Buenos días... He leído alrededor de 15 guías diferentes sobre la configuración con DKIM y la firma de Sendmail en ubuntu 18.04 y por alguna razón no puedo iniciar el servicio, pero la línea de comando funciona bien.
/etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/mail/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:[email protected]
/etc/default/opendkim
# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
#SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:[email protected]"
SOCKET="inet:[email protected]" # listen on loopback on port 8891
Al iniciar el servicio en la línea de comando se obtiene: root@myserverhostname:/etc/opendkim# systemctl start opendkim.service
Job for opendkim.service failed because the control process exited with error code. See "systemctl status opendkim.service" and "journalctl -xe" for details.
solución de problemas
estado systemctl opendkim.service
root@myserverhostname:/etc/opendkim# systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-12-17 09:49:32 PST; 5s ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
man:opendkim-testadsp(8)
man:opendkim-testkey
http://www.opendkim.org/docs.html
Process: 11446 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p $SOCKET $DAEMON_OPTS (code=exited, status=64)
Process: 11442 ExecStartPre=/bin/chown opendkim.opendkim /var/run/opendkim (code=exited, status=0/SUCCESS)
Process: 11439 ExecStartPre=/bin/mkdir -p /var/run/opendkim (code=exited, status=0/SUCCESS)
Main PID: 13909 (code=exited, status=0/SUCCESS)
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
diarioctl -xe
root@myserverhostname:/etc/opendkim# journalctl -xe
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter: mi_stop=1
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter v2.10.3 terminating with status 0, errno = 0
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has begun starting up.
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: opendkim: usage: opendkim -p socketfile [options]
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -A auto-restart
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -b modes select operating modes
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -c canon canonicalization to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -d domlist domains to sign
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -D also sign subdomains
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -e name extract configuration value and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -f don't fork-and-exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -F time fixed timestamp to use when signing (test mode only)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -k keyfile location of secret key file
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -l log activity to system log
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -L limit signature limit requirements
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -n check configuration and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -o hdrlist list of headers to omit from signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -P pidfile file into which to write process ID
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -q quarantine messages that fail to verify
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -Q query test mode
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -r require basic RFC5322 header compliance
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -s selector selector to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -S signalg signature algorithm to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -t testfile evaluate RFC5322 message in "testfile"
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -T timeout DNS timeout (seconds)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -u userid change to specified userid
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -v increase verbosity during testing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -V print version number and terminate
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -W "why?!" mode (log sign/verify decision logic)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -x conffile read configuration from conffile
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has failed.
--
-- The result is failed.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
No puedo ver exactamente cuál es el problema y por qué no se inicia, pero cuando uso el comando como se muestra en las líneas de ExecStart: (llenando el socket del archivo de configuración) parece estar ejecutándose dos veces en el ps lista.
root@myserverhostname:/etc/opendkim# /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root@myserverhostname:/etc/opendkim# ps aux | grep opendkim
opendkim 11020 0.0 0.0 114932 3592 ? Ss 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
opendkim 11021 0.0 0.1 354864 9348 ? Sl 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root 11285 0.0 0.0 12944 864 pts/1 S+ 09:43 0:00 grep --color=auto opendkim
Netstat se muestra correctamente y el correo electrónico saliente se firma y verifica utilizando mi dirección de Gmail como prueba.
root@myserverhostname:/var/run/opendkim# netstat -nlp | grep 8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 11521/opendkim
root@myserverhostname:/var/run/opendkim#
Dec 17 10:04:34 myserverhostname opendkim[11521]: 0BHI4W1k011594: DKIM-Signature field added (s=default, d=myserverhostname.ca)
Dec 17 10:04:34 myserverhostname sm-mta[11594]: 0BHI4W1k011594: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.ca;\n\ts=default; t=1608228274;\n\tbh=P8ERRrcY00MFB0/1JAF/I0afn2dfZMmgtMEeTAJNwbQ=;\n\th=From:To:Subject:Date;\n\tb=pe2VvSZZVJDrU5YWvvgV6VuzgkQd7tiypxHHhsUgBUampWu3sw1ezdSHi3wicwGps\n\t TyTxjl4hO1gxw3qXYGvTTqI0S6raI5P0UobSv+OstxgN6l00z5r4PtVfJUPsQUI6mO\n\t vpevQNA/sEPVDPYMV7BnsrGlsxZjPWB+knA/VEGA=
from: ME <[email protected]>
to: Dennis Lloyd <[email protected]>
date: Dec 17, 2020, 9:33 AM
subject: TEST dkim
mailed-by: myserverhostname.ca
signed-by: myserverhostname.ca
security: Standard encryption (TLS) Learn more
Estoy muy confundido, probé todo lo que pude encontrar como sugerencia de muchas preguntas diferentes formuladas en Internet (así que espero no haber dejado alguna configuración incorrecta retrasada en alguna parte). Se agregó la entrada de firewall, probé 127.0 .0.1 y localhost para el socket también.
Me inclino por un problema de permisos, pero el usuario opendkim también tiene permisos para todo lo que se supone. ¡Cualquier sugerencia será muy apreciada!