Join Log in
Score:0
avatar Server

opendkim milter not launching on proper server socket

cn flag
Jerome

The following error impeded the restart of opendkim

× opendkim.service - OpenDKIM Milter
     Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-04-22 08:00:27 UTC; 2s ago
[...]    Process: 2295 ExecStart=/usr/sbin/opendkim (code=exited, status=78)
opendkim.service: Control process exited, code=exited, status=78/CONFIG

Attempting to consult the (unencrypted, and possibly not updated) documentation, nothing was found regarding status=78.
But clearly the milter configurations are incorrect somehow. /etc/postfix/main.cf defines:

# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

whereas /etc/opendkim.conf has

Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes

Canonicalization        relaxed/simple
Mode                    sv
SubDomains              no
OversignHeaders         From

UserID                  opendkim
UMask                   007

Socket                  local:/var/spool/postfix/opendkim/opendkim.sock

#Nameservers            127.0.0.1
AutoRestart                     yes
AutoRestartRate                 10/1M
Background                      yes
DNSTimeout                      5
SignatureAlgorithm              rsa-sha256

ExternalIgnoreList      refile:/etc/opendkim/trusted.hosts
InternalHosts           refile:/etc/opendkim/trusted.hosts
KeyTable                refile:/etc/opendkim/key.table
SigningTable            refile:/etc/opendkim/signing.table

PidFile                 /var/run/opendkim/opendkim.pid
# UserID                  opendkim:opendkim

I noticed the following:
• the opendkim config originally referenced ExternalIgnoreList refile:/etc/opendkim/TrustedHosts whereas the existing file is /etc/opendkim/trusted.hosts. This repeats for the whole block. The whole block was amended to the lower case dot-separaated file names and the service then restarts.

However, emails, while being sent get logged by postfix with: warning: connect to Milter service local:opendkim/opendkim.sock: No such file or directory

cd /var/spool/postfix/opendkim
-bash: cd: /var/spool/postfix/opendkim: No such file or directory

I also see no pid file in /var/run/opendkim/

There are probably a few things wrong here between the postfix smtpd_milters = local:opendkim/opendkim.sock configuration and the opendkim Socket definition. What needs to be changed?

Update
warning: connect to Milter service local:opendkim/opendkim.sock: Permission denied is still in the mail logs, thus that element of configuration is wrong.

changing the setting in postfix/main.cf to

smtpd_milters = local:/var/spool/postfix/opendkim/opendkim.sock

results in: warning: connect to Milter service local:/var/spool/postfix/opendkim/opendkim.sock: No such file or directory. The existence of /var/spool/postfix/opendkim/opendkim.sock is verified.

230
2 + 5
Paul avatar
cn flag
Paul
What OS are you using?
0
Reply
cn flag
Jerome
Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-70-generic x86_64)
0
Reply
Paul avatar
cn flag
Paul
The `main.cf` use of `local` I didn't see documented in `smtpd`, and in my servers I use the documented `unix`: `smtpd_milters = unix:opendkim/opendkim.sock`, but I don't know if this fixes anything for you.
0
Reply
cn flag
Jerome
Alas, `warning: connect to Milter service unix:/var/spool/postfix/opendkim/opendkim.sock: No such file or directory`
0
Reply
cn flag
Jerome
... and `warning: connect to Milter service unix:opendkim/opendkim.sock: Permission denied` what directory would ` unix:opendkim/` refer to? that directory does not exists at root level.
0
Reply
Score:2
anx avatar Server
fr flag
anx

While that is the path where the socket lies on the system, that is not the path chrooted smtpd instances will see it at:

smtpd_milters = local:/var/spool/postfix/opendkim/opendkim.sock

Postfix smtpd wants a path relative to the chroot directory, it does not know about the /var/spool/postfix/ path after start.

smtpd_milters = unix:opendkim/opendkim.sock

You can find the details in /usr/share/doc/postfix/MILTER_README and man 5 master, just quoting the key info here, emphasis mine:

If the smtpd(8) or cleanup(8) process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory. On many systems, local is a synonym for unix

+ 0
Score:0
avatar Server
cn flag
Jerome

Partial solution

sudo chown opendkim:postfix /var/spool/postfix/opendkim was required to give postfix the permissions to create opendkim.sock

and while opendkim.service: Can't open PID file /run/opendkim/opendkim.pid (yet?) after start: Operation not permitted occured it was temporary

Started OpenDKIM Milter. follwoed shortly thereafter and /run/opendkim/opendkim.pid was effectively created an opendkim.pid owned by root.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.