Вопросы Теги

Тонны проблем OpenDKIM

Я хоть убей не могу заставить OpenDKIM работать правильно. Я могу отправлять и получать сообщения с помощью postfix и roundcube. Я перепробовал массу вещей, чтобы это заработало. На данный момент я не получаю никаких ошибок, но OpenDKIM не подписывает почту. Я уже перепробовал все, что смог найти на этом сайте.

Вот мой main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Raspbian) This is not an open relay.
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

policyd-spf_time_limit = 3600

milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non-smtpd_milters = unix:/var/run/opendkim/opendkim.sock

# TLS parameters
smtpd_tls_cert_file = /root/fullchain.pem
smtpd_tls_key_file = /root/privkey.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 2

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes


smtpd_relay_restrictions =
  # subject even authenticated users and trusted networks
  # to the policy check
  #check_policy_service inet:127.0.0.1:10031
  permit_mynetworks
  reject_unknown_sender_domain
  permit_sasl_authenticated
  defer_unauth_destination

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  check_policy_service unix:private/policyd-spf,
  # we exclude our networks and SASL authenticated users
  # from all further checks.
  # since I don't know if the policy service is relevant
  # for unauthenticated mail, I commented it out here
  # check_policy_service inet:127.0.0.1:10031
  warn_if_reject reject_non_fqdn_hostname
  warn_if_reject reject_non_fqdn_sender
  reject_invalid_hostname
  reject_unknown_sender_domain

smtpd_data_restrictions = reject_unauth_pipelining

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.smbecker.tk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost =
mynetworks = 10.0.0.0/8 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

inet_protocols = ipv4

Вот мой opendkim.conf: 

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

# Map domains in From addresses to keys used to sign messages
KeyTable                /etc/opendkim/key.table
SigningTable            /etc/opendkim/signing.table

# Hosts to ignore when verifying signatures
ExternalIgnoreList      /etc/opendkim/trusted.hosts
InternalHosts           /etc/opendkim/trusted.hosts


# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain                 example.com
#KeyFile                /etc/dkimkeys/dkim.key
#Selector               2007

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization       simple
Mode                    sv
SubDomains              no

AutoRestart             yes
AutoRestartRate         10/1m
Background              yes
DNSTimeout              5
SignatureAlgorithm      rsa-sha256

# Socket smtp://localhost
#
# ##  Socket socketspec
# ##
# ##  Names the socket where this filter should listen for milter connections
# ##  from the MTA.  Required.  Should be in one of these forms:
# ##
# ##  inet:port@address           to listen on a specific interface
# ##  inet:port                   to listen on all interfaces
# ##  local:/path/to/socket       to listen on a UNIX domain socket
#
#Socket                  inet:8892@localhost
Socket                  local:/var/spool/postfix/var/run/opendkim/opendkim.sock

##  PidFile filename
###      default (none)
###
###  Name of the file where the filter should write its pid before beginning
###  normal operations.
#
PidFile               /var/spool/postfix/var/run/opendkim/opendkim.pid


# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

##  ResolverConfiguration filename
##      default (none)
##
##  Specifies a configuration file to be passed to the Unbound library that
##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
##  documentation at http://unbound.net for the expected content of this file.
##  The results of using this and the TrustAnchorFile setting at the same
##  time are undefined.
##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
##  unbound package

# ResolverConfiguration     /etc/unbound/unbound.conf

##  TrustAnchorFile filename
##      default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile       /usr/share/dns/root.key

##  Userid userid
###      default (none)
###
###  Change to user "userid" before starting normal operation?  May include
###  a group ID as well, separated from the userid by a colon.
#
UserID                opendkim

Вот мой /etc/systemd/system/multi-user.target .wants / opendkim.service (мне пришлось отредактировать, чтобы opendkim.sock и opendkim.pid даже отображались и могли избавиться от ошибок постфикса) 

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/spool/postfix/var/run/opendkim/opendkim.pid
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

key.table: 

smbecker.tk smbecker.tk:YYYYMM:/etc/opendkim/keys/smbecker.tk.private

signed.table : 

*@smbecker.tk smbecker.tk

Я проделал массу редактирования и проверки владельцев и разрешений, чтобы добраться даже до этого момента, избавляясь от ошибок соединения milter (не обнаруженных и отклоненных). Opendkim.pid меняет права на root-владение каждый раз при перезапуске opendkim, но даже если я сделаю chown и chmod, чтобы передать его opendkim с 0777, я все равно получу тот же результат. Сообщения не подписываются: 

DKIM Information:
DKIM Signature

This message does not contain a DKIM Signature

Я использую Raspian-Stretch. У меня работают Postfix, Dovecot, Roundcube, и я отправляю электронные письма через Roundcube. Вся исходящая электронная почта должна иметь подписи DKIM, но их нет.

