11

I noticed that there is a error with milter if I type service postfix status :

Jul 01 17:39:01 mail postfix/cleanup[13921]: warning: connect to Milter service inet:127.0.0.1:8891: Connection refused

but what does that mean and how do I fix that? It is related to DKIM? Because I tried to set it up and it's still not working. which files do you need to help? Here is my opendkim.conf:

## CONFIGURATION OPTIONS

# Specifies the path to the process ID file.
PidFile /var/run/opendkim/opendkim.pid

# Selects operating modes. Valid modes are s (signer) and v (verifier). Default is v.
Mode    sv

# Log activity to the system log.
Syslog  yes

# Log additional entries indicating successful signing or verification of messages.
SyslogSuccess yes

# If logging is enabled, include detailed logging about why or why not a message was
# signed or verified. This causes a large increase in the amount of log data generated
# for each message, so it should be limited to debugging use only.
#LogWhy yes

# Attempt to become the specified user before starting operations.
UserID  opendkim:opendkim

# Create a socket through which your MTA can communicate.
Socket  inet:8891@127.0.0.1

# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
Umask   002

# This specifies a file in which to store DKIM transaction statistics.
#Statistics              /var/spool/opendkim/stats.dat

## SIGNING OPTIONS

# Selects the canonicalization method(s) to be used when signing messages.
Canonicalization        relaxed/simple

# Domain(s) whose mail should be signed by this filter. Mail from other domains will
# be verified rather than being signed. Uncomment and use your domain name.
# This parameter is not required if a SigningTable is in use.
# Domain                  DOMAIN.de

# Defines the name of the selector to be used when signing messages.
Selector                default

# Gives the location of a private key to be used for signing ALL messages.
#ORIG (AUSGEKLAMMERT): KeyFile                 /etc/opendkim/keys/default.private
KeyFile                 /etc/opendkim/keys/default.private

# Gives the location of a file mapping key names to signing keys. In simple terms,
# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
# setting in the configuration file.
KeyTable                 refile:/etc/opendkim/KeyTable

# Defines a table used to select one or more signatures to apply to a message based
# on the address found in the From: header field. In simple terms, this tells
# OpenDKIM how to use your keys.
SigningTable                 refile:/etc/opendkim/SigningTable

# Identifies a set of "external" hosts that may send mail through the server as one
# of the signing domains without credentials as such.
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts

# Identifies a set internal hosts whose mail should be signed rather than verified.
InternalHosts           refile:/etc/opendkim/TrustedHosts
Paul
  • 2,755
  • 6
  • 24
  • 35
Sarius
  • 141
  • 1
  • 2
  • 10

4 Answers4

7

As Esa answered, it is related to OpenDKIM.

However, through looking at the Service file (Ubuntu 16.04, using systemctl) I noticed that the service uses a file located in /etc/default/opendkim

# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
#SOCKET="inet:12345@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:12345@192.0.2.1"

Note line 6, which states that settings here will override any Socket value in opendkim.conf

I tried simply commenting out all the lines in here to revert it back to the config, but it didn't seem to work for me.

To fix this, modify the file to set the SOCKET environment variable to what you need. 

# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/run/opendkim/opendkim.sock"
# listen on all interfaces on port 54321:
#SOCKET="inet:54321"
# listen on loopback on port 12345:
SOCKET="inet:8891@localhost"
# listen on 192.0.2.1 on port 12345:
#SOCKET="inet:12345@192.0.2.1"

Finally, restart opendkim with sudo service opendkim restart

TLDR: sudo nano /etc/default/opendkim, edit the SOCKET setting, then restart opendkim.

f.w.
  • 71
  • 1
  • 4
6

OpenDKIM is a different service. See whether it's running or not. You could try

sudo service opendkim restart

and see if that results in an error.

Given that you have Socket inet:8891@127.0.0.1 and Postfix is trying to connect to port 8891, the configuration seems ok. You could use netstat -l or lsof -i to check that OpenDKIM is actually listening on port 8891.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
2

In my situation, for two distinct Ubuntu and Debian servers, the problem was a broken systemd service file for opendkim. The config files were absolutely ok but the service file was probably generated by an old version. To regenerate the service file and reslove the problem, just run this command:

sudo /lib/opendkim/opendkim.service.generate

Then reload

sudo systemctl daemon-reload
sudo service opendkim restart

See here: https://serverfault.com/a/847442/84962

Didier Corbière
  • 21
  • 3
0

The only solution that worked for me with Ubuntu 16.04....

  • Set the corecrect SOCKET value in /etc/default/opendkim.
  • Remove the SOCKET entry in /etc/opendkim.conf

Then, of course, sudo systemctl restart opendkim

BurninLeo
  • 860
  • 2
  • 11
  • 28