Works for me here. Debian Lenny

I have already checked in the postfix and the amavis configuration, but I have lost myself...
Where exactly should the equivalence of the local mail and the mail coming from the authenticated users be set?

Correct me if I'm wrong. The signing is done by Amavis, which based on the rules in /etc/amavis/conf.d/50-user
signs the outgoing messages.
My line is as follows:

@dkim_signature_options_bysender_maps = ( {
    # ------------------------------------
    # For domain: domain.tld.
    # ------------------------------------
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key 

    'postmaster@domain.tld'    => { d => "domain.tld", a => 'rsa-sha256', ttl =>  7*24*3600 },
    #"spam-reporter@domain.tld"    => { d => "domain.tld", a => 'rsa-sha256', ttl =>  7*24*3600 },

    # explicit 'd' forces a third-party signature on foreign (hosted) domains
    "domain.tld"  => { d => "domain.tld", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host1.domain.tld"  => { d => "host1.domain.tld", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host2.domain.tld"  => { d => "host2.domain.tld", a => 'rsa-sha256', ttl => 10*24*3600 },
    # ---- End domain: domain.tld ----

    # catchall defaults
    '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
} );
$enable_dkim_verification = 1;  # enable DKIM signatures verification
$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key

Is the catchall line wrong?
Thank you for your help.

The emails are DKIM signed only when sent from localhost and not for the authenticated users.

Works for me here. Debian Lenny

# forward_method => 'smtp:[127.0.0.1]:10027',

and restarted amavisd-new and also rebooted the machine.

The emails are DKIM signed only when sent from localhost and not for the authenticated users.

Any clue on what else to check?

The problem was with the default configuration in amavisd.conf, in the original config a line in ORIGINATING pilicy bank was uncommented and was not valid for the config used in iredmail:

$policy_bank{'ORIGINATING'} = {
  ...
  #forward_method => 'smtp:[127.0.0.1]:10027',   <==== this line has to be commented for signing messages that are sended thought authenticated user
  ...

Fixed:
http://code.google.com/p/iredmail/sourc … 5e34d05294

Thanks for your report.

but when I run iredmail in vmware and have no problem.

so Ｉbelieve this is vps bug.

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  #forward_method => 'smtp:[127.0.0.1]:10027',   <==== this line has to be commented for signing messages that are sended thought authenticated user
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

I dont know if this is a bug in iredmail or is an effect of installing it in VPSs, the other problems with the default permission of the DKIM key has been reproduced  in several isntallations of iredmail in another VPSs.

# File: /etc/amavisd.conf
$log_level = 5;
$sa_debug = 1;

Restart amavisd service, and monitor /var/log/maillog, try to find out the root case and resolv it.

PD: The DNS is not configured because it is a preproduction system, we are proving the system and need all messages signed beeing from local host or from an authenticated user.

Regards in advance.

These are the outputs:

# amavisd testkeys
TESTING#1: dkim._domainkey.***** => invalid (public key: not available)

can not find the pbulic key in your dns.
you can check your dns setting.

# amavisd testkeys
TESTING#1: dkim._domainkey.***** => invalid (public key: not available)

(At this moment the DNS public key is not configured, so this error seems normal)

# amavisd showkeys
; key#1, domain *****, /var/lib/dkim/*****.pem
dkim._*****.    3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVtPefvZuLQd9aw2WEe8j5FX4n"
  "WkPMY8IXjCvQgcOVY/3xJ/dv4K/1xLjR8r1XOmf2jSwxWzHr7acpY5CRnDVQeoHF"
  "a1s9gYFrkxyFYeqN0UdnpfPVOjiVnu0IuZan3UjC77dYosvdRM1tx8NH51FZNRHF"
  "RiJ+VFkp8ygkNvnrAwIDAQAB")

# amavisd testkeys
# amavisd showkeys

It seems there are some issues in Amavisd while you deploy iRedMail on VPS (OpenVZ), but no issues in real hardware.

after givin permission to the file amavis starts correctly. Is this a bug in installation?

