In this problem, I have configured OpenDKIM to use a signing table, which was saved at /etc/opendkim/signing.table. The signing table contains:
*@onlybmw.com default._domainkey.onlybmw.comThis is supposed to allow OpenDKIM to recognize any email addresses for domain onlybmw.com, however, OpenDKIM still fails to recognize [email protected], and thus, won’t sign in.
When I changed the content of the signing table to:
noreply@onlybmw.com default._domainkey.onlybmw.comOpenDKIM signs the email [email protected] without any problem. So why is *@onlybmw.com not working? The wildcard means that OpenDKIM is supposed to sign any email coming from onlybmw.com.
Troubleshooting
The signing table is correct and using a wildcard is not the issue. It’s how OpenDKIM parses the SigningTable.
Wildcards require refile: in opendkim.conf
In /etc/opendkim.conf, if you have:
SigningTable /etc/opendkim/signing.table
- OpenDKIM treats the lines literally, so
*@onlybmw.comdoes not match[email protected]. - Wildcards only work if you use the
refile:prefix:
SigningTable refile:/etc/opendkim/signing.table
refile:tells OpenDKIM to treat the left-hand side as a regex or pattern, so*@onlybmw.comworks.
Why your explicit email works
[email protected] default._domainkey.onlybmw.com
- Exact match, so OpenDKIM finds the selector immediately.
- No wildcard needed — that’s why it “passes.”
How to make wildcards work
- Edit
/etc/opendkim.conf:
SigningTable refile:/etc/opendkim/signing.table
- Keep SigningTable with wildcards:
*@astralmeta.com default._domainkey.astralmeta.com
*@onlybmw.com default._domainkey.onlybmw.com
- Restart OpenDKIM:
sudo systemctl restart opendkim
- Test by sending from any address in that domain:
- OpenDKIM should now sign
[email protected],[email protected], etc.
Summary
*@domain.comdoes not work withSigningTable /etc/opendkim/signing.table(literal match).refile:is required for wildcards or regex.- Exact addresses always work.