Hello, I just followed the howto from HowtoForge about installing the dk-milter with postfix. Here is my configuration: Code: cat /etc/sysconfig/dk-milter # Default values # USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" #PORT="inet:127.0.01:10034" SIGNING_DOMAIN="nights.ro,djsuperstore.ro" SELECTOR_NAME="default" KEYFILE="/etc/mail/domainkeys/dk_key.pem" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail" Code: cat default.txt default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDAVuWTyhxGFfNA1AKYx79467stva1WPS9T85JwMVV7cgYHaLHUagW6W4itUn/Vz2yCxF7jnRgav//T1+Bxl/kCAwEAAQ==" ; ----- DomainKey default for nights.ro and in zone: cat /var/named/chroot/var/named/data/djsuperstore.ro.db ............................................................. default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDAVuWTyhxGFfNA1AKYx79467stva1WPS9T85JwMVV7cgYHaLHUagW6W4itUn/Vz2yCxF7jnRgav//T1+Bxl/kCAwEAAQ==" _domainkey IN TXT "t=y; o=~" ............................................................. Posting only the relevant part. In main.cf i have: Code: smtpd_milters = unix:/var/run/dk-milter/dk.sock non_smtpd_milters = unix:/var/run/dk-milter/dk.sock And i maillog i receive the following error: Code: Feb 10 12:04:30 ns1 postfix/smtpd[15689]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory Feb 10 12:04:30 ns1 postfix/smtpd[15689]: NOQUEUE: milter-reject: CONNECT from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 10 12:04:30 ns1 postfix/smtpd[15689]: NOQUEUE: milter-reject: EHLO from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 10 12:04:30 ns1 postfix/smtpd[15689]: NOQUEUE: milter-reject: MAIL from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<admin.ns1.nights.ro> As you can see the file exists: Code: ls -la /var/run/dk-milter/ total 20 drwxrwx--- 2 dk-milt mail 4096 Feb 10 13:07 . drwxr-xr-x 29 root root 4096 Feb 10 13:10 .. srwxrwx--- 1 dk-milt mail 0 Feb 10 13:07 dk.sock And also txt dig for djsuperstore.ro domain is correct: Code: dig default._domainkey.djsuperstore.ro TXT ; <<>> DiG 9.3.4-P1 <<>> default._domainkey.djsuperstore.ro TXT ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53014 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;default._domainkey.djsuperstore.ro. IN TXT ;; ANSWER SECTION: default._domainkey.djsuperstore.ro. 39615 IN TXT "g=\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDAVuWTyhxGFfNA1AKYx79467stva1WPS9T85JwMVV7cgYHaLHUagW6W4itUn/Vz2yCxF7jnRgav//T1+Bxl/kCAwEAAQ==" ;; AUTHORITY SECTION: djsuperstore.ro. 38839 IN NS ns1.djsuperstore.ro. djsuperstore.ro. 38839 IN NS ns2.djsuperstore.ro. ;; ADDITIONAL SECTION: ns1.djsuperstore.ro. 40475 IN A 85.9.22.129 ns2.djsuperstore.ro. 40475 IN A 85.9.22.129 ;; Query time: 1 msec ;; SERVER: 193.226.128.1#53(193.226.128.1) ;; WHEN: Tue Feb 10 14:06:17 2009 ;; MSG SIZE rcvd: 279 dig on nights.ro domain has diff txt cause is not updated yet. (and it is a key previously created). Let's refer to djsuperstore.ro only. I am doing something wrong ? Why is this not working ?
You need to use the same key for all the domains. As for the error in the log, the milter is not running that is why postfix cannot connect to it. You need to check and see why the milter is not running.
The milter is running: Code: service dk-milter status dk-filter (pid 11515) is running... and ps aux|grep milter dk-milt 11515 0.0 0.0 15488 856 ? Ssl 13:07 0:00 /usr/sbin/dk-filter -u dk-milt -p local:/var/run/dk-milter/dk.sock -d nights.ro,djsuperstore.ro -s /etc/mail/domainkeys/dk_key.pem -S default -b sv -c simple -C bad=r,dns=t,int=t,no=a,miss=r -h -l -D -P /var/run/dk-filter0.pid As you can see the process is up and running. The problem is not here i'm afraid.
selinux is disabled. I have to mention that postfix running under user and group postfix. it is correct to leave this like that : MILTER_GROUP="mail"
thnk you very much for you support. I manage to resolve it my using inet socket. Changing MILTER_GROUP does not work Regards.
