I successfully followed the tutorial to set up postfix (among other things!) at http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 Then I tried to setup domainkeys following the tutorial at http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1 The first extremely minor problem I had is that the tutorial is missing an s in the "install private key" section. Should be "/etc/mail/domainkeys/dk_<domainname>.pem" in 2 places I think. The next problem I seem to have had is that the owner permissions on the .pem file seem to need to be changed from root:root. I tried running 'service dk-milter start' and got a permission error. So I changed the permissions to dk-milt:mail and I also tried dk-milt:dk-milt. Changing the permissions allowed the dk-milter service to start successfully at which point an empty file at /var/run/dk-milter/dk.sock is created with permissions dk-milt:mail. However, the /var/log/maillog shows the following when it tries to send an email. Code: Feb 14 03:23:34 postfix/smtpd[5757]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory Feb 14 03:23:34 postfix/smtpd[5757]: NOQUEUE: milter-reject: CONNECT from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 14 03:23:34 postfix/smtpd[5757]: NOQUEUE: milter-reject: EHLO from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 14 03:23:34 postfix/smtpd[5757]: NOQUEUE: milter-reject: MAIL from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<localhost> This results in the email not getting sent out. Anybody have any ideas?
I have fixed the typo on the key path, as well as the ownership of of the key. Please post the output of Code: ls -l /var/run/dk-milter/dk.sock Did you try restarting postfix after you made the permission changes because it should work if the socket is writeable by group mail which should be what postfix is running under.
Code: # ls -l /var/run/dk-milter/dk.sock srwxrwx--- 1 dk-milt mail 0 Feb 14 02:06 /var/run/dk-milter/dk.sock I restarted both the dk-milter and postfix services. My /etc/group file seems to indicate that postfix is part of the mail group. Should the tutorial also mention starting the dk-milter service?
Are you by any chance running with selinux enabled as that may prevent postfix from connecting to the socket, i have retested the same setup and it its working. I will add the start dk-milter part to the howto.
The rpm installs Code: /var/run/dk-milter drwxrwx--- 2 dk-milt mail 4096 Feb 11 14:32 dk-milter May be you have a umask that has stripped the permissions on the directory to remove the group permissions just check that for now, i cannot see anything else.
Code: ls -la /var/run/dk-milter/ total 12 drwxrwx--- 2 dk-milt mail 4096 Feb 14 03:22 . drwxr-xr-x 27 root root 4096 Feb 14 02:51 .. srwxrwx--- 1 dk-milt mail 0 Feb 14 03:22 dk.sock
Thats very strange, i cannot put my finger on what your problem could be, unless the milter died and just left the socket there is the can you see that the milter process is still running ?
I believe the milter process is running. Code: # ps -AF | grep dk-filter dk-milt 3887 1 0 3864 860 1 12:09 ? 00:00:00 /usr/sbin/dk-filter -u dk-milt -p local:/var/run/dk-milter/dk.sock -d ****.com -s /etc/mail/domainkeys/dk_****.com.pem -S default -b sv -c simple -C bad=r,dns=t,int=t,no=a,miss=r -h -l -D -P /var/run/dk-filter0.pid Also, these commands didn't work, although I'm not sure that they should: Code: # ls -la /var/run/dk-milter/dk.sock srwxrwx--- 1 dk-milt mail 0 Feb 14 12:09 /var/run/dk-milter/dk.sock # sudo -u dk-milt more /var/run/dk-milter/dk.sock /var/run/dk-milter/dk.sock: No such device or address # sudo -u postfix more /var/run/dk-milter/dk.sock /var/run/dk-milter/dk.sock: No such device or address This is from my /etc/group file: Code: mail:x:12:mail,postfix For Selinux, I disabled it in system-config-securitylevel and rebooted the box.
