Implementing DKIM Signing with Amavisd-new on Zimbra 7.0.0 Beta 3

[vavai]

Hi,

I'm currently testing Zimbra 7.0.0 beta 3 and found that amavisd-new version include on Zimbra is 2.6.4.

According to Amavisd-new documentation, I could applying DKIM signing with amavisd-new without milter.

I generate the key with the following command :

Code:

/opt/zimbra/amavisd/sbin/amavisd genrsa /var/db/dkim/vavai-mail.key.pem

and found /var/db/dkim/vavai-mail.key.pem with the following content :

Code:

cat /var/db/dkim/vavai-mail.key.pem 
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC8QypfEY3tnxEx3OMjtV1UMotFdELVDfvJc91fi7/JHq0ldzoD
Nc9juysnQN46kwEJEIeumA2ML65kCIHHL4wGzT1yCd+9GJRo613z638RP6Djvfdd
n9u6gHaxcjBIsGC73KH/r9lll3Ieq0wAuImKu+/OQEVvH3WMOCk5nI9lSQIDAQAB
AoGBALZ7kEWoeV88EWm4xz6knPtxJshC4kksDcR+l7T2fAcRwhmP0N6tuQHduf2J
hh9WwOktaadV4cPhr/Nsv4b4UovVWexC7fKR543hDxohSh19CHWieTqzA0AHQyNw
41bpNAU++bRD7m2ibEKsIizFdLCrg3vCuFXQiDlCrZdWBVlRAkEA86rZXrfu1ZX/
9tpZnWJmUhkYYBylnKEfCUhJ9Th4DUHQQVmYDs+YixH/GklvJJxBvi44Q2asNKWw
5CEymZESXQJBAMXKccS5c+M13Ma6+AsT1cPjvPXAEXzbGB/szGvRT10Su2mz+3Wu
hW/8uacIuxRPVRJ0BF/N1nBLYutCInT6B90CQQCSiMg4Af0LTS2lUiJaV3aZIKZc
Bl5CF1MGzgZMBi2MK2wGIM8k+QsPdz8mm8rPBXkz2a/UOMaO0qXSS3SWjXuxAkBh
3JqRxVhrcPj9cwDLKlM4CvQxe4iriBPVp+o05mkoGd6UnDKstV7cW+TXmmBF2kKz
UKfhZwzUntggoqY9zoAZAkAKidp0PYL6UCcpJUazjJVJWnkJZOBC50KsZE+xCL70
zfVf02wSyAZt0Ibzzpq2lSZ+L+/toSCi5oyco2phy4BQ
-----END RSA PRIVATE KEY-----

And then modifying /opt/zimbra/conf/amavisd.conf.in with the following content :

Code:

# Enable DKIM verification
$enable_dkim_verification = 1;
#$enable_dkim_verification = %%binary VAR:zimbraDKIMVerificationEnabled%%;
#$enable_dkim_signing = %%binary VAR:zimbraDKIMSigningEnabled%%;
$enable_dkim_signing = 1;
dkim_key('vavai.web.id', 'mail', '/var/db/dkim/vavai-mail.key.pem');
@dkim_signature_options_bysender_maps = (
    { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.2.2.1/32);  # list your internal networks

But running :

Code:

/opt/zimbra/amavisd/sbin/amavisd showkeys

display following response :

Quote:

WARN: running under user '1001' (UID=1001), the config file specifies $daemon_user='vscan' (UID=65)
No DKIM private keys declared in a config file.

Question : What's problem with above configuration ? I'm testing with plain amavisd-new+postfix (not with Zimbra) without problem and amavisd showkeys shows my TXT records content sucessfully.

Any help greatly appreciated.

[vavai]

I don't know it's bug or not but it seems that will looing for /etc/amavisd.conf instead of /opt/zimbra/conf/amavisd.conf, so I would to update /etc/amavisd.conf also.

According to bug 11524, it's still not possible to automatically integrating DKIM implementation in amavisd-new with Zimbra, due to LDAP feature on Amavisd-new 2.6.x. It would to wait amavisd-new 2.7.

At the end, I choose OpenDKIM to achieve same goal, signing Zimbra mail with DKIM header.