Join Log in
Score:0
avatar Server

Configurating DKIM and SPF, key not secured

cn flag
Jerome

On a Ubuntu 20.04 VPS, installing opendkim via sudo apt install opendkim opendkim-tools proceeds as expected, following the steps provided here.

However, upon testing, while e-mails get sent in practice to the targetted mailbox with a very low spam score (3.9) and thus percolate outside of spam filetering,

sudo opendkim-testkey -d domain.tld -s default -vvv

returns unexpected and somewhat contradictory conclusions:

opendkim-testkey: key not secure
opendkim-testkey: key OK

The key is OK, but not secure. This puts into doubt the 'OK' bit. What has to be done to make the key secure?

Update

Following suggestion in comments, contents of opendkin.conf follow:

Syslog                  yes
Logwhy                  yes
UMask                   007

Canonicalization        relaxed/simple
Mode                    sv
SubDomains              no

AutoRestart         yes
AutoRestartRate     10/1M
Background          yes
DNSTimeout          5
SignatureAlgorithm  rsa-sha256
Socket                  local:/run/opendkim/opendkim.sock
PidFile               /run/opendkim/opendkim.pid
OversignHeaders         From
TrustAnchorFile       /usr/share/dns/root.key

include
UserID                opendkim
KeyTable           refile:/etc/opendkim/key.table
SigningTable       refile:/etc/opendkim/signing.table
ExternalIgnoreList  /etc/opendkim/trusted.hosts
InternalHosts       /etc/opendkim/trusted.hosts
78
0 + 4
in flag
Gerald Schneider
Does this answer your question? [opendkim-testkey: key not secure](https://serverfault.com/questions/1048491/opendkim-testkey-key-not-secure)
1
Reply
cn flag
Jerome
alas, not, as the conf file already has `TrustAnchorFile /usr/share/dns/root.key` set
0
Reply
in flag
Gerald Schneider
Do you have dnssec configured in your DNS records?
0
Reply
cn flag
Jerome
Ah, no. So that explains the situation. Do you have a judgement call on criticality of said entry?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.