could you please explain how you managed to 'resolve it my using inet socket'? I think I'm having the same problem, but don't follow what you did to resolve it. thanks...
he means you need to run it using tcp not via a unix socket. Code: inet:localhost:2020 for postfix and Code: inet:2020@localhost for the milter
in /etc/sysconfig/dk-milter Code: PORT="inet:10035@public_ip" in /etc/postfix/main.cf Code: smtpd_milters = inet:public_ip:10035 non_smtpd_milters = inet:public_ip:10035 Is not working with localhost nor 127.0.0.1 Regards
as i said is not working with localhost or loopback. I do not jnow why but i receive some errors. i do not have the errors and I can not revert to post them here sorry
I get an error smfi_opensocket() failed if I try to bind to the public IP Running as localhost is not working either!!! I get a message in the /var/log/maillog file during sending email (from a client to relay through postfix) saying '...external host ??? attempted to send as <mydomain>.com The email still goes through but unsigned.... I've been trying to get this going for days now! Maybe somethings not quite right in my main.cf and dk-milter doesn't like it?
Finally it's working!!! Here's the fix if it might help anyone. My unique case is that the client isn't 'authenticating' to relay mail via SMTP, instead their IP address is 'white listed' by being included in main.cf. This works fine for Postfix, however dk-milter doesn't like this! I found someone who'd had a similar problem with a dkim implementation. The solution was to let dk-milter know the IP address as well. In /etc/sysconfig/dk-milter modify the line as follows: EXTRA_ARGS="-h -l -D -i /etc/postfix/internal_hosts" In the text file 'internal_hosts', you can add 127.0.0.1, the machine's IP and the remote client's IP address as a list of IPs on separate lines. Following a proper 'restart' of Postfix/dk-milter, dk-milter now sees the client as a trusted local IP and will sign the email. I hope nobody else suffers likes this!
getting permission denied problem with dkim-milter I have had dkim milter running with postfix just fine since last August or so on Fedora 9. Yesterday I upgraded dkim-milter to 2.8.1 and postfix to 2.5.6, and now I am suddenly getting permission denied errors when I try to use dkim-milter. I have the following lines in my postfix main.cf file: Code: smtpd_milters = unix:/var/run/dkim-milter/dkim-milter.sock non_smtpd_milters = unix:/var/run/dkim-milter/dkim-milter.sock My dkim-milter config (in /etc/sysconfig/dkim-milter) Code: # To sign only, use -bs # EXTRA_FLAGS=-bs USER="dkim-milter" PORT="local:/var/run/dkim-milter/dkim-milter.sock" #PORT="inet:20209@localhost" SIGNING_DOMAIN="kibotzer.com,yootles.com" SELECTOR_NAME="default" KEYFILE="/etc/mail/dkim-milter/keys/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" SIGNER=yes VERIFIER=yes CANON=simple SIGALG=rsa-sha1 REJECTION="bad=r,dns=t,int=t,no=a,miss=r" #REJECTION="bad=r,dns=t,int=t,no=a" EXTRA_ARGS="-h -l -D" #MILTER_GROUP="mail" My maillog gives me the following error: Code: Apr 14 17:54:26 kibotzer postfix/smtpd[16891]: warning: connect to Milter service unix:/var/run/dkim-milter/dkim-milter.sock: Permission denied Here are the default permissions that dkim-milter uses for the socket file: Code: srwxrwxr-x 1 dkim-milter dkim-milter 0 2009-04-14 20:00 dkim-milter.sock I have tried just about every combination of permissions and user and group for the sock file, and none seem to be working. I also tried using inet: instead of a socket, but I couldn't get that to work either. I added port 20209 to my iptables, but nmap doesn't list it as a known service. Any help would be much appreciated. Rob
You milter is not running, have you checked that it actually is ? This is because there is a syntax change which removed the miss=r option. You need to remove that option and start the milter
got dkim-milter working Topdog, Thanks for your help. I did have the milter running fine, but it would break the mailserver, so I had to keep disabling it and try out some different options. I did get it to work eventually by adding the postfix user to the dkim-milter group. I think that I might have tried that before, but maybe selinux was still causing problems. I haven't tried turning selinux back on. Rob
If you want to use UNIX socket, don't forget postfix is a chrooted server! That's why it can't find your socket if it is not inside the jail. prefix the socket path with the chroot dir in your config files.