Opendkim Key Not Secure

Ubuntu 20, cannot get opendkim-testkey to pass for the life of me. Checked all dependencies, configs numerous times, any help appreciated.

-----------------------------------------------------------------
TEST
-----------------------------------------------------------------
opendkim-testkey -d (domain-name).net -s mail2 -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/(domain-name).net/mail2.private
opendkim-testkey: checking key 'mail2._domainkey.(domain-name).net'
opendkim-testkey: key not secure
opendkim-testkey: key OK
-----------------------------------------------------------------
PERMISSIONS:
-----------------------------------------------------------------
f: /etc/postfix/main.cf
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root postfix
-rw-r--r-- root root main.cf
-----------------------------------------------------------------
f: /etc/postfix/master.cf
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root postfix
-rw-r--r-- root root master.cf
-----------------------------------------------------------------
f: /etc/opendkim.conf
drwxr-xr-x root root /
drwxr-xr-x root root etc
-rw-r--r-- root root opendkim.conf
-----------------------------------------------------------------
f: /etc/opendkim/KeyTable
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x opendkim opendkim opendkim
-rw-r----- opendkim opendkim KeyTable
-----------------------------------------------------------------
f: /etc/opendkim/SigningTable
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x opendkim opendkim opendkim
-rw-r----- opendkim opendkim SigningTable
-----------------------------------------------------------------
f: /etc/opendkim/TrustedHosts
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x opendkim opendkim opendkim
-rw-r----- opendkim opendkim TrustedHosts
-----------------------------------------------------------------
f: /etc/opendkim/keys/(domain-name).net/mail.private
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x opendkim opendkim opendkim
drwx------ opendkim opendkim keys
drwx------ opendkim opendkim (domain-name).net
-rwx------ opendkim opendkim mail.private
-----------------------------------------------------------------
f: /etc/opendkim/keys/(domain-name).net/mail.txt
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x opendkim opendkim opendkim
drwx------ opendkim opendkim keys
drwx------ opendkim opendkim (domain-name).net
-rwx------ opendkim opendkim mail.txt
-----------------------------------------------------------------
USERS
-----------------------------------------------------------------
cat /etc/group | grep opendkim
mail:x:12:mail,postfix,opendkim
opendkim:x:120:
-----------------------------------------------------------------
cat /etc/group | grep postfix
mail:x:12:mail,postfix,opendkim
postfix:x:118:
-----------------------------------------------------------------
CONFIGS
-----------------------------------------------------------------
grep "^[^#;]" /etc/opendkim.conf
Syslog yes
SyslogSuccess yes
LogWhy yes
Canonicalization relaxed/relaxed
Mode sv
KeyFile /etc/opendkim/keys/(domain-name).net/mail2.private
UMask 002
Socket inet:8891@localhost
PidFile /var/run/opendkim/opendkim.pid
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
-----------------------------------------------------------------
grep "^[^#;]" /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_key_file = /etc/ssl/(domain-name)/STAR_(domain-name)_net.key
smtpd_tls_cert_file = /etc/ssl/(domain-name)/STAR_(domain-name)_net.crt
smtpd_tls_CAfile = /etc/ssl/(domain-name)/STAR_(domain-name)_net.ca-bundle
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail2.(domain-name).net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mail.(domain-name).net, localhost.localdomain, localhost
relayhost = (ip of internal relay server)
mynetworks = (all local public and private related networks)
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
-----------------------------------------------------------------
grep "^[^#;]" /etc/postfix/master.cf
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp -o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
-----------------------------------------------------------------
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, mail2.(domain-name).net, localhost.localdomain, localhost
myhostname = mail2.(domain-name).net
mynetworks = (all local public and private related networks)
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
relayhost = (ip of internal relay server)
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:localhost:8891
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_key_file = /etc/ssl/(domain-name)/STAR_(domain-name)_net.key
smtpd_tls_cert_file = /etc/ssl/(domain-name)/STAR_(domain-name)_net.crt
smtpd_tls_CAfile = /etc/ssl/(domain-name)/STAR_(domain-name)_net.ca-bundle
smtpd_tls_security_level = may
virtual_alias_maps = hash:/etc/postfix/virtual
-----------------------------------------------------------------
netstat -nl | grep 8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN

3 Sorted by: Reset to default

Opendkim Key Not Secure

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Why can't I find Kartana in Pokemon Sun?

Can you take off your custom skin's layers in Minecraft Pocket Edition?

Are the cards a one-time use?