[dkim-ops] cant get dkim to verify

running postfix and opendkim in a small vagrant sandbox,
https://gitlab.com/pixelfairy/dkim-fail/tree/master

this is, i think, the simplest possible setup to try to get opendkim
working.

the readme  shows the problem with better formatting than this email.

the test mail from alice to bob is received, but dkim authentication fails
with 'Authentication-Results: bob.lan; dkim=permerror reason="key not
found"'

/etc/opendkim.conf
Syslog   yes
SyslogSuccess  yes
LogWhy         yes
UMask     002

Domain alice.lan
KeyFile /etc/postfix/mail.private
UserID    opendkim:opendkim
Mode      sv
Selector mail
Socket    inet:8891@localhost

/etc/nsd/alice.lan (zone file)
$ORIGIN alice.lan.
$TTL 86400

@ IN SOA alice.lan. hostmaster(_at_)alice(_dot_)lan. ( 1 1d 2h 1w 1h )
@ IN NS nameserver.lan.
@ IN MX 10 alice.lan.

@ IN A 192.168.41.20
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
 
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC37p8tobnjtNd0N2Ct6B7Ebeop3V4hxglatb2a5WusZHKrmfZg5J/DgNrcGptWgdRG/KtJngpZgsM0bxp4NwZxqxPEvACSc8w6a749KMvT3NXHzn7fHxrkzyfJnp7WiiFbTSuSMV4W+vZXw12pm0LoggAJ+OMIN9KhFZjneCOq1QIDAQAB"
)  ; ----- DKIM key mail for alice.lan

the txt query seems to work

dig txt mail._domainkey.alice.lan

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> txt mail._domainkey.alice.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail._domainkey.alice.lan. IN TXT

;; ANSWER SECTION:
mail._domainkey.alice.lan. 86400 IN TXT "v=DKIM1\; k=rsa\; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC37p8tobnjtNd0N2Ct6B7Ebeop3V4hxglatb2a5WusZHKrmfZg5J/DgNrcGptWgdRG/KtJngpZgsM0bxp4NwZxqxPEvACSc8w6a749KMvT3NXHzn7fHxrkzyfJnp7WiiFbTSuSMV4W+vZXw12pm0LoggAJ+OMIN9KhFZjneCOq1QIDAQAB"

;; AUTHORITY SECTION:
alice.lan. 86400 IN NS nameserver.lan.

;; Query time: 0 msec
;; SERVER: 192.168.41.10#53(192.168.41.10)
;; WHEN: Fri Mar 04 05:46:44 UTC 2016
;; MSG SIZE  rcvd: 327

but the logs say otherwise,

Mar  4 05:45:51 vagrant-ubuntu-trusty-64 opendkim[5877]: OpenDKIM Filter
v2.9.1 starting (args: -x /etc/opendkim.conf -u opendkim -P
/var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock)
Mar  4 05:45:56 vagrant-ubuntu-trusty-64 opendkim[5877]: OpenDKIM Filter:
mi_stop=1
Mar  4 05:45:56 vagrant-ubuntu-trusty-64 opendkim[5877]: OpenDKIM Filter
v2.9.1 terminating with status 0, errno = 0
Mar  4 05:45:56 vagrant-ubuntu-trusty-64 opendkim[6095]: OpenDKIM Filter
v2.9.1 starting (args: -x /etc/opendkim.conf -u opendkim -P
/var/run/opendkim/opendkim.pid)
Mar  4 05:46:39 vagrant-ubuntu-trusty-64 opendkim[6095]: B87B94019A:
alice.lan [192.168.41.20] not internal
Mar  4 05:46:39 vagrant-ubuntu-trusty-64 opendkim[6095]: B87B94019A: not
authenticated
Mar  4 05:46:39 vagrant-ubuntu-trusty-64 opendkim[6095]: B87B94019A: no
signing domain match for 'alice.lan'
Mar  4 05:46:39 vagrant-ubuntu-trusty-64 opendkim[6095]: B87B94019A: no
signing subdomain match for 'alice.lan'
Mar  4 05:46:39 vagrant-ubuntu-trusty-64 opendkim[6095]: B87B94019A: key
retrieval failed (s=mail, d=alice.lan): 'mail._domainkey.alice.lan' record
not found

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops