How to setup Postfix with Opendkim to automatically sign PHP emails?

I've found that:

  • submitted emails are signed properly (ie those sent with MUA's like Outlook and Thunderbird)
  • command-line sent emails are signed properly

emails sent with PHP, in particular case PHPMailer (non-smtp submitted, ordinary PHP mail()) are signed incorrectly.

I have heard about phpMailDomainSigner, which is kind of hack approach, and I would like to solve this at the top - MTA / milter level if possible.

Here are:

/etc/opendkim.conf

# Log to syslog
Syslog                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
#UMask                  002
# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
# Disable new umask option by default (not needed since Ubuntu default
# uses a TCP socket instead of a Unix socket).

# Attempt to become the specified userid before starting operations.
#UserID                 105 # 'id postfix' in your shell


Domain                  mysubdomain.domain.tld
KeyFile                 /etc/mail/mail.private
Selector                mail

# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart             yes
Background              yes
Canonicalization        relaxed/relaxed
DNSTimeout              5
Mode                    sv
SignatureAlgorithm      rsa-sha256
SubDomains              no
#UseASPDiscard          no
#Version                rfc4871
X-Header                no

Statistics              /var/log/dkim-filter/dkim-stats

/etc/default/opendkim

SOCKET="inet:8891@localhost"

/etc/postfix/main.cf (last lines of config file)

# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Check your php mail() sent emails for Proper SMTP From aka Envelope From headers. If they don't have something like [email protected] as SMTP From address, opendkim won't sign them as you have Domain mysubdomain.domain.tld in your /etc/opendkim file.