Запрошенный mail.log: 

Jan 10 18:35:34 raspberrypi postfix[23526]: Postfix is running with backwards-compatible default settings
Jan 10 18:35:34 raspberrypi postfix[23526]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 18:35:34 raspberrypi postfix[23526]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 18:35:34 raspberrypi postfix/postfix-script[23533]: stopping the Postfix mail system
Jan 10 18:35:34 raspberrypi postfix/master[23241]: terminating on signal 15
Jan 10 18:35:35 raspberrypi postfix[23602]: Postfix is running with backwards-compatible default settings
Jan 10 18:35:35 raspberrypi postfix[23602]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 18:35:35 raspberrypi postfix[23602]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 18:35:37 raspberrypi postfix/postfix-script[23709]: starting the Postfix mail system
Jan 10 18:35:37 raspberrypi postfix/master[23711]: daemon started -- version 3.1.8, configuration /etc/postfix
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: initializing the server-side TLS engine
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:35:57 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23761, TLS, session=<BPvl4CN/TKcKZGQB>
Jan 10 18:35:57 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=32 out=479
Jan 10 18:35:57 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23763, TLS, session=<+Ezu4CN/TqcKZGQB>
Jan 10 18:35:58 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=44 out=675
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:36:15 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Connection closed in=133 out=1271
Jan 10 18:36:16 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23767, TLS, session=<D+YD4iN/IrcKZGQB>
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: initializing the server-side TLS engine
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: connect from unknown[10.100.100.1]
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: 4630CDDC30: client=unknown[10.100.100.1]
Jan 10 18:36:21 raspberrypi postfix/cleanup[23770]: 4630CDDC30: message-id=<f1442883c4d8700a241ca81e77bc9b84@smbecker.tk>
Jan 10 18:36:21 raspberrypi postfix/qmgr[23713]: 4630CDDC30: from=<smbecker3673@smbecker.tk>, size=492, nrcpt=1 (queue active)
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: disconnect from unknown[10.100.100.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jan 10 18:36:21 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23773, TLS, session=<4MZZ4iN/WqcKZGQB>
Jan 10 18:36:21 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=351 out=635
Jan 10 18:36:21 raspberrypi postfix/smtp[23771]: 4630CDDC30: to=<WTnCkOoN6Z8l0S@dkimvalidator.com>, relay=31045262.in1.mandrillapp.com[54.245.105.162]:25, delay=0.73, delays=0.13/0.05/0.37/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CBAA421FF4)
Jan 10 18:36:21 raspberrypi postfix/qmgr[23713]: 4630CDDC30: removed
Jan 10 18:36:22 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23775, TLS, session=<5Wtr4iN/XqcKZGQB>
Jan 10 18:36:23 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=44 out=675
Jan 10 18:36:24 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23778, TLS, session=<0op+4iN/YKcKZGQB>
Jan 10 18:36:24 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=120 out=850
Jan 10 18:36:24 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23779, TLS, session=<EDaC4iN/YqcKZGQB>
Jan 10 18:36:24 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=292 out=2438
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1

Форма соединений 10.100.0.3 - это Mikrotik Dude Server, который просто проверяет службы и устройства, чтобы их можно было игнорировать. Как видите, в настоящее время в журнале нет ошибок, но я также ничего не вижу относительно DKIM.

Почтовые журналы с перезапуском DKIM после его обратного изменения: 

Jan 10 20:28:49 raspberrypi postfix[25666]: Postfix is running with backwards-compatible default settings
Jan 10 20:28:49 raspberrypi postfix[25666]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 20:28:49 raspberrypi postfix[25666]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 20:28:49 raspberrypi postfix/postfix-script[25672]: stopping the Postfix mail system
Jan 10 20:28:49 raspberrypi postfix/master[25566]: terminating on signal 15
Jan 10 20:28:50 raspberrypi postfix[25741]: Postfix is running with backwards-compatible default settings
Jan 10 20:28:50 raspberrypi postfix[25741]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 20:28:50 raspberrypi postfix[25741]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 20:28:52 raspberrypi postfix/postfix-script[25849]: starting the Postfix mail system
Jan 10 20:28:52 raspberrypi postfix/master[25851]: daemon started -- version 3.1.8, configuration /etc/postfix
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: initializing the server-side TLS engine
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:29:24 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=25869, TLS, session=<J66gdiV/bKkKZGQB>
Jan 10 20:29:24 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=90 out=896
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:30:24 raspberrypi dovecot: imap-login: Login: user=<smbecker3673@smbecker.tk>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=25925, TLS, session=<dlcxeiV/cKkKZGQB>
Jan 10 20:30:24 raspberrypi dovecot: imap(smbecker3673@smbecker.tk): Logged out in=90 out=896
Jan 10 20:30:29 raspberrypi opendkim[25654]: OpenDKIM Filter: mi_stop=1
Jan 10 20:30:29 raspberrypi opendkim[25654]: OpenDKIM Filter v2.11.0 terminating with status 0, errno = 0
Jan 10 20:30:29 raspberrypi opendkim[25934]: OpenDKIM Filter v2.11.0 starting (args: -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock)
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1

