rspamd greylist dkim keys not loaded

Discussion in 'Installation/Configuration' started by Lionheart82, Sep 16, 2019.

Tags:
  1. Lionheart82

    Lionheart82 Member

    Hello,
    As i also wrote in the comments
    https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig


    On web GUI i noticed that on history - greylist i get some errors that contain the following message format.

    cannot load dkim key /var/lib/rspamd/dkim/mydomain.com.dkim.key: cannot stat private key

    /var/lib/rspamd/dkim/mydomain.com.dkim.key: No such file or directory

    Where mydomain.com of course there are multiple such errors with Internal domains hosted in the server.

    There is no dkim folder in /var/lib/rspamd/ ... perhaps if we create an allias for these files..
    What do you think?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which operating system do you use?

    Try to create the missing folder and then run Tools > Resync on the email domains and check if the missing files get created.
     
  3. Lionheart82

    Lionheart82 Member

    Hi,
    I am on latest Centos 7.
    I tried creating the folder /var/lib/rspamd/dkim and running tools -> resync -> email domains with no success unfortunately.

    As i seethe keys are in the folder:
    /var/lib/amavis/dkim/domainname.private
    which i guess is from the old setup of course.
     

    Attached Files:

    Last edited: Sep 16, 2019
  4. Lionheart82

    Lionheart82 Member

    What i just checked is an update for DKIM signature for an old domain.
    I can verify that the dkim has been updated on Folder: /var/lib/amavis/dkim ( i noticed on your comments you verify this is correct) so ... shouldn't rspamd have a config to inform it that the dkim keys are in this folder?
    EG:
    path = "/var/lib/amavis/dkim/$domain.$selector.private";
    I am not sure if this would work and i am wondering if this is an rhel issue or you also have it in deb - unbudu...
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    This is a rhel issue, the ubuntu and debian systems are not affected by this.

    The dkim config contains a map file with the paths:

    /etc/rspamd/local.d/dkim_signing.conf

    contains

    path_map = "/etc/rspamd/local.d/dkim_domains.map";

    and the file

    /etc/rspamd/local.d/dkim_domains.map

    contains the paths to the keys.

    Code:
    root@server1:/etc/rspamd# ls /var/lib/rspamd/dkim/
    ls: cannot access '/var/lib/rspamd/dkim/': No such file or directory
    root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_selectors.map
    test.tld default
    root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_domains.map
    test.tld /var/lib/amavis/dkim/test.tld.private
    root@server1:/etc/rspamd# cat /etc/rspamd/local.d/dkim_domains.map
    test.tld /var/lib/amavis/dkim/test.tld.private
    root@server1:/etc/rspamd# ls -la /var/lib/amavis/dkim/
    total 16
    drwxr-x--- 2 amavis amavis 4096 Sep 14 04:08 .
    drwxr-x--- 7 amavis amavis 4096 Sep 13 12:02 ..
    -rw-r--r-- 1 root   root    902 Sep 14 04:08 test.tld.private
    -rw-r--r-- 1 root   root    272 Sep 14 04:08 test.tld.public
     
  6. Lionheart82

    Lionheart82 Member

    I think your info was really helpful.
    I checked and found that the file: /etc/rspamd/local.d/dkim_domains.map is properly created with all private keys.
    So a created the file /etc/rspamd/local.d/dkim_signing.conf
    with content:

    # map of domains -> paths to keys (since rspamd 1.5.3)
    path_map = "/etc/rspamd/local.d/dkim_domains.map"; #already exists
    After systemctl restart rspamd i checked again the gui -> history-> greylist and there is no record in there :). Edit ok i think i pressed reset by mistake but i tested and checked emails dont get blacklisted ;)

    I think it should be it ...
     
    Last edited: Sep 17, 2019
    till likes this.
  7. Lionheart82

    Lionheart82 Member

    Hello again, i noticed again today that i get such logs:
    cannot load dkim key /var/lib/amavis/dkim/localdomain.private: cannot stat key file: '/var/lib/amavis/dkim/localdomain.private' Permission denied

    Now what i did was to run: chown -R _rspamd:_rspamd /var/lib/amavis/dkim/ as per topic: https://github.com/rspamd/rspamd/issues/1822
    But i still get the error.. of course the .privatefiles are there and valid.

    Could you writethe contents of the file: /etc/rspamd/local.d/dkim_signing.conf please?
    No other ideas form me :S
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Code:
    try_fallback = false;
    path_map = "/etc/rspamd/local.d/dkim_domains.map";
    selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Check if the _rspamd is a memebr of the amavis group (the group that runs amavisd, name might differ on centos), if not, add it
     
  10. Lionheart82

    Lionheart82 Member

    I have update your config with no results.
    I check the members and it was only in "_rspamd"
    So i run
    usermod -a -G amavis _rspamd
    and it is now in
    _rspamd : _rspamd amavis

    Edit: For more than a day in two servers i have no greylist messages so far so it must be the group as a fix :)
    Thank you for your time!
     
    Last edited: Sep 19, 2019
  11. hhsys

    hhsys New Member

    Big thanks for that! The /etc/rspamd/local.d/dkim_signing.conf haven't been created when I switched from amavis to rspamd
     

Share This Page