I have a nicely working OpenSMTPD configuration and I added dkimproxy to it.
Everything is working nicely and mail-tester, etc., all report that I have proper DKIM signing and my email score is 10/10, etc.
The problem is ...
If I attempt to send an email from user@mydomain.com to other_user@mydomain.com the mail server gets into a loop and the mail never gets sent. I see this in maillog:
Nov 15 08:34:13 mail dkimproxy.out[38686]: DKIM signing - signed; message-id=<4dea9099466e00b7@mail.mydomain.com>, signer=<MAILER-DAEMON@mail.mydomain.com>, from=<MAILER-DAEMON@mail.mydomain.com>
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp message msgid=0b62ff80 size=104666 nrcpt=1 proto=ESMTP
Nov 15 08:34:13 mail smtpd[33463]: 4dea90938ef29e98 smtp envelope evpid=0b62ff80eb408785 from=<> to=<joey@mydomain.com>
Nov 15 08:34:13 mail smtpd[33463]: 4dea9092f4274d88 mta delivery evpid=6fe8c750a74f16ac from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="Ok" stat="250 2.0.0 0b62ff80 Message accepted for delivery"
... and it loops like that maybe 50 times over and over - eventually it gives up with this error:
Nov 15 08:34:18 mail smtpd[33463]: warn: loop detected
Nov 15 08:34:18 mail smtpd[33463]: 4dea9097226c93aa smtp failed-command command="DATA" result="500 5.4.6 Routing loop detected: Loop detected"
Nov 15 08:34:18 mail smtpd[33463]: 4dea90969c6cf495 mta delivery evpid=49514d020281ac48 from=<> to=<joey@mydomain.com> rcpt=<-> source="200.100.240.135" relay="200.100.240.135 (mail.mydomain.com)" delay=1s result="PermFail" stat="500 5.4.6 Routing loop detected: Loop detected"
I have no idea what the issue is. This only happens when I send email to myself or to another user with this domain that is hosted on this mail server.
# cat dkimproxy_in.conf
specify what address/port DKIMproxy should listen on
listen 200.100.240.135:10025
specify what address/port DKIMproxy forwards mail to
relay 200.100.240.135:10026
cat dkimproxy_out.conf
specify what address/port DKIMproxy should listen on
listen 200.100.240.135:10027
specify what address/port DKIMproxy forwards mail to
relay 200.100.240.135:10028
specify what domains DKIMproxy can sign for (comma-separated, no spaces)
domain mydomain.com
specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
specify location of the private key
keyfile /root/dkim.private.key
specify the selector (i.e. the name of the key record put in DNS)
selector selector1
control how many processes DKIMproxy uses
- more information on these options (and others) can be found by
running `perldoc Net::Server::PreFork'.
#min_servers 5
#min_spare_servers 2
... and that's everything ... thank you.
EDIT - here is the opensmtpd.conf:
table aliases file:/usr/local/etc/mail/aliases
filter check_dyndns phase connect match rdns regex
{ '..dyn..', '..dsl..' }
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns
disconnect "550 no rDNS"
filter check_fcrdns phase connect match !fcrdns
disconnect "550 no FCrDNS"
listen on 200.100.240.135 filter { check_dyndns, check_rdns, check_fcrdns }
listen on 200.100.240.135 port 10028 tag DKIM
listen on 200.100.240.135 port submission
action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://200.100.240.135:10027
action "outbound" relay helo mail.mydomain.com
match from any mail-from "sensors@mydomain.com" action "local_mail"
match tag DKIM for any action "outbound"
match for any action "relay_dkim"
match from any for domain "mydomain.com" action "local_mail"
match for local action "local_mail"
match from any auth for any action "outbound"
match for any action "outbound"
