# Problems getting DKIM setup with postfix



## Oclair (Feb 16, 2017)

Hey All, thanks in advance!
I get the following error when performing #service milter-opendkim start

from /var/log/maillog

```
Feb 16 12:35:16 www opendkim[20009]: OpenDKIM Filter: unknown port name port
Feb 16 12:35:16 www opendkim[20009]: OpenDKIM Filter: Unable to create listening socket on conn inet:port
Feb 16 12:35:16 www opendkim[20009]: smfi_opensocket() failed
Feb 16 12:35:16 www opendkim[20008]: exited with status 69, restarting
```

System - FreeBSD 11.0p7 IPFW w/SSHGuard

/usr/local/etc/postfix/main.cf

```
# postfix to use dkim milter
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
```
/usr/local/etc/mail/opendkim.conf

```
AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/usr/local/etc/mail/opendkim.trustedhosts
InternalHosts           refile:/usr/local/etc/mail/opendkim.trustedhosts
KeyTable                refile:/usr/local/etc/mail/opendkim.keytable
SigningTable            refile:/usr/local/etc/mail/opendkim.signingtable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@127.0.0.1
PidFile                 /var/run/opendkim/opendkim.pid
UMask                   022
TemporaryDirectory      /var/tmp
```
/usr/local/etc/mail/opendkim.keytable *(can I use the same domain key from the host for all the virtual domains?)*

```
selector1._domainkey.sample.com sample.com:mail:/usr/local/etc/mail/host.sample.com.dkim.private
selector1._domainkey.virtualdomain.com virtualdomain.com:mail:/usr/local/etc/mail/host.sample.com.dkim.private
selector1._domainkey.virtualdomain2.com virtualdomain2.com:mail:/usr/local/etc/mail/host.sample.com.dkim.private
```
/usr/local/etc/mail/opendkim.signingtable

```
*@sample.com selector1._domainkey.sample.com
*@virtualdomain.com selector1._domainkey.virtualdomain.com
*@virtualdomain2.com selector1._domainkey.virtualdomain2.com
```
/usr/local/etc/mail/opendkim.trustedhosts

```
sample.com
virtualdomain.com
virtualdomain2.com
localhost
xxx.xxx.xxx.xxx
```
/usr/local/etc/IPFW.rules (setup for SSHGuard sh loads it on boot)

```
#opendkim
$cmd 00221 allow tcp from any to any dst-port 8891 out via $vif setup keep-state
$cmd 00222 allow tcp from any to me dst-port 8891 in via $vif setup keep-state
```


----------



## gkontos (Feb 16, 2017)

Your configuration is correct. But the error:

```
Feb 16 12:35:16 www opendkim[20009]: OpenDKIM Filter: unknown port name port
Feb 16 12:35:16 www opendkim[20009]: OpenDKIM Filter: Unable to create listening socket on conn inet:port
```
Indicates that for some reason it is trying to find: inet:port so I would look for a typo in rc.conf.

Here is a useful script to generate domain keys. Keep in mind that I use my settings in /usr/local/etc/opendkim instead so you will need to modify that. I also run the service as opendkim user:


```
milteropendkim_enable="YES"
milteropendkim_uid="opendkim"
```


```
#!/bin/sh

 if [ "$#" -eq  "0" ]
   then
     echo "No arguments supplied. Usage: dkimgen <domain>"
 else

domain=$1

mkdir /usr/local/etc/opendkim/keys/$domain;
opendkim-genkey -D /usr/local/etc/opendkim/keys/$domain/ -d $domain -s default;
chown -R opendkim: /usr/local/etc/opendkim/keys/$domain;
mv /usr/local/etc/opendkim/keys/$domain/default.private /usr/local/etc/opendkim/keys/$domain/default;
echo "default._domainkey.$domain $domain:default:/usr/local/etc/opendkim/keys/$domain/default" >> /usr/local/etc/opendkim/KeyTable;
echo "*@$@$domain default._domainkey.$domain" >> /usr/local/etc/opendkim/SigningTable

fi
```


----------

