DKIM signing with amavis (dig shows the record propagated)

Todor Todorov todor at meltoactive.com
Tue Dec 18 21:04:47 CET 2012 

Hi everyone,

I know this question has been asked before and I swear, I read
everything I could find on the net.  Still, amavisd-new testkeys results
in "invalid (public key: not available)" and I fail to sign my mail.

Here is my setup... This is a Ubuntu 11.04 server with Amavisd-new 2.6.5
and postfix 2.8.5.  I created my signing key with 'amavisd-new genrsa
/etc/amavis/meltoactive-dkim.com.key.pem' and changed the amavis config
as follows

(...in file /etc/amavis/comf.d/21-ubuntu_defaults...)
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('meltoactve.com', 'dkim',
'/etc/amavis/meltoactive-dkim.com.key.pem');
@dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600,
c => 'relaxed/simple' } } );
@mynetworks = qw(127.0.0.0/8);

amavisd-new showkeys gives me the entry I have to make into DNS, which I
did and after a while dig gives back:
$> dig -t txt dkim._domainkey.meltoactive.com

; <<>> DiG 9.7.3 <<>> -t txt dkim._domainkey.meltoactive.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24080
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dkim._domainkey.meltoactive.com. IN    TXT

;; ANSWER SECTION:
dkim._domainkey.meltoactive.com. 2985 IN TXT    "v=DKIM1\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvHzrJyMcw1UV4GybY45DD8ljtzI/UXKwrjPxKKLuKsHLUqBZTNIJOIhbCwyZZaiUvLIoCEQzufwvjhgFkChaRR3wpx8RL8ZoW93PT4tg1B12Nthmrf7e6Rsg0fsbpH8cNxXVT+iNZMETRK1DX9dtknds4UIjGl4rQRpZ76c27/QIDAQAB"

;; Query time: 10 msec
;; SERVER: 199.167.198.1#53(199.167.198.1)
;; WHEN: Tue Dec 18 14:47:28 2012
;; MSG SIZE  rcvd: 289

I copied the public key from 'amavisd-new showkeys' and the dig result
to 2 separate txt files and compared with diff just to see if I missed a
character or something... Not the case, the strings are absolutely the
same.  But 'amavisd-new testkeys' results in:

TESTING#1: dkim._domainkey.meltoactve.com    => invalid (public key: not
available)

I also made sure that the key file is readable by root and the amavis
group, but that did not solve anything. And so I am stumped; no idea how
to proceed from here and why isn't this working...  I would appreciate
it very much, if someone more knowledgeable could help me out.  Thanks!

Best regards,
T. Todorov

More information about the amavis-users mailing list