Также ps -aux | grep opendkim 

opendkim 25933  0.0  0.3  14884  2976 ?        Ss   20:30   0:00 /usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
opendkim 25934  0.0  0.6  59044  5804 ?        Sl   20:30   0:00 /usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
root     26283  0.0  0.0   4376   576 pts/0    S+   20:52   0:00 grep opendkim

TCPDUMP при отправке электронной почты: 

listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
17:52:44.828861 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [S], seq 3182105441, win 43690, options [mss 65495,sackOK,TS val 3741998642 ecr 0,nop,wscale 7], length 0
17:52:44.828938 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [S.], seq 435085374, ack 3182105442, win 43690, options [mss 65495,sackOK,TS val 3741998642 ecr 3741998642,nop,wscale 7], length 0
17:52:44.829036 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [.], ack 1, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 0
17:52:44.829290 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 1:18, ack 1, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 17
17:52:44.829596 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [P.], seq 1:18, ack 18, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 17
17:52:44.829749 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 18:122, ack 18, win 342, options [nop,nop,TS val 3741998643 ecr 3741998642], length 104
17:52:44.829912 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [P.], seq 18:23, ack 122, win 342, options [nop,nop,TS val 3741998643 ecr 3741998643], length 5
17:52:44.831489 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 122:138, ack 23, win 342, options [nop,nop,TS val 3741998644 ecr 3741998643], length 16
17:52:44.831571 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [F.], seq 138, ack 23, win 342, options [nop,nop,TS val 3741998644 ecr 3741998643], length 0
17:52:44.832194 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [F.], seq 23, ack 139, win 342, options [nop,nop,TS val 3741998645 ecr 3741998644], length 0
17:52:44.832271 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [.], ack 24, win 342, options [nop,nop,TS val 3741998645 ecr 3741998645], length 0
17:53:13.817007 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [S], seq 2310383764, win 43690, options [mss 65495,sackOK,TS val 3742027630 ecr 0,nop,wscale 7], length 0
17:53:13.817082 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [S.], seq 2557593622, ack 2310383765, win 43690, options [mss 65495,sackOK,TS val 3742027630 ecr 3742027630,nop,wscale 7], length 0
17:53:13.817156 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 1, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 0
17:53:13.817363 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1:18, ack 1, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 17
17:53:13.817401 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 18, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 0
17:53:13.817704 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 1:18, ack 18, win 342, options [nop,nop,TS val 3742027631 ecr 3742027630], length 17
17:53:13.818019 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 18:23, ack 124, win 342, options [nop,nop,TS val 3742027631 ecr 3742027631], length 5
17:53:13.860290 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 23, win 342, options [nop,nop,TS val 3742027673 ecr 3742027631], length 0
17:53:14.068860 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 124:407, ack 23, win 342, options [nop,nop,TS val 3742027882 ecr 3742027631], length 283
17:53:14.069221 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 23:28, ack 407, win 350, options [nop,nop,TS val 3742027882 ecr 3742027882], length 5
17:53:14.069275 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 28, win 342, options [nop,nop,TS val 3742027882 ecr 3742027882], length 0
17:53:14.156900 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 407:519, ack 28, win 342, options [nop,nop,TS val 3742027970 ecr 3742027882], length 112
17:53:14.157128 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 28:33, ack 519, win 350, options [nop,nop,TS val 3742027970 ecr 3742027970], length 5
17:53:14.157166 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 33, win 342, options [nop,nop,TS val 3742027970 ecr 3742027970], length 0
17:53:14.203842 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 519:538, ack 33, win 342, options [nop,nop,TS val 3742028017 ecr 3742027970], length 19
17:53:14.250297 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 538, win 350, options [nop,nop,TS val 3742028063 ecr 3742028017], length 0
17:53:14.250369 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 538:595, ack 33, win 342, options [nop,nop,TS val 3742028063 ecr 3742028063], length 57
17:53:14.250405 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 595, win 350, options [nop,nop,TS val 3742028063 ecr 3742028063], length 0
17:53:14.250693 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 33:38, ack 595, win 350, options [nop,nop,TS val 3742028064 ecr 3742028063], length 5
17:53:14.250722 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 38, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 0
17:53:14.250877 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 595:648, ack 38, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 53
17:53:14.251112 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 648:686, ack 43, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 38
17:53:14.251234 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 43:48, ack 686, win 350, options [nop,nop,TS val 3742028064 ecr 3742028064], length 5
17:53:14.251334 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 686:748, ack 48, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 62
17:53:14.251458 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 48:53, ack 748, win 350, options [nop,nop,TS val 3742028064 ecr 3742028064], length 5
17:53:14.251562 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 748:830, ack 53, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 82
17:53:14.251688 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 53:58, ack 830, win 350, options [nop,nop,TS val 3742028065 ecr 3742028064], length 5
17:53:14.251784 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 830:872, ack 58, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 42
17:53:14.251905 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 58:63, ack 872, win 350, options [nop,nop,TS val 3742028065 ecr 3742028065], length 5
17:53:14.252010 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 872:987, ack 63, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 115
17:53:14.252137 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 63:68, ack 987, win 350, options [nop,nop,TS val 3742028065 ecr 3742028065], length 5
17:53:14.252236 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 987:1044, ack 68, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 57
17:53:14.252577 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 73:78, ack 1115, win 350, options [nop,nop,TS val 3742028066 ecr 3742028065], length 5
17:53:14.252680 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1115:1163, ack 78, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 48
17:53:14.252803 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 78:83, ack 1163, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.252903 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1163:1251, ack 83, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 88
17:53:14.253026 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 83:88, ack 1251, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.253143 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1251:1301, ack 88, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 50
17:53:14.253264 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 88:93, ack 1301, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.253351 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1301:1325, ack 93, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 24
17:53:14.264091 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 93:98, ack 1325, win 350, options [nop,nop,TS val 3742028077 ecr 3742028066], length 5
17:53:14.264434 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1325:4540, ack 98, win 342, options [nop,nop,TS val 3742028077 ecr 3742028077], length 3215
17:53:14.264532 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 4540, win 1373, options [nop,nop,TS val 3742028077 ecr 3742028077], length 0
17:53:14.264652 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 98:103, ack 4540, win 1373, options [nop,nop,TS val 3742028078 ecr 3742028077], length 5
17:53:14.264734 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 4540:4564, ack 103, win 342, options [nop,nop,TS val 3742028078 ecr 3742028078], length 24
17:53:14.266378 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 103:108, ack 4564, win 1373, options [nop,nop,TS val 3742028079 ecr 3742028078], length 5
17:53:14.310331 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 108, win 342, options [nop,nop,TS val 3742028123 ecr 3742028079], length 0