Okay since the unix sockets are not working for you try TCP sockets instead Code: #/etc/sysconfig/dk-milter PORT="inet:10034@localhost" Code: #/etc/postfix/main.cf smtpd_milters = inet:10034@localhost non_smtpd_milters = inet:10034@localhost
When I start the dk-milter service to use TCP, I get the following message which I believe to be harmless: Code: chgrp: cannot access `inet:10034@localhost': No such file or directory chmod: cannot access `inet:10034@localhost': No such file or directory However, when I try to send an email with 'postfix flush', I get the following in /var/log/maillog: Code: Feb 14 13:40:09 postfix/smtpd[9214]: connect from unknown[127.0.0.1] Feb 14 19:40:09 postfix/smtpd[9214]: fatal: 10034@localhost: garbage after numerical service Feb 14 13:40:10 postfix/master[9202]: warning: process /usr/libexec/postfix/smtpd pid 9214 exit status 1 Feb 14 13:40:10 postfix/master[9202]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling So in /etc/postfix/main.cf, I changed "inet:10034@localhost" to "inet:127.0.01:10034" but then I get the following errors in /var/maillog: Code: Feb 14 13:46:42 postfix/smtpd[9483]: connect from unknown[127.0.0.1] Feb 14 19:46:42 postfix/smtpd[9483]: 2673915880ED: client=unknown[127.0.0.1] Feb 14 13:46:42 postfix/cleanup[9490]: 2673915880ED: message-id=<200802141805.m1EI5Xt3003755@*.com> Feb 14 13:46:42 dk-filter[8834]: 2673915880ED: dk_eom(): resource unavailable: d2i_PUBKEY_bio() failed Feb 14 13:46:42 dk-filter[8834]: 2673915880ED SSL error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data Feb 14 13:46:42 postfix/cleanup[9490]: 2673915880ED: milter-reject: END-OF-MESSAGE from unknown[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<root@*.com> to=<*@gmail.com> proto=ESMTP helo=<localhost> Does the default.public file need to moved somewhere with a particular name?
Ignore the first error, or comment out the chmod commands out of the init file. The public key needs to be stored in dns, it is the private key that that needs to be moved to /etc/mail/domainkeys/dk_$domain_name.pem. I am guessing that you have switched something around given the SSL errors am seeing. For the sake of simplicity just call the private key /etc/mail/domainkeys/dk_key.pem and edit your /etc/sysconfig/dk-milter to reflect that, then make sure that you have the public key in dns and verify using the policycheck tool.
For future newbs, I was getting the public key error because I had it set incorrectly in the dns txt record because of the multiple times I generated the keys.
The autoresponse from dk.elandsys.com says in the topmost Recieved header "(may be forged)". Is this something to worry about? Can I make it so that doesn't appear? Code: Received: from mymachine.mydomain.com (mydomain.com [75.126.130.115] (may be forged)) by ns1.qubic.net (8.14.2/8.14.2) with ESMTP id m1NK1jt9015657 for <[email protected]>; Sat, 23 Feb 2008 12:01:51 -0800 (PST)
That is usually if your ip address's reverse mapping does not match with the name the server is sending in the helo.
Here is the maillog when I'm using the TCP settings: Feb 27 13:47:54 mexus imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[57254], protocol=IMAP Feb 27 13:47:54 mexus sendmail[9533]: m1RBls9H009533: Authentication-Warning: mexus.org: apache set sender to [email protected] using -f Feb 27 13:47:54 mexus sendmail[9533]: m1RBls9H009533: [email protected], size=323, class=0, nrcpts=1, msgid=<83445c409ce55434c4383925f49f3278@localhost>, relay=apache@localhost Feb 27 13:47:54 mexus postfix/smtpd[9534]: connect from localhost.localdomain[127.0.0.1] Feb 27 13:47:54 mexus postfix/smtpd[9534]: fatal: 10034:localhost: valid hostname or network address required Feb 27 13:47:55 mexus sendmail[9533]: m1RBls9H009533: [email protected], delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30323, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1] Feb 27 13:47:55 mexus postfix/master[9425]: warning: process /usr/libexec/postfix/smtpd pid 9534 exit status 1 Feb 27 13:47:55 mexus postfix/master[9425]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling