Debian stretch opendkim behaviour changed
opendkim fails to sign!
In a nutshell... if you face this:
postfix/submission/smtpd[17385]: warning: connect to Milter service inet:localhost:8891: Connection refused
and you cannot find a listener process at port 8891:
netstat -nltp | grep 8891
returns nothing,and you find this in the /var/log/mail.log:
opendkim[18055]: OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock)
(which, by the way, explains the error...)
and you have been checking /etc/opendkim.conf, and all other configuration files, and you are sure you have Socket inet:8891@localhost
or
smtpd_milters = inet:127.0.0.1:8891
in your /etc/postfix/main.cf, rest assured, you're not alone.
opendkim.conf is ignored
Instead, edit /lib/systemd/system/opendkim.service:
# ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
Save the file, reload, and restart:
systemctl daemon-reload
service opendkim restart
Now, you have a listener at port 8891... Also, you will see this in mail.log:
OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost)
Result
My SPF as well as DKIM are accepted by gmail:
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@xxxxx header.s=mail header.b=h8Rqwad8;
spf=pass (google.com: domain of frank@xxxxx designates 12.34.56.78 as permitted sender)
This took me a day, hope it will help someone.
No comments:
Post a Comment