無法啟動 opendkim 服務,但命令列工作正常

tag-icon tag-icon ubuntu sendmail opendkim
無法啟動 opendkim 服務,但命令列工作正常

早安..我已經閱讀了大約 15 份關於在 ubuntu 18.04 上使用 DKIM 和 Sendmail 簽名進行設定的不同指南,由於某種原因我無法啟動該服務,但命令行工作正常

/etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
Mode                    sv
PidFile                 /var/mail/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
UserID                  opendkim:opendkim
Socket                  inet:[email protected]

/etc/default/opendkim

# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
#SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:[email protected]"
SOCKET="inet:[email protected]" # listen on loopback on port 8891

在命令列上啟動服務給定: root@myserverhostname:/etc/opendkim# systemctl start opendkim.service

Job for opendkim.service failed because the control process exited with error code. See "systemctl status opendkim.service" and "journalctl -xe" for details.

故障排除

systemctl 狀態 opendkim.service

root@myserverhostname:/etc/opendkim# systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2020-12-17 09:49:32 PST; 5s ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 11446 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p $SOCKET $DAEMON_OPTS (code=exited, status=64)
  Process: 11442 ExecStartPre=/bin/chown opendkim.opendkim /var/run/opendkim (code=exited, status=0/SUCCESS)
  Process: 11439 ExecStartPre=/bin/mkdir -p /var/run/opendkim (code=exited, status=0/SUCCESS)
 Main PID: 13909 (code=exited, status=0/SUCCESS)

Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.

日誌控制-xe

root@myserverhostname:/etc/opendkim# journalctl -xe
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter: mi_stop=1
Dec 17 09:49:27 myserverhostname.domain.com opendkim[11403]: OpenDKIM Filter v2.10.3 terminating with status 0, errno = 0
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has begun starting up.
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]: opendkim: usage: opendkim -p socketfile [options]
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -A                  auto-restart
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -b modes            select operating modes
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -c canon            canonicalization to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -d domlist          domains to sign
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -D                  also sign subdomains
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -e name             extract configuration value and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -f                  don't fork-and-exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -F time             fixed timestamp to use when signing (test mode only)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -k keyfile          location of secret key file
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -l                  log activity to system log
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -L limit            signature limit requirements
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -n                  check configuration and exit
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -o hdrlist          list of headers to omit from signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -P pidfile          file into which to write process ID
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -q                  quarantine messages that fail to verify
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -Q                  query test mode
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -r                  require basic RFC5322 header compliance
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -s selector         selector to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -S signalg          signature algorithm to use when signing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -t testfile         evaluate RFC5322 message in "testfile"
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -T timeout          DNS timeout (seconds)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -u userid           change to specified userid
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -v                  increase verbosity during testing
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -V                  print version number and terminate
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -W                  "why?!" mode (log sign/verify decision logic)
Dec 17 09:49:32 myserverhostname.domain.com opendkim[11446]:         -x conffile         read configuration from conffile
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Control process exited, code=exited status=64
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit opendkim.service has failed.
--
-- The result is failed.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Unit entered failed state.
Dec 17 09:49:32 myserverhostname.domain.com systemd[1]: opendkim.service: Failed with result 'exit-code'.

我無法確切地看出問題是什麼以及為什麼它不啟動,但是當我使用 ExecStart 行中所示的命令時:(從配置文件中填充套接字)它似乎在 ps 中運行了兩次列表。

root@myserverhostname:/etc/opendkim# /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root@myserverhostname:/etc/opendkim# ps aux | grep opendkim
opendkim 11020  0.0  0.0 114932  3592 ?        Ss   09:31   0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
opendkim 11021  0.0  0.1 354864  9348 ?        Sl   09:31   0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
root     11285  0.0  0.0  12944   864 pts/1    S+   09:43   0:00 grep --color=auto opendkim

Netstat 顯示正確,並使用我的 Gmail 位址作為測試對外發電子郵件進行了簽署和驗證。

root@myserverhostname:/var/run/opendkim# netstat -nlp | grep 8891
tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN      11521/opendkim
root@myserverhostname:/var/run/opendkim#


Dec 17 10:04:34 myserverhostname opendkim[11521]: 0BHI4W1k011594: DKIM-Signature field added (s=default, d=myserverhostname.ca)
Dec 17 10:04:34 myserverhostname sm-mta[11594]: 0BHI4W1k011594: Milter insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/simple; d=domain.ca;\n\ts=default; t=1608228274;\n\tbh=P8ERRrcY00MFB0/1JAF/I0afn2dfZMmgtMEeTAJNwbQ=;\n\th=From:To:Subject:Date;\n\tb=pe2VvSZZVJDrU5YWvvgV6VuzgkQd7tiypxHHhsUgBUampWu3sw1ezdSHi3wicwGps\n\t TyTxjl4hO1gxw3qXYGvTTqI0S6raI5P0UobSv+OstxgN6l00z5r4PtVfJUPsQUI6mO\n\t vpevQNA/sEPVDPYMV7BnsrGlsxZjPWB+knA/VEGA=



from:   ME <[email protected]>
to: Dennis Lloyd <[email protected]>
date:   Dec 17, 2020, 9:33 AM
subject:    TEST dkim
mailed-by:  myserverhostname.ca
signed-by:  myserverhostname.ca
security:    Standard encryption (TLS) Learn more

我很困惑,我已經嘗試了可以從互聯網上提出的許多不同問題中找到的建議(所以我希望我沒有在某處留下一些滯後的錯誤配置)添加了防火牆條目,我嘗試過 127.0 . 0.1 和localhost 也用於套接字。

我傾向於權限問題,但使用者 opendkim 也擁有其應有的所有權限。任何建議將不勝感激!

相關內容