I’m currently fiddling with OpenDKIM under Rocky Linux 8. Currently I have OpenDKIM running on a CentOS 7 production server, and things are OK. My setup is documented here in my old archived blog:
I could manage to make this configuration work under Rocky Linux 8. But when I want to test my keys, I get the following result:
# opendkim-testkey -d slackbox.fr -s 01 -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '01._domainkey.slackbox.fr'
opendkim-testkey: key not secure
opendkim-testkey: key OK
Everything on my Rocky Linux 8 setup is exactly like it was under CentOS 7. Except now I get a key not secure response.
A brief Google search shows me that apparently this is due to the fact that I don’t use DNSSEC on my BIND DNS server.
I tried the setup anyway with my mail server, but unfortunately the online test shows me that DKIM is not working.
Does anybody here have experience with OpenDKIM ? Can you confirm that I now need DNSSEC to make it work ? I bluntly admit I know nothing about DNSSEC, except that I’m vaguely intimidated by it.
There was a problem with Postfix being unable to connect to OpenDKIM under the hood, but I could solve that with the right option in opendkim.conf.
Now DKIM seems to work and (most importantly) when I send a mail to check-auth@verifier.port25.com, the test succeeds and I get a nice DKIM = pass in response.
But still this key not secure warning as an answer to opendkim-testkey.
Actually that line doesn’t matter as far as I see. I commented it out, restart opendkim service, and ran the test and I don’t get that error. No idea why, but I definitely don’t use DNSSEC.