OpenDKIM prevents from sending mail

  • Hello everybody,


    yesterday I updated my systems to i-MSCP 1.2.9. After that I reinstalled all Plugins and noticed that I have not been able to send any mails anymore after having activated for the domain. The effect shows on normal mail client as well as the webmail panel. The entries for DNS are correctly added to bind-files and the milter was added to postfix main.cnf.


    The syslog states as following:


    Code
    1. Jul 3 19:40:17 SERVERNAME postfix/smtpd[546]: connect from SENDER_FQDN[SENDER_IP]
    2. Jul 3 19:40:18 SERVERNAME postfix/smtpd[546]: Anonymous TLS connection established from SENDER_FQDN[SENDER_IP]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
    3. Jul 3 19:40:18 SERVERNAME postfix/smtpd[546]: 71AF180B50: client=SENDER_FQDN[SENDER_IP], sasl_method=LOGIN, sasl_username=SENDER_EMAIL
    4. Jul 3 19:40:18 SERVERNAME postfix/cleanup[551]: 71AF180B50: message-id=<>
    5. Jul 3 19:40:18 SERVERNAME postfix/cleanup[551]: 71AF180B50: milter-reject: END-OF-MESSAGE from SENDER_FQDN[SENDER_IP]: 4.7.1 Service unavailable - try again later; from=<SENDER_EMAIL> to=<TARGET_EMAIL> proto=ESMTP helo=<IconiaW700.HOERNCHEN.local>

    Please note that I replaced the following entries: SENDER_FQDN, SENDER_IP, TARGET_EMAIL, SENDER_EMAIL


    I use the default plugin-config-file.


    There are also other plugins installed:
    CronJobs Version 1.2.2, DomainAutoApproval Version 1.1.0, InstantSSH Version 3.3.1, Monitorix Version 1.2.1, PanelRedirect Version 1.1.0, PhpSwitcher Version 1.0.1, Postscreen Version 1.0.0, RecaptchaPMA Version 1.1.0, RoundcubePlugins Version 1.2.1, ServerDefaultPage Version 1.1.1


    If you need further information or already have any clue about the reason please let me know. Thanks in advance.


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

  • OpenDKIM ? I would bet on Postscreen...


    Please, show us your main.cnf file

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hello,


    thats the content of my main.cf:


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

  • Is there any difference if you clear these Settings?

    If I remove these two lines the mail is sent correctly but there is no signature.


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

  • Then it's definitely OpenDKIM. Let's take a look at the following files:

    • /etc/opendkim.conf
    • /etc/opendkim/SigningTable (should contain entries looking like this: mail._domainkey.DOMAIN.TLD DOMAIN.TLD:mail:/etc/opendkim/keys/DOMAIN.TLD/mail.private)
    • /etc/opendkim/KeyTable (should contain entries looking like this: mail._domainkey.DOMAIN.tld DOMAIN.TLD:mail:/etc/opendkim/keys/DOMAIN.TLD/mail.private)
    • /etc/opendkim/keys should contain the files mentioned in SigningTable and KeyTable

    edit: And also check if opendkim is started.

  • Here is what is listed in the files:


    /etc/opendkim.conf

    Code
    1. # Begin Plugin::OpenDKIMCanonicalization simpleKeyTable refile:/etc/opendkim/KeyTableSigningTable refile:/etc/opendkim/SigningTableExternalIgnoreList /etc/opendkim/TrustedHostsInternalHosts /etc/opendkim/TrustedHosts# Ending Plugin::OpenDKIM


    /etc/opendkim/SigningTable

    Code
    1. *@unclej.de mail._domainkey.unclej.de

    /etc/opendkim/KeyTable

    Code
    1. mail._domainkey.unclej.de unclej.de:mail:/etc/opendkim/keys/unclej.de/mail.private

    /etc/opendkim/keys

    Code
    1. root:/etc/opendkim/keys/unclej.de# ls -l
    2. total 8
    3. -rw-r----- 1 opendkim opendkim 891 Jul 4 15:13 mail.private
    4. -rw-r----- 1 opendkim opendkim 316 Jul 4 15:13 mail.txt


    So for me this looks normal. During looking through the files I remembered something which might be the reason. I have added a secondary mx-entry for my domains named "mx30" so there are two mx-entries - the original "mail" and my "mx30". Could that be the reason?


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

  • So for me this looks normal. During looking through the files I remembered something which might be the reason. I have added a secondary mx-entry for my domains named "mx30" so there are two mx-entries - the original "mail" and my "mx30". Could that be the reason?

    For opendkim, "mail" is a selector that has nothing to with the MX host. As you can have different keys for DKIM it just selects which to use. As I see, opendkim seems to be configured correctly.


    Try this: netstat -tulpen | grep opendkim

  • Hi,


    this is what I got:

    Code
    1. root:~# netstat -tulpen | grep opendkim
    2. tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 115 1591576253 1021/opendkim


    Regards Jörg

    (Ubuntu 16.04, i-MSCP 1.5.1, php-Fpm, Plugins: ClamAV, CronJobs, InstantSSH, LetsEncrypt, Mailgraph, Monitorix, OpenDKIM, PhpSwitcher, PolicydSPF, Postscreen, RecaptchaPMA, RoundcubePlugins, ServerDefaultPage, SpamAssassin, YubiKeyAuth)

  • Hi all
    same problem with different data...



    netstat -tulpen | grep opendkim
    tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 111 31492 10911/opendkim


    but when I switch on DKIM signature no way to send mail.


    Error SMTP: [451] 4.7.1 Service unavailable - try again later
    thx for any info