^C
75 packets captured
164 packets received by filter
9 packets dropped by kernel
0
задан 12 January 2019 в 01:56
2 ответа

Với sự giúp đỡ của Sandor Marton, loại bỏ các vấn đề trong danh sách các vấn đề tiềm ẩn. Tôi đọc ở đâu đó rằng refile: không được yêu cầu ở đây và đã khắc phục sự cố của ai đó: 

SigningTable            /etc/opendkim/signing.table

Tuy nhiên, đây không phải là trường hợp của tôi. Tôi cần đặt refile: trở lại opendkim.conf cho dòng liên quan đến bảng ký. Đây là mục nhập mới khiến opendkim bắt đầu thực sự thử ký các email gửi đi. 

SigningTable            refile:/etc/opendkim/signing.table

Sau đó, tôi bắt đầu thấy lỗi cấp quyền cho các khóa trong nhật ký thư mà tôi đã sửa và mọi thứ hiện đang hoạt động.

1
ответ дан 4 December 2019 в 12:16

У вас postfix chrooted? В противном случае пути сокетов не совпадают. Может быть, попробуйте локальный TCP-порт, обычно установка opendkim для 8891, поэтому измените smtpd_milters = inet: 127.0.0.1: 8891 non_smtpd_milters = inet: 127.0.0.1: 8891 в main.cf postfix и Розетка (скрытая) в opendkim.conf.

Таким образом, вы можете tcpdump локальный интерфейс и посмотреть, есть ли связь между postfix и opendkim. Немного странно, так как в журналах вы должны увидеть что-то от opendkim, если он получит почту. Очевидно, это зависит от того, как настроен системный журнал. Если вы перезапустите opendkim, вы увидите что-нибудь в этом журнале (следует записать строку о запуске), возможно, журналы opendkim находятся в другом файле.

2
ответ дан 4 December 2019 в 12:16

Теги

Похожие вопросы