it looks like everything works correctly, but it signs only those messages that sent locally (from webmail client or automatic subscriptions). when I try to send message using email-client (e.g. The Bat), maillog shows the following

Apr 21 11:48:02 d3355 opendkim[57808]: v3L8m2jE059174: [xx.167.249.178] [xx.167.249.178] not internal
Apr 21 11:48:02 d3355 opendkim[57808]: v3L8m2jE059174: not authenticated
Apr 21 11:48:02 d3355 opendkim[57808]: v3L8m2jE059174: no signature data

where xx.167.249.178 is my local IP address. If I add it to TrustedHosts, then opendkim starts to sign messages sent from this IP. But is't not a solution of course, I can't add IP addresses each time I send messages from new network.

heximal
  • 175
  • 1
  • 8

2 Answers2

3

It sounds like you want to trust and sign messages from possibly any address. In this case you can add ranges to the TrustedHosts file, adding 0.0.0.0/0 will accept and sign from all IPs.

alaphoid
  • 86
  • 5
  • is it safe if I have SMTP authentication enabled? is it normal practice? anybody do this? – heximal Apr 26 '17 at 08:51
  • If you are using and requiring SMTP auth then I see no reason why using 0.0.0.0/0 would present any kind of issue. If you are going to be sending from random networks I don't think you have much choice outside of using a VPN. – alaphoid Apr 27 '17 at 20:29
  • helpful answer thx – Joel Jun 10 '22 at 02:52
0

Use the SigningTable option in your opendkim.conf to select one or more signatures to apply to messages based on the address found in the From: header field rather than the ip-address of the sender.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • 1
    yes, I'm using SigningTahle, currently it contains only one record `*@mydomain.com hexselector._domainkey.mydomain.com`, but opendkim doesn't takes it to account – heximal Apr 21 '17 at 11:19