I have followed: http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 and http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1 When i try to start dk-milter: [root@mexus domainkeys]# service dk-milter start Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed I tried: chown dk-milt:mail *.pem postfix and dk..... restart but still there is no dk.sock. How can i fix this? I read http://www.howtoforge.com/forums/showthread.php?t=20410 and http://domainkeys.sourceforge.net/policycheck.html says: Testing mexus.org Policy TXT=t=y; o=~ This policy record appears valid. o ~ Domain signs some email t y Domain is in test mode the keys are identical (double checked that). Please help me!
Seems like the socket can not be created do you have selinux in enforcing mode ? What is the output of Code: ls /var/run/ -l
Are you sure that there is no socket in /var/run/dk-milter ? If so then post your config here its see may be there is a typo in the location of your socket
sorry, yesterday it was missing... not its there: srwxrwx--- 1 dk-milt mail 0 Feb 26 00:14 dk.sock Here is the config: USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" SIGNING_DOMAIN="mexus.org" SELECTOR_NAME="mexus.org" KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem" (its the same with the delault value; i'm sure that there is no typo in the generated files i have double checked....) SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail"
>/etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: Authentication-Warning: mexus.org: apache set sender to [email protected] using -f Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: [email protected], size=353, class=0, nrcpts=1, msgid=<e39ed2c3c6762b41ad1bd57095b5c7a3@localhost>, relay=apache@localhost Feb 26 16:57:41 mexus postfix/smtpd[19419]: connect from localhost.localdomain[127.0.0.1] Feb 26 16:57:41 mexus postfix/smtpd[19419]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Connection refused Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org> Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30353, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later Feb 26 16:57:41 mexus postfix/smtpd[19419]: disconnect from localhost.localdomain[127.0.0.1] Feb 26 16:57:41 mexus imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=450, sent=423, time=0 Feb 26 16:57:41 mexus imapd: Connection, ip=[::ffff:127.0.0.1] Feb 26 16:57:41 mexus imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[56657], protocol=IMAP Feb 26 16:57:41 mexus imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=2146, body=0, rcvd=478, sent=6190, time=0 Feb 26 16:57:42 mexus imapd: Connection, ip=[::ffff:127.0.0.1] Feb 26 16:57:42 mexus imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[56658], protocol=IMAP Feb 26 16:57:42 mexus imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=301, sent=1799, time=0
Try running it on a tcp port instead of a unix socket, the other thread has details on doing that. If it fails then you did something wrong with the way you setup the keys.
I tried that too. I did that: /usr/share/doc/dk-milter-0.6.0/gentxt.sh mexus.org mexus.org i send to the dns admin of the domain to add this to the zone: default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJQfGTmsFzILU6ep6aSFg+WrTkaOLmoRillFNbOpNOr5Gst5H8wG9Oh2SpUytaruP/7j/eWQ8Wyz6zX2gAtzwF0CAwEAAQ==" ; ----- DomainKey default for example.com (example) _domainkey IN TXT "t=y; o=~" mv default.private /etc/mail/domainkeys/dk_mexus.org.pem chown dk-milt:dk-milt /etc/mail/domainkeys/dk_mexus.org.pem chmod 600 /etc/mail/domainkeys/dk_mexus.org.pem that's all. Have double checked the keys are fine. Where could be the problem? > service dk-milter restart Shutting down all DomainKeys milter (dk-filter): [FAILED] Cleanup for DomainKeys milter (dk-filter #0): Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed
smfi_opensocket() is only when you are using a unix socket and the socket file exists i.e was not removed by the previous process. If your PORT is pointing to a TCP socket you cannot get that error.
Okay now i see, you have misconfigured your system. Your selector is pointing to this Code: SELECTOR_NAME="mexus.org" And yet in dns your SELECTOR_NAME is set to default. Code: default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJQfGTmsFzILU6ep 6aSFg+WrTkaOLmoRillFNbOpNOr5Gst5H8wG9Oh2SpUytaruP/7j/eWQ8Wyz6zX2gAtzwF0CAwEAAQ=="
I pasted the default value from the how-to for security reasons, i had tried with the tcp setup and it didn't worked out too.