The other problem is signing mails, if I send a mail using a mail client with an authenticated account the message is not DKIM signed, but if Isend the message from localhost without authenticating the message is signed, how can I change the behaviour for signing all messages??

These are the message headers the first with an authenticated user using a mail client the second sent from localhost usin telnet to the 25 port:

Delivered-to: *****
Recibido: by ***** with SMTP id t15cs26868wet; Fri, 3 Jul 2009 08:54:24 -0700 (PDT)
Recibido: by ***** with SMTP id k8mr1394605bkq.117.1246636464213; Fri, 03 Jul 2009 08:54:24 -0700 (PDT)
Return-path: <info@*****>
Recibido: from ***** ([*****]) by ***** with ESMTP id 2si400038bwz.21.2009.07.03.08.54.21; Fri, 03 Jul 2009 08:54:21 -0700 (PDT)
Received-spf: neutral (*****: **** is neither permitted nor denied by best guess record for domain of info@*****) client-ip=*****;
Authentication-results: *****; spf=neutral (*****: ***** is neither permitted nor denied by best guess record for domain of info@*****) smtp.mail=info@*****
Recibido: from localhost (***** [*****]) by ***** (iRedMail) with ESMTP id 360B81AE8E56 for <*****>; Fri,  3 Jul 2009 15:54:21 +0000 (UTC)
X-virus-scanned: amavisd-new at *****
Recibido: from ***** ([127.0.0.1]) by localhost (**** [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20v66WS6s6jW for <****>; Fri,  3 Jul 2009 17:54:21 +0200 (CEST)
Recibido: from [192.168.0.120] (***** [*****]) by ***** (iRedMail) with ESMTPSA id 2E0F01AE8E50 for <*****>; Fri,  3 Jul 2009 17:47:59 +0200 (CEST)

Delivered-to: *****
Recibido: by ***** with SMTP id t15cs26460wet; Fri, 3 Jul 2009 08:42:28 -0700 (PDT)
Recibido: by ***** with SMTP id e15mr223982ebo.90.1246635748455; Fri, 03 Jul 2009 08:42:28 -0700 (PDT)
Return-path: <info@*****>
Recibido: from ***** ([*****]) by ***** with ESMTP id 6si6822199ewy.6.2009.07.03.08.42.26; Fri, 03 Jul 2009 08:42:26 -0700 (PDT)
Received-spf: neutral (*****: ***** is neither permitted nor denied by best guess record for domain of info@*****) client-ip=*****;
Authentication-results: *****; spf=neutral (*****: ***** is neither permitted nor denied by best guess record for domain of info@*****) smtp.mail=info@*****; dkim=neutral (no key) header.i=@*****
Recibido: from localhost (***** [127.0.0.1]) by ***** (iRedMail) with ESMTP id 7C838BC8004 for <*****>; Fri,  3 Jul 2009 15:42:26 +0000 (UTC)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d= *****; h=to:from:date:message-id:subject: x-virus-scanned; s=dkim; t=1246635746; x=1247499746; bh=frcCV1k9 oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; b=tljmcyx8OWi9HoTyMRYa+y0Z 9pGBArLoO/oi3GvUW3iOCXLONs07xbldVj1Z4rxC/bIVfEETEAEYVCER8mp4jThM Mn0q4Rnnim9PdMx5FvgEYCeU2Jf53pXg+/tPVYvEhqG6qB0bDTOh1k0G5xSR7Fed PPjG+E8KbcRqjfTLGNs=
X-virus-scanned: amavisd-new at ****
X-amavis-alert: BAD HEADER SECTION, MIME error: error: unexpected end of header
Recibido: from ***** ([127.0.0.1]) by localhost (***** [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UDzqD70eFF-Q for <*****>; Fri,  3 Jul 2009 17:42:26 +0200 (CEST)
Recibido: from ***** (***** [127.0.0.1]) by ***** (iRedMail) with ESMTP id A4FC0BC8002 for <*****>; Fri,  3 Jul 2009 15:42:06 +0000 (UTC)