rspamd greylist dkim keys not loaded

Discussion in 'Installation/Configuration' started by Lionheart82, Sep 16, 2019.

Tags:
  1. Lionheart82

    Lionheart82 Member

    Hello,
    As i also wrote in the comments
    https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig


    On web GUI i noticed that on history - greylist i get some errors that contain the following message format.

    cannot load dkim key /var/lib/rspamd/dkim/mydomain.com.dkim.key: cannot stat private key

    /var/lib/rspamd/dkim/mydomain.com.dkim.key: No such file or directory

    Where mydomain.com of course there are multiple such errors with Internal domains hosted in the server.

    There is no dkim folder in /var/lib/rspamd/ ... perhaps if we create an allias for these files..
    What do you think?
     
    Lionheart82, Sep 16, 2019
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which operating system do you use?

    Try to create the missing folder and then run Tools > Resync on the email domains and check if the missing files get created.
     
    till, Sep 16, 2019
    #2
  3. Lionheart82

    Lionheart82 Member

    Hi,
    I am on latest Centos 7.
    I tried creating the folder /var/lib/rspamd/dkim and running tools -> resync -> email domains with no success unfortunately.

    As i seethe keys are in the folder:
    /var/lib/amavis/dkim/domainname.private
    which i guess is from the old setup of course.
     

    Attached Files:

    Last edited: Sep 16, 2019
    Lionheart82, Sep 16, 2019
    #3
  4. Lionheart82

    Lionheart82 Member

    What i just checked is an update for DKIM signature for an old domain.
    I can verify that the dkim has been updated on Folder: /var/lib/amavis/dkim ( i noticed on your comments you verify this is correct) so ... shouldn't rspamd have a config to inform it that the dkim keys are in this folder?
    EG:
    path = "/var/lib/amavis/dkim/$domain.$selector.private";
    I am not sure if this would work and i am wondering if this is an rhel issue or you also have it in deb - unbudu...
     
    Lionheart82, Sep 17, 2019
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    This is a rhel issue, the ubuntu and debian systems are not affected by this.

    The dkim config contains a map file with the paths:

    /etc/rspamd/local.d/dkim_signing.conf

    contains

    path_map = "/etc/rspamd/local.d/dkim_domains.map";

    and the file

    /etc/rspamd/local.d/dkim_domains.map

    contains the paths to the keys.

    Code:
    root@server1:/etc/rspamd# ls /var/lib/rspamd/dkim/
ls: cannot access '/var/lib/rspamd/dkim/': No such file or directory
root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_selectors.map
test.tld default
root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_domains.map
test.tld /var/lib/amavis/dkim/test.tld.private
root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_domains.map
test.tld /var/lib/amavis/dkim/test.tld.private
root@server1:/etc/rspamd# ls -la /var/lib/amavis/dkim/
total 16
drwxr-x--- 2 amavis amavis 4096 Sep 14 04:08 .
drwxr-x--- 7 amavis amavis 4096 Sep 13 12:02 ..
-rw-r--r-- 1 root   root    902 Sep 14 04:08 test.tld.private
-rw-r--r-- 1 root   root    272 Sep 14 04:08 test.tld.public
     
    till, Sep 17, 2019
    #5
  6. Lionheart82

    Lionheart82 Member

    I think your info was really helpful.
    I checked and found that the file: /etc/rspamd/local.d/dkim_domains.map is properly created with all private keys.
    So a created the file /etc/rspamd/local.d/dkim_signing.conf
    with content:

    # map of domains -> paths to keys (since rspamd 1.5.3)
    path_map = "/etc/rspamd/local.d/dkim_domains.map"; #already exists
    After systemctl restart rspamd i checked again the gui -> history-> greylist and there is no record in there :). Edit ok i think i pressed reset by mistake but i tested and checked emails dont get blacklisted ;)

    I think it should be it ...
     
    Last edited: Sep 17, 2019
    Lionheart82, Sep 17, 2019
    #6
    till likes this.
  7. Lionheart82

    Lionheart82 Member

    Hello again, i noticed again today that i get such logs:
    cannot load dkim key /var/lib/amavis/dkim/localdomain.private: cannot stat key file: '/var/lib/amavis/dkim/localdomain.private' Permission denied

    Now what i did was to run: chown -R _rspamd:_rspamd /var/lib/amavis/dkim/ as per topic: https://github.com/rspamd/rspamd/issues/1822
    But i still get the error.. of course the .privatefiles are there and valid.

    Could you writethe contents of the file: /etc/rspamd/local.d/dkim_signing.conf please?
    No other ideas form me :S
     
    Lionheart82, Sep 18, 2019
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Code:
    try_fallback = false;
path_map = "/etc/rspamd/local.d/dkim_domains.map";
selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
     
    till, Sep 18, 2019
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Check if the _rspamd is a memebr of the amavis group (the group that runs amavisd, name might differ on centos), if not, add it
     
    till, Sep 18, 2019
    #9
  10. Lionheart82

    Lionheart82 Member

    I have update your config with no results.
    I check the members and it was only in "_rspamd"
    So i run
    usermod -a -G amavis _rspamd
    and it is now in
    _rspamd : _rspamd amavis

    Edit: For more than a day in two servers i have no greylist messages so far so it must be the group as a fix :)
    Thank you for your time!
     
    Last edited: Sep 19, 2019
    Lionheart82, Sep 18, 2019
    #10
  11. hhsys

    hhsys New Member

    Big thanks for that! The /etc/rspamd/local.d/dkim_signing.conf haven't been created when I switched from amavis to rspamd
     
    hhsys, Oct 25, 2019
    #11

Share This Page