Having difficulty logging opendkim signing in order to troubleshoot why txt messages are signed properly but html messages are not being signed properly in a phplist setup on Centos 7. Developers of phplist have asked for logs to help troubleshoot, but I can't get them generated.
This is my /etc/opendkim.conf. Sample log output
AutoRestart Yes
AutoRestartRate 10/1h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrutedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
PidFile /var/run/opendkim/opendkim.pid
UMask 022
UserID opendkim:opendkim
TemporaryDirectory /var/tmp
Here are the maillog files. No indication of outbound emails being signed:
Oct 18 16:04:40 mail postfix/pickup[26230]: C65F13F7A3: uid=700 from=<[email protected]>
Oct 18 16:04:40 mail postfix/cleanup[26545]: C65F13F7A3: message-id=<[email protected]>
Oct 18 16:04:40 mail postfix/qmgr[13116]: C65F13F7A3: from=<[email protected]>, size=8817, nrcpt=1 (queue active)
Oct 18 16:04:40 mail postfix/pickup[26230]: D9E103F2D0: uid=700 from=<[email protected]>
Oct 18 16:04:40 mail postfix/cleanup[26545]: D9E103F2D0: message-id=<[email protected]>
Oct 18 16:04:40 mail postfix/qmgr[13116]: D9E103F2D0: from=<[email protected]>, size=2628, nrcpt=1 (queue active)
Oct 18 16:04:41 mail postfix/smtp[26556]: C65F13F7A3: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[209.85.xxx,xxx]:25, delay=0.96, delays=0.11/0.06/0.35/0.44, dsn=2.0.0, status=sent (250 2.0.0 OK 1476806682 t1si21324804qke.238 - gsmtp)
Oct 18 16:04:41 mail postfix/qmgr[13116]: C65F13F7A3: removed
Oct 18 16:04:41 mail postfix/smtp[26557]: D9E103F2D0: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.xxx,xxx]:25, delay=0.97, delays=0.09/0.06/0.3/0.52, dsn=2.0.0, status=sent (250 2.0.0 OK 1476806682 e4si21333125qkc.144 - gsmtp)
Oct 18 16:04:41 mail postfix/qmgr[13116]: D9E103F2D0: removed
And yet, the mail headers show signage:
This is signage for a properly authenticated outbound txt-only message:
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=pass (google.com: domain of [email protected] designates xxx.xxx.xxx.xxx as permitted sender) [email protected]
Received: by mail.wonderfulrama.com (Postfix, from userid 700)
id D9E103F2D0; Tue, 18 Oct 2016 16:04:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wonderfulrama.com;
s=default; t=1476806680;
bh=2Qo7Vw5ynEtee8vcpiVBDV4Mwd/Xi+0j1Vcg+Kge0HM=;
h=To:Subject:Date:From:List-Help:List-Unsubscribe:List-Subscribe:
List-Owner;
b=YX7WZykE5G7yHoC/xb1JrCrJ+QfOQKNFGzA7pd38krpZjVWxGIRHA2QwuzBibOmrB
9MW7LE2KszYj6w/S71Ru5hmDH9L5A+pgMfohxOk0/ujoDwUFX3tSA6atRZHsxYBdke
kiEyYIdmHhsA5YWQRagA01QXVOpMCkkha5ZJEsus=
And this is signage for a failed email header from an outbound html message:
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) [email protected];
spf=pass (google.com: domain of [email protected] designates xxx.xxx.xxx.xxx as permitted sender) [email protected]
Received: by mail.wonderfulrama.com (Postfix, from userid 700)
id C65F13F7A3; Tue, 18 Oct 2016 16:04:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wonderfulrama.com;
s=default; t=1476806680;
bh=OU///H7E0TINCIYEiNDAPlxKESdq02278nItJZ7WOZM=;
h=To:Subject:Date:From:List-Help:List-Unsubscribe:List-Subscribe:
List-Owner;
b=o3a9JvADtFZ0LQFqwB9SAT7XSMbqX4J6JSbaRaq617cuvwNlnGXz/sOzyvvgOQc2i
XiNMZqWqMK0p/3+f52amFc7FLYmNkZ008dhtbWoD+5+jcsTINReKj/JDCJktvVcqgl
lQXRa3DcWFony67H42wM0XJzrWCgSl26Go8HO4q4=
Change the canonicalization to
relaxed/relaxeda lot of DKIM encoders have trouble withsimpledepending on the content of the emails. Then test it again with GMAIL, you might also want to test with a tool like email tester that tests against 4 different DKIM decoders.