DKIM not working / not signing

After enabling DKIM in Virtualmin/Email Settings/DomainKeys Identified Mail emails are still not signed.

dkim service is running and on right port. Postfix config is also right.

I tried every fix what I found here on forums and on stackoverflow but nothing works. This is serious bug I think.

Status: 
Needs work

Comments

Howdy -- I wasn't able to reproduce a problem on my test server with DKIM, and other than yours we haven't been receiving reports of problems with it.

While it is possible there could be a bug, there's other explanations too. Our suggestion would be to troubleshoot the issue by creating a new thread in the Forums, and if it's determined that there's a bug, we can look deeper into it at that point.

I tested today with new clean install of Debian 9. It 100% not signing emails.

I found it! There is problem with autoconfig. Postfix is configured to port 8891, but dkim is listening on socket! I changed dkim to listen on 8891@localhost and emails are signed now

I encountered this problem too on fresh Ubuntu 18.04. Editing /etc/opendkim.conf to listen to 8891@localhost solved the problem.

Ilia's picture
Submitted by Ilia on Tue, 01/14/2020 - 03:54

Assigned: Unassigned »

I will assign this to Joe for re-view, as possibly there is something that install.sh script could do something about it.

I have just installed a fresh Ubuntu 18.04 then installed Virtualmin. The problem happened again. However, I have more information.

The install.sh script has nothing to do with it. Because opendkim is not installed by the install.sh script. It's installed when you go to "Email Settings > DomainKeys Identified Mail" then press "Install" then "enable" it.

The command apt-get -y -f install opendkim will be executed. Then this message will be shown:

Configuring mail server to use DKIM filter

The /etc/opendkim.conf will be created with those lines:

#Socket                  inet:8892@localhost
Socket                  local:/var/run/opendkim/opendkim.sock


Also those lines will be added to /etc/postfix/main.cf:

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891


So, to correct the problem you have to edit /etc/opendkim.conf like this:

Socket                  inet:8891@localhost
#Socket                  local:/var/run/opendkim/opendkim.sock


Then restart opendkim.

Ilia's picture
Submitted by Ilia on Wed, 01/15/2020 - 07:39

Thanks for sharing details! I think it will be useful for future readers but in fact, it looks like OpenDKIM package (on Ubuntu) problem itself.

Ilia's picture
Submitted by Ilia on Wed, 01/15/2020 - 16:57

Assigned: »

I have taken a closer look on clean Ubuntu 18.04 install and it appears that OpenDKIM's config, by default listens for milter connections on:

Socket          local:/var/run/opendkim/opendkim.sock

..while nothing added automatically to Postfix.

When you run Email Settings/DKIM and enable it, it's getting configured the way you described.

It appears as a bug (overwatch), as at certain point Ubuntu 18 seems to be switched to using listening on socket rather than on interface.

Thanks for reporting, I will pass it to Jamie for review and a fix. Jamie, have a look at the attached screenshot.

This one should be fixed in the next Virtualmin release, although it may require disabling and re-enabling DKIM in Virtualmin.

Hi,

Hopefully this will be fixed in the next vmin version, but just wanted to do a "+1", I encounter this error in Debian 10 as well, the fix is trivial as Baterka described above.

Ilia's picture
Submitted by Ilia on Wed, 04/22/2020 - 08:13

Okay, do you have the following file on your server?

/etc/opendkim.conf


If so what its content?

Here is the patch.

Thanks Ilia,

I'm good with the signing once I've set opendkim to listen to tcp as opposed to socket. Just wanted to enforce the fact this is indeed a bug affecting multiple platforms, that's it.

Sorry for the noise :)

Ilia's picture
Submitted by Ilia on Wed, 04/22/2020 - 08:21

Just wanted to enforce the fact this is indeed a bug affecting multiple platforms, that's it.

Yeah, and I fixed that in the patch above. So do you have /etc/opendkim.conf file on your Debian 10 install? :)

Yes, I do and it's working, thanks for the patch! :)