Guten Morgen. Ich habe ungefähr 15 verschiedene Anleitungen zum Einrichten mit DKIM und Sendmail-Signierung unter Ubuntu 18.04 gelesen und aus irgendeinem Grund kann ich den Dienst nicht starten, aber die Befehlszeile funktioniert einwandfrei
/etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/mail/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:[email protected]
/etc/default/opendkim
# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
#SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:[email protected]"
SOCKET="inet:[email protected]" # listen on loopback on port 8891
Das Starten des Dienstes über die Befehlszeile ergibt: root@myserverhostname:/etc/opendkim# systemctl start opendkim.service
Job for opendkim.service failed because the control process exited with error code. See "systemctl status opendkim.service" and "journalctl -xe" for details.
Fehlerbehebung
systemctl status opendkim.service
root@myserverhostname:/etc/opendkim# systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-12-17 09:49:32 PST; 5s ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
man:opendkim-testadsp(8)
man:opendkim-testkey
http://www.opendkim.org/docs.html
Process: 11446 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p $SOCKET $DAEMON_OPTS (code=exited, status=64)
Process: 11442 ExecStartPre=/bin/chown opendkim.opendkim /var/run/opendkim (code=exited, status=0/SUCCESS)
Process: 11439 ExecStartPre=/bin/mkdir -p /var/run/opendkim (code=exited, status=0/SUCCESS)
Main PID: 13909 (code=exited, status=0/SUCCESS)
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
journalctl -xe
root@myserverhostname:/etc/opendkim# journalctl -xe
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter: mi_stop=1
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter v2.10.3 terminating with status 0, errno = 0
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has begun starting up.
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: opendkim: usage: opendkim -p socketfile [options]
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -A auto-restart
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -b modes select operating modes
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -c canon canonicalization to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -d domlist domains to sign
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -D also sign subdomains
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -e name extract configuration value and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -f don't fork-and-exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -F time fixed timestamp to use when signing (test mode only)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -k keyfile location of secret key file
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -l log activity to system log
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -L limit signature limit requirements
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -n check configuration and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -o hdrlist list of headers to omit from signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -P pidfile file into which to write process ID
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -q quarantine messages that fail to verify
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -Q query test mode
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -r require basic RFC5322 header compliance
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -s selector selector to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -S signalg signature algorithm to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -t testfile evaluate RFC5322 message in "testfile"
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -T timeout DNS timeout (seconds)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -u userid change to specified userid
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -v increase verbosity during testing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -V print version number and terminate
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -W "why?!" mode (log sign/verify decision logic)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -x conffile read configuration from conffile
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has failed.
--
-- The result is failed.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Ich kann nicht genau erkennen, wo das Problem liegt und warum es nicht startet, aber wenn ich den Befehl wie in den ExecStart-Zeilen gezeigt verwende: (den Socket aus der Konfigurationsdatei ausfüllen), scheint es in der PS-Liste zweimal ausgeführt zu werden.
root@myserverhostname:/etc/opendkim# /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root@myserverhostname:/etc/opendkim# ps aux | grep opendkim
opendkim 11020 0.0 0.0 114932 3592 ? Ss 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
opendkim 11021 0.0 0.1 354864 9348 ? Sl 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root 11285 0.0 0.0 12944 864 pts/1 S+ 09:43 0:00 grep --color=auto opendkim
Netstat wird korrekt angezeigt und ausgehende E-Mails werden testweise mit meiner Gmail-Adresse signiert und verifiziert.
root@myserverhostname:/var/run/opendkim# netstat -nlp | grep 8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 11521/opendkim
root@myserverhostname:/var/run/opendkim#
Dec 17 10:04:34 myserverhostname opendkim[11521]: 0BHI4W1k011594: DKIM-Signature field added (s=default, d=myserverhostname.ca)
Dec 17 10:04:34 myserverhostname sm-mta[11594]: 0BHI4W1k011594: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.ca;\n\ts=default; t=1608228274;\n\tbh=P8ERRrcY00MFB0/1JAF/I0afn2dfZMmgtMEeTAJNwbQ=;\n\th=From:To:Subject:Date;\n\tb=pe2VvSZZVJDrU5YWvvgV6VuzgkQd7tiypxHHhsUgBUampWu3sw1ezdSHi3wicwGps\n\t TyTxjl4hO1gxw3qXYGvTTqI0S6raI5P0UobSv+OstxgN6l00z5r4PtVfJUPsQUI6mO\n\t vpevQNA/sEPVDPYMV7BnsrGlsxZjPWB+knA/VEGA=
from: ME <[email protected]>
to: Dennis Lloyd <[email protected]>
date: Dec 17, 2020, 9:33 AM
subject: TEST dkim
mailed-by: myserverhostname.ca
signed-by: myserverhostname.ca
security: Standard encryption (TLS) Learn more
Ich bin sehr verwirrt. Ich habe alles versucht, was ich als Vorschlag aus den vielen verschiedenen Fragen im Internet finden konnte (ich hoffe also, dass ich nicht irgendwo eine fehlerhafte Konfiguration hinterlassen habe). Ein Firewall-Eintrag wurde hinzugefügt. Ich habe auch 127.0.0.1 und localhost für den Socket ausprobiert.
Ich neige zu einem Berechtigungsproblem, aber der Benutzer opendkim hat Berechtigungen für alles, was er haben soll. Jeder Vorschlag wäre sehr willkommen!