[SOLVED] Issue with DKIM outbound?

@killmasta93: please open a new thread (it's a different issue) - and post the journal, around the time this happens (+/-1 hour) - e.g. `journalctl --since 2018-02-21` (redact and remove e-mail addresses)
 
  • Like
Reactions: killmasta93
EDIT 3: So i wanted to post back i think theres something odd with the steps. I took the same steps from above on another proxmox box and wont sign the DKIM whats even more odd i see the Opendmarc logs and get this

Code:
Feb 25 23:56:18 mail systemd[1]: Starting OpenDMARC Milter...
Feb 25 23:56:18 mail systemd[1]: opendmarc.service: PID file /var/run/opendmarc/opendmarc.pid not readable (yet?) after start: No such file or directory
Feb 25 23:56:18 mail opendmarc[1833]: OpenDMARC Filter v1.3.2 starting ()
Feb 25 23:56:18 mail opendmarc[1833]: additional trusted authentication services: (none)
Feb 25 23:56:18 mail systemd[1]: Started OpenDMARC Milter.

whats bothering me is how then before was working took the same steps
:mad::mad::mad::mad::mad::mad::mad::mad::mad::mad::mad:
 
Thanks for the reply. not sure if its because dmarc not working has anything to do with dkim keys not being signed

Code:
-- Logs begin at Tue 2019-02-26 12:41:55 -05, end at Tue 2019-02-26 12:57:14 -05. --
Feb 26 12:41:55 mail systemd[1]: Starting OpenDMARC Milter...
Feb 26 12:41:56 mail systemd[1]: opendmarc.service: PID file /var/run/opendmarc/opendmarc.pid not readable (yet?) after start: No such file or directory
Feb 26 12:41:56 mail systemd[1]: Started OpenDMARC Milter.
Feb 26 12:41:56 mail opendmarc[810]: OpenDMARC Filter v1.3.2 starting ()
Feb 26 12:41:56 mail opendmarc[810]: additional trusted authentication services: (none)


then i saw the permissions and file

Code:
root@mail:~# ls -l -h /var/run/opendmarc/opendmarc.pid
-rw-rw---- 1 opendmarc opendmarc 4 Feb 26 12:41 /var/run/opendmarc/opendmarc.pid
 
Last edited:
You posted the error about opendmarc, so I thought you wanted to figure that out. You are right though, it should not be keeping you from signing outgoing emails. You'll need to look at the logs to figure out why it's not working, there should be other clues in there. What else have you done that you haven't on your other server?
 
Thanks for the reply, i found the issue of the dkim signing, i had to remove
Code:
submission inet n - - - 100 smtpd
-o content_filter=scan:127.0.0.1:10023
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=reject_unknown_recipient_domain
-o smtpd_sender_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_milters=unix:/var/run/opendkim/signer.sock

smtps inet n - - - 100 smtpd
-o content_filter=scan:127.0.0.1:10023
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=reject_unknown_recipient_domain
-o smtpd_sender_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_milters=unix:/var/run/opendkim/signer.sock

and from the /etc/postfix/master.cf restart postfix and worked signing was going crazy. So back to opendmarc umm where else should i start looking dmarc is only check if it has it right?
 
Well i think its working even though it shows that error

Code:
Feb 26 13:25:26 mail postfix/smtpd[2816]: BD9D5C09FA: client=verifier.port25.com[34.209.113.130]
Feb 26 13:25:27 mail postfix/cleanup[2808]: BD9D5C09FA: message-id=<1551205523-240926@verifier.port25.com>
Feb 26 13:25:27 mail opendkim[700]: BD9D5C09FA: verifier.port25.com [34.209.113.130] not internal
Feb 26 13:25:27 mail opendkim[700]: BD9D5C09FA: not authenticated
Feb 26 13:25:27 mail opendkim[700]: BD9D5C09FA: signature=VgFT16xR domain=port25.com selector=verifier201208 result="no signature error"
Feb 26 13:25:27 mail opendkim[700]: BD9D5C09FA: DKIM verification successful
Feb 26 13:25:27 mail opendkim[700]: BD9D5C09FA: s=verifier201208 d=port25.com SSL
Feb 26 13:25:27 mail opendmarc[810]: implicit authentication service: mail.mydomain.com
Feb 26 13:25:27 mail opendmarc[810]: BD9D5C09FA: verifier.port25.com none
 
Just want to postback you have to disable or remove these lines inside the master at first it works then all of sudden it stops working and proxmox starts to refuse all emails
Code:
#submission inet n - - - 100 smtpd
#-o content_filter=scan:127.0.0.1:10023
#-o smtpd_enforce_tls=yes
#-o smtpd_sasl_auth_enable=yes
#-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#-o smtpd_recipient_restrictions=reject_unknown_recipient_domain
#-o smtpd_sender_restrictions=
#-o smtpd_helo_restrictions=
#-o smtpd_milters=unix:/var/run/opendkim/signer.sock

#smtps inet n - - - 100 smtpd
#-o content_filter=scan:127.0.0.1:10023
#-o smtpd_tls_wrappermode=yes
#-o smtpd_sasl_auth_enable=yes
#-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#-o smtpd_recipient_restrictions=reject_unknown_recipient_domain
#-o smtpd_sender_restrictions=
#-o smtpd_helo_restrictions=
#-o smtpd_milters=unix:/var/run/opendkim/signer.sock
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!