Hi everyone, I have an error with opendkim, I don’t receive emails from some external domains, how can I overcome this problem?
/var/log/maillog-20241215:Dec 10 15:10:55 vmi2077506 opendkim[883130]: 6F77B2E628BF: maild7.bancodelpacifico.com.ec [45.180.125.69] not internal
/var/log/maillog-20241215:Dec 10 15:10:55 vmi2077506 opendkim[883130]: 6F77B2E628BF: no signing domain match for 'bancodelpacifico.com.ec'
/var/log/maillog-20241215:Dec 10 15:10:55 vmi2077506 opendkim[883130]: 6F77B2E628BF: no signing subdomain match for 'bancodelpacifico.com.ec'
I guess you’ve chosen to block unsigned email, and it is being blocked?
In a default Virtualmin configuration SpamAssassin would assign points to missing DKIM. I don’t think DKIM missing alone is enough to consider it spam, but if any other tests match or you’ve lowered the threshold, that would explain it.
So, find the email in the spam folder and check the SpamAssassin headers for details about why it was categorized as spam.
You can also search for more of that ID (6F77B2E628BF) in the log to see what happened to it. It’d generally show a couple more entries as it gets handed off to procmail-wrapper/procmail, and you’d then follow it in the procmail log.
Unless you’ve changed it, the default configuration of SpamAssassin does not block on a failed DKIM test alone, there would need to be other tests that also failed.
You need to do what I suggested so you can see which tests failed and why the message was blocked. You can adjust SpamAssassin to be less sensitive to any test, but you should figure out what’s actually happening before you try to adjust things.
Oh, actually, that is configured to reject incoming mail with invalid DKIM signature. I didn’t know we offered a hard reject or that it was enabled by default. I’m surprised, actually, historically all of our rejection decisions are points-based in SpamAssassin instead of being a hard rejection. I guess this is more efficient, but it will reject anyone without valid DKIM.
You can turn that off. (Set “Reject incoming mail with invalid DKIM signature?” to “No”)