you can not have a dot "." in the selector name it confuses the DNS. You need to edit your config file and set this Code: SELECTOR_NAME="default" As the only selector you have in dns is "default" Code: dig txt default._domainkey.mexus.org default._domainkey.mexus.org. 83338 IN TXT "g=\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK0FXLEeV8mMy9ANi6eCLcJcYmuIpsTk8YzFB6e5eNZj9Qgyjx0pUEIfgksenhFk97urT8OWpOn9JKMeVGndf9ECAwEAAQ=="
Still doesn't work... here is the maillog Feb 27 12:50:46 mexus imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[55712], protocol=IMAP Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: Authentication-Warning: mexus.org: apache set sender to [email protected] using -f Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: [email protected], size=325, class=0, nrcpts=1, msgid=<7360dceb401e2eced1eaa51c68777c7b@localhost>, relay=apache@localhost Feb 27 12:50:46 mexus postfix/smtpd[6828]: connect from localhost.localdomain[127.0.0.1] Feb 27 12:50:46 mexus postfix/smtpd[6828]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org> Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30325, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later ls -la /var/run/dk-milter total 12 drwxrwx--- 2 dk-milt mail 4096 Feb 27 00:42 . drwxr-xr-x 29 root root 4096 Feb 27 12:43 .. If i try with the TCP setting: [root@mexus ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mexus ~]# service dk-milter restart Shutting down all DomainKeys milter (dk-filter): [FAILED] Cleanup for DomainKeys milter (dk-filter #0): chgrp: cannot access `inet:10034@localhost': No such file or directory chmod: cannot access `inet:10034@localhost': No such file or directory [root@mexus ~]#
Thats because you are not following the instructions, you have switched to use TCP sockets with the milter but your postfix is still pointing to a UNIX socket. Just revert back to using UNIX sockets in your milter configuration as the problem was not the milter the problem was having the wrong selector in your configuration file.
/etc/sysconfig/dk-milter Code: USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" SIGNING_DOMAIN="mexus.org" SELECTOR_NAME="default" KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail" /etc/postfix/main.cf Code: smtpd_milters = unix:/var/run/dk-milter/dk.sock non_smtpd_milters = unix:/var/run/dk-milter/dk.sock [root@mexus ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mexus ~]# service dk-milter restart Shutting down all DomainKeys milter (dk-filter): [ OK ] Cleanup for DomainKeys milter (dk-filter #0): Starting DomainKeys milter (dk-filter #0): [ OK ] [root@mexus ~]# maillog Code: Feb 27 15:06:17 mexus postfix/smtpd[14004]: connect from unknown[127.0.0.1] [B]Feb 27 13:06:17 mexus postfix/smtpd[14004]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory[/B] Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: CONNECT from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: EHLO from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: MAIL from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<localhost> Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Negative SMTP resp to DATA: 503 5.5.1 Error: need MAIL command Feb 27 13:06:17 mexus postfix/smtpd[14004]: disconnect from unknown[127.0.0.1] Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Negative SMTP resp. to QUIT: 503 5.5.1 Error: need RCPT command Feb 27 15:06:17 mexus amavis[6982]: (06982-06) (!)FWD via SMTP: <[email protected]> -> <[email protected]>,BODY=8BITMIME 451 4.6.0 Failed, id=06982-06, from MTA([127.0.0.1]:10025): 451 4.7.1 Service unavailable - try again later Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Blocked MTA-BLOCKED, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <8d186d29166f46712fabbfb5f003b97a@localhost>, mail_id: VtuGx-P-QxDO, Hits: -0.78, size: 988, 5886 ms Feb 27 15:06:17 mexus postfix/smtp[13991]: CE9FF4438249: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.18/0.02/0.01/5.9, dsn=4.7.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.7.1 Service unavailable - try again later (in reply to end of DATA command))
I think there is a problem with your keys as well, when using the UNIX socket the error does not get generated. Please generate new keys using selector default and try again.
than i changed dk-milter: PORT="local:/var/run/dk-milter/dk.sock" to PORT="unix:/var/run/dk-milter/dk.sock" now i get Code: [B]Feb 27 15:16:25 mexus postfix/smtpd[14685]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Permission denied[/B] Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org> Feb 27 15:16:25 mexus sendmail[14753]: m1RDGPbE014753: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30333, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later
[root@mexus ~]# ls -la /var/run/dk-milter Code: total 12 drwxrwx--- 2 dk-milt mail 4096 Feb 27 15:14 . drwxr-xr-x 29 root root 4096 Feb 28 22:43 .. srwxr-xr-x 1 dk-milt dk-milt 0 Feb 27 15:14 dk.sock It still doesn't work. I have generated new files, with selector name default and domain mexus.org, the domain sells administrator added the new keys to the dns. Here is the dk-milter conf: Code: USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" SIGNING_DOMAIN="mexus.org" SELECTOR_NAME="default" KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail" Here is the lines i have added to postfix main.cf: smtpd_milters = unix:/var/run/dk-milter/dk.sock non_smtpd_milters = unix:/var/run/dk-milter/dk.sock maillog Code: Feb 28 22:42:39 mexus imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[37319], protocol=IMAP Feb 28 22:42:39 mexus sendmail[5538]: m1SKgdKp005538: Authentication-Warning: mexus.org: apache set sender to [email protected] using -f Feb 28 22:42:39 mexus sendmail[5538]: m1SKgdKp005538: [email protected], size=363, class=0, nrcpts=1, msgid=<262e6f414dd7e7f583e7d61be15454db@localhost>, relay=apache@localhost Feb 28 22:42:40 mexus postfix/smtpd[5539]: connect from localhost.localdomain[127.0.0.1] Feb 28 22:42:40 mexus postfix/smtpd[5539]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Permission denied Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org> Feb 28 22:42:40 mexus sendmail[5538]: m1SKgdKp005538: [email protected], delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30363, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later Feb 28 22:42:40 mexus postfix/smtpd[5539]: disconnect from localhost.localdomain[127.0.0.1]
