Answer the question
In order to leave comments, you need to log in
D
D
Dymok2018-03-25 03:12:08
Dymok, 2018-03-25 03:12:08
Postfix not signing with DKIM?
I'm trying to set up DKIM signing of letters, I did everything according to this manual, but for some reason Postfix swears that the opendkim.sock file is missing:
Mar 25 00:04:16 vps postfix/cleanup[2035]: warning: connect to Milter service unix:/var/run/opendkim/opendkim.sock: No such file or directoryAlthough this file exists and has, it seems, all the necessary rights
[email protected]:/var/run/opendkim$ ls -la
total 4
drwxr-xr-x 2 opendkim opendkim 80 Mar 24 22:57 .
drwxr-xr-x 27 root root 940 Mar 24 22:58 ..
-rw-r--r-- 1 opendkim opendkim 5 Mar 24 22:57 opendkim.pid
srwxrwxrwx 1 opendkim opendkim 0 Mar 24 22:57 opendkim.sockopendkim running
opendkim config:
spoiler
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/dkimkeys/dkim.key
#Selector 2007
# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package
# ResolverConfiguration /etc/unbound/unbound.conf
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
Canonicalization relaxed/relaxed
SyslogSuccess yes
KeyTable file:/etc/opendkim/keytable
SigningTable file:/etc/opendkim/signingtable
X-Header yes
#Thanks in advance.
UPD: The problem was in the wrong paths and permissions.
2 answer(s)
@UnluckySerivelha
@Tantacula
A
Alexander Chernykh, 2018-03-25 @UnluckySerivelha
inconsistency, you have UMask 002 in your conf, and the rights to the socket turned out to be srwxrwxrwx, and with such a mask you should have srwxrwxr-x,
so add
UserID opendkim: opendkim in the conf
and the postfix user must be part of the opendkim group
or Umask 000
and restart the service :- )
D
Dmitry Evgrafovich, 2019-06-25 @Tantacula
In case someone encounters the same problem, the solution from here https://serverfault.com/questions/796742/connect-t... helped me , Alexander did not describe what he did, so I'll leave the link here. As far as I understand, when postfix is started with the "chroot = y" parameters in the config, /var/spool/postfix becomes its parent directory and because of this it does not see the var/run/opendkim folder.
Similar questions
P
C
W
D
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question