Hi,
For the past couple of days I've been trying in vain to setup domainkey filtering with postfix. I've followed the tutorial at http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation and have been through john longs (http://jason.long.name/dkfilter/) example numerous times but my mails simply aren't being signed. In my postfix log I get the following


Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: connect from localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv postfix/smtpd[7389]: NOQUEUE: client=localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: 3843F9C451: client=localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv dkfilter.in[29557]: DomainKeys verification - neutral (no signature; no policy for MYDOMAIN.com);


The mails get sent t but without being signed.
I've followed both examples closely and read around fairly extensively, This is driving me nuts.

my master.cf looks like this

smtp inet n - n - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_chec ks
pickup fifo n - n 60 1 pickup
-o content_filter=dksign:127.0.0.1:10027

for inbound filter and like this

submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,per mit_sasl_authenticated,reject

#
# specify the location of the DomainKeys signing filter
#
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime

#
# service for accepting messages FROM the DomainKeys signing filter
#
127.0.0.1:10028 inet n - n - 10 smtpd
-o smtpd_use_tls=no
-o content_filter=
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

For the outbound filter

All the mails are generated by a Rails app on the localhost.
Fedora Core 6
Postfix 2.4
dkfilter 0.11

If there's another surefire way to sign with domainkeys let me know :)

I too am having the same problem, but I did get the policy to verify.

for the policy make sure you have a TXT entry in your dns for the policy with your TXT entry for the key.

e.g.
_domainkey.yourdomain.com IN TXT "t=y; o=~; n=http://www.mydomain.com/contact.html"

restart dns then wait for dns to update.

you can check it locally
# dig _domain.yourdomain.com TXT

Remote CMD check
nslookup
> set type=txt
> _domain.yourdomain.com

but I still get a "no signature" even though my key is verified and pass, but yahoo " DomainKeys verification - neutral (no signature; domain testing);"

I missed the part about port 587. In order to have email signed you need to change the outbound port from 25(default) to 587. In Outlook I went to my account properties Advanced Tab. (for each account). I now that it can be a hassel to have all you clients change this in outlook, but domainkeys cannot sign and verify on the same port. In Webmail I changed the smtp.class.php and phpmailer.class.php to use port 587 instead of 25. This important if your users will be using your server side email programs such as talaen or squirrelmail. My classes for talaen were in /webmail/inc/.

Although I recently changed from dkfilter to DKIM and still holds true for DKIM.