dkim: not signing, empty signing domain

Discussion in 'Installation/Configuration' started by wallycleaver, Oct 18, 2017.

  1. wallycleaver

    wallycleaver New Member

    Hello.

    This is my first post, so my apologies if it is in the wrong thread.

    I am running ISPConfig version 3.1.6 on a CentOS version 7.4.1708

    I enabled DKIM signing on one of my mail domains. I see the keys, private and public, and the DKIM DNS TXT entry is there and available. So everything looks good to me.

    When I send an email, there is no DKIM entry in the headers.
    Looking at the maillog, I could see the error, which is the title of this post.
    dkim: not signing, empty signing domain.

    (Note: the above error does show the email domain.)

    When I run amavisd showkeys, I receive the following.
    • No DKIM private keys declared in a config file.
    If you have any information regarding this type of issue, please post a comment and let me know.

    Thanks.
     
  2. wallycleaver

    wallycleaver New Member

    Also, itried running the amavisd command with the domain specified, amavisd showkeys xxx.yyy and that returns the same message about no private keys declared in a config file.

    Any assistance would be appreciated.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to run tools > resync in ISPConfig on the mail domains.
     
  4. wallycleaver

    wallycleaver New Member

    Thanks for the information.
    I did as suggested and I now get output from amavisd showkeys for the domain.
    I still get the same message however, dkim: not signing, empty signing domain, when sending mail from that domain.

    When amavisd does the lookup, it does find my email as a match;
    lookup [dkim_signature_options_bysender], 1 matches for....​

    One thing I noticed about my configuration is that i use a different host as the ispconfig3's dns server, etc/resolv.conf.

    I noticed that when I ran amavisd testkeys xxx.yyy, i for a failure of no public key.

    I went ahead and added the Ispconfig3 dns server to the Ispconfig3's resolve.conf so that it now uses itself first, then falls through to my internal dns.

    This seems to work as when i run amavisd testkeys xxx.yyy, it passes.

    I mention this in case it could be somehow related.

    Thanks again for the help and if you have any other suggestions, please let me know.
     
  5. wallycleaver

    wallycleaver New Member

    I didn't hear any more, so I reverted to previous backup and went through the dkim configuration again. This time I noticed an error in the messages file about amavisd not being able to access the dkim private key for the domain. I checked, and the access was correct up to the /var/lib/amavis directory, which had rwx for the owner and r-x for group. Unfortunately both owner and group were root, preventing amavisd from accessing.

    I corrected the permissions and restarted services, this corrected the issue and now the emails are DKIM signed.

    I suspect my initial issue was not related to what I posted here, but was rather a configuration/operation issue which i corrected by reverting. The new issue prevented amavisd from even starting, I wanted to post it just as a conclusion to the thread.

    Anywho, thanks for the info, the resync options was a nice tidbit of information even if it didn't solve my problem.
     

Share This Page