안녕하세요.. 우분투 18.04에서 DKIM 및 Sendmail 서명을 사용한 설정에 대한 약 15가지 가이드를 읽었으며 어떤 이유로 서비스를 시작할 수 없지만 명령줄은 제대로 작동합니다.
/etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/mail/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:[email protected]
/etc/default/opendkim
# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
#SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:[email protected]"
SOCKET="inet:[email protected]" # listen on loopback on port 8891
명령줄에서 서비스를 시작하면 다음이 제공됩니다. root@myserverhostname:/etc/opendkim# systemctl start opendkim.service
Job for opendkim.service failed because the control process exited with error code. See "systemctl status opendkim.service" and "journalctl -xe" for details.
문제 해결
systemctl 상태 opendkim.service
root@myserverhostname:/etc/opendkim# systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-12-17 09:49:32 PST; 5s ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
man:opendkim-testadsp(8)
man:opendkim-testkey
http://www.opendkim.org/docs.html
Process: 11446 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p $SOCKET $DAEMON_OPTS (code=exited, status=64)
Process: 11442 ExecStartPre=/bin/chown opendkim.opendkim /var/run/opendkim (code=exited, status=0/SUCCESS)
Process: 11439 ExecStartPre=/bin/mkdir -p /var/run/opendkim (code=exited, status=0/SUCCESS)
Main PID: 13909 (code=exited, status=0/SUCCESS)
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
저널ctl -xe
root@myserverhostname:/etc/opendkim# journalctl -xe
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter: mi_stop=1
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter v2.10.3 terminating with status 0, errno = 0
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has begun starting up.
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: opendkim: usage: opendkim -p socketfile [options]
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -A auto-restart
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -b modes select operating modes
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -c canon canonicalization to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -d domlist domains to sign
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -D also sign subdomains
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -e name extract configuration value and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -f don't fork-and-exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -F time fixed timestamp to use when signing (test mode only)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -k keyfile location of secret key file
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -l log activity to system log
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -L limit signature limit requirements
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -n check configuration and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -o hdrlist list of headers to omit from signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -P pidfile file into which to write process ID
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -q quarantine messages that fail to verify
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -Q query test mode
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -r require basic RFC5322 header compliance
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -s selector selector to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -S signalg signature algorithm to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -t testfile evaluate RFC5322 message in "testfile"
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -T timeout DNS timeout (seconds)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -u userid change to specified userid
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -v increase verbosity during testing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -V print version number and terminate
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -W "why?!" mode (log sign/verify decision logic)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: -x conffile read configuration from conffile
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has failed.
--
-- The result is failed.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
문제가 무엇인지, 왜 시작되지 않는지 정확히 알 수 없지만 ExecStart 줄에 표시된 대로 명령을 사용하면 (구성 파일에서 소켓 채우기) ps에서 두 번 실행되는 것으로 나타납니다. 목록.
root@myserverhostname:/etc/opendkim# /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root@myserverhostname:/etc/opendkim# ps aux | grep opendkim
opendkim 11020 0.0 0.0 114932 3592 ? Ss 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
opendkim 11021 0.0 0.1 354864 9348 ? Sl 09:31 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root 11285 0.0 0.0 12944 864 pts/1 S+ 09:43 0:00 grep --color=auto opendkim
Netstat가 올바르게 표시되고 발신 이메일은 테스트로 내 Gmail 주소를 사용하여 서명 및 확인됩니다.
root@myserverhostname:/var/run/opendkim# netstat -nlp | grep 8891
tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 11521/opendkim
root@myserverhostname:/var/run/opendkim#
Dec 17 10:04:34 myserverhostname opendkim[11521]: 0BHI4W1k011594: DKIM-Signature field added (s=default, d=myserverhostname.ca)
Dec 17 10:04:34 myserverhostname sm-mta[11594]: 0BHI4W1k011594: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.ca;\n\ts=default; t=1608228274;\n\tbh=P8ERRrcY00MFB0/1JAF/I0afn2dfZMmgtMEeTAJNwbQ=;\n\th=From:To:Subject:Date;\n\tb=pe2VvSZZVJDrU5YWvvgV6VuzgkQd7tiypxHHhsUgBUampWu3sw1ezdSHi3wicwGps\n\t TyTxjl4hO1gxw3qXYGvTTqI0S6raI5P0UobSv+OstxgN6l00z5r4PtVfJUPsQUI6mO\n\t vpevQNA/sEPVDPYMV7BnsrGlsxZjPWB+knA/VEGA=
from: ME <[email protected]>
to: Dennis Lloyd <[email protected]>
date: Dec 17, 2020, 9:33 AM
subject: TEST dkim
mailed-by: myserverhostname.ca
signed-by: myserverhostname.ca
security: Standard encryption (TLS) Learn more
매우 혼란스럽습니다. 인터넷에서 묻는 다양한 질문에서 제안으로 찾을 수 있는 모든 것을 시도했습니다(그래서 어딘가에 지연되는 잘못된 구성을 남기지 않기를 바랍니다). 방화벽 항목이 추가되었습니다. 127.0을 시도했습니다. .0.1 및 소켓의 localhost도 마찬가지입니다.
나는 권한 문제에 기울고 있지만 사용자 opendkim은 예상되는 모든 것에 대한 권한도 가지고 있습니다. 어떤 제안이라도 주시면 감사하겠습니다!