Can't change OpenDKIM socket in Debian stretch in /etc/default/opendkim
Solution 1
I finally found the solution.
The /etc/init.d/opendkim doesn't seem to do anything. But instead the servicefile /lib/systemd/system/opendkim.service is used which had the wrong socket hardcoded.
But the debian package also seems to include a bash that generates the correct systemd service.
So after running
/lib/opendkim/opendkim.service.generate
systemctl daemon-reload
service opendkim restart
and restarting opendkim the socket file appears in the expected place, which can be verified by calling:
tail /var/log/mail.log | grep OpenDKIM
Update: It seems there is an debian bugreport about this issue: #861169
Update 2021:
As this question is still read quite often, I want to make everyone aware of the recent NEWS entry:
[...]
We remind users that opendkim is best configured by editing /etc/opendkim.conf. The legacy defaults file at /etc/default/opendkim is still available, as is the script /lib/opendkim/opendkim.service.generate. However, these provide no additional value over the default configuration file /etc/opendkim.conf. Please take this opportunity to review your configuration setup.
Also beginning with Debian Bullseye the /etc/default/opendkim starts with:
# NOTE: This is a legacy configuration file. It is not used by the opendkim
# systemd service. Please use the corresponding configuration parameters in
# /etc/opendkim.conf instead.
#
# Previously, one would edit the default settings here, and then execute
# /lib/opendkim/opendkim.service.generate to generate systemd override files at
# /etc/systemd/system/opendkim.service.d/override.conf and
# /etc/tmpfiles.d/opendkim.conf. While this is still possible, it is now
# recommended to adjust the settings directly in /etc/opendkim.conf.
Solution 2
I don't have enough reputation to comment and wanted to acknowledge that after hours of searching for a solution to the OpenDKim-Postfix 'connection refused' error message, the /lib/systemd/system/opendkim.service edit provided by LocutusBE worked with Ubuntu 17.04:
warning: connect to Milter service inet:localhost:8891: Connection refused
edit
/lib/systemd/system/opendkim.servicechange:
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sockto:
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock -p inet:12301@localhost systemctl daemon-reloadand
systemctl opendkim restart
Before attempting the edit I added the postfix user to the opendkim group and tried /lib/opendkim/opendkim.service.generate per Lukas Winkler's solution. The connection refused error persisted until the port number was added to /lib/systemd/system/opendkim.service.
To update /lib/systemd/system/opendkim.service, I used port 8891 for Ubuntu and commented out the original ExecStart line for testing purposes, then added a new line with port #:
/lib/systemd/system/opendkim.service (Service category):
[Service]
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
UMask=0007
#ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock -p inet:8891@localhost
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID
The matching port number was additionally specified in /etc/opendkim.conf:
Socket inet:8891@localhost
And /etc/postfix/main.cf:
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
After restarting the systemctl daemon, opendkim, and postfix, outgoing mail was signed without issue and the mail log showed "DKIM-Signature field added".
systemctl daemon-reload
systemctl opendkim restart
systemctl postfix restart
There was no connection issue when configuring OpenDkim with Centos7 recently, so apparently in this instance it was Ubuntu-related. Thanks to Lukas Winkler for posting the question and those who shared their solutions.
Solution 3
I was stuck in that for hours until understanding what happens, using that conf:
> nocomment.sh /etc/default/opendkim
RUNDIR=/var/spool/postfix/var/run/opendkim
SOCKET=local:$RUNDIR/$NAME.sock"
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=
The problem is that logs don't show you that opendkim can't access to the sockets due to simple file access rights.
To correct that:
-
Add opendkim to postfix group (and not the contrary as I read somewhere)
-
chown postfix:root -R /var/spool/postfix/var/
-
verify that :
$ ll /var/spool/postfix/var/run/opendkim/ total 4 -rw-rw---- 1 postfix root 6 avril 13 11:50 opendkim.pid srwxrwxr-x 1 postfix root 0 avril 13 11:50 opendkim.sock
I wrote some little reminder about OPENDKIM on DEBIAN BUSTER. Hope that may help
Solution 4
This worked for me:
edit /lib/systemd/system/opendkim.service
change:
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
to:
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock -p inet:12301@localhost
systemctl daemon-reload
and
systemctl opendkim restart
Solution 5
In order to use inet socket you need to specify:
SOCKET="inet:12301@localhost" to /etc/default/opendkim
also, you need to change settings in Postfix consequently:
in /etc/postfix/main.cf
add:
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
if you cannot set local to desired path, I would suggest you to:
grab a log from
mail,syslogoropendkimin/var/logand checkcheck
/etc/init.d/opendkimscript and inspect if sock file is hard-set to a valuetry to go with default
local:/var/run/opendkim/opendkim.sock- and specifysmtpd_milters = local:/var/run/opendkim/opendkim.sockandnon_smtpd_milters = local:/var/run/opendkim/opendkim.sockin/etc/postfix/main.cf
Related videos on Youtube
09 : 32
06 : 30
02 : 44
16 : 51
02 : 10
lw1.at
Astronomy student and Open Source fan My Projects: https://lw1.at
Updated on September 18, 2022Comments
-
lw1.at almost 2 years
I am trying to set up opendkim on Debian stretch but I fail at changing the socket. I want to change the socket to
/var/spool/postfix/opendkim/opendkim.sockso I can use it with postfix.I have added
Socket local:/var/spool/postfix/opendkim/opendkim.sockto/etc/opendkim.confand also tried adding
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sockto/etc/default/opendkim(which I had to create).No matter what I change or how often I restart opendkim, it always uses
/var/run/opendkim/opendkim.sockas its socket.➜ ~ netstat -a | fgrep LISTEN | grep open unix 2 [ ACC ] STREAM LISTENING 5534128 /var/run/opendkim/opendkim.sock ➜ ~ sudo systemctl status opendkim.service ● opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2017-04-30 12:41:54 CEST; 5min ago Docs: man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html Process: 25246 ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock (code=exited, status=0/SUCCESS) Main PID: 25248 (opendkim) Tasks: 7 (limit: 4915) CGroup: /system.slice/opendkim.service ├─25248 /usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock └─25249 /usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock Apr 30 12:41:54 vServer systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter... Apr 30 12:41:54 vServer systemd[1]: Started OpenDKIM DomainKeys Identified Mail (DKIM) Milter. Apr 30 12:41:54 vServer opendkim[25249]: OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock)What am I doing wrong? (I guess it's my mistake as I can't find anyone else with the same issue)
UPDATE:
Changing
/etc/default/opendkimtoSOCKET="inet:8891@localhost"and changing the postfix config to use this socket results ininet:localhost:8891: Connection refusedUPDATE2:
I have now replaced with the file bundled in the debian stretch package:
# Command-line options specified here will override the contents of # /etc/opendkim.conf. See opendkim(8) for a complete list of options. #DAEMON_OPTS="" # Change to /var/spool/postfix/var/run/opendkim to use a Unix socket with # postfix in a chroot: RUNDIR=/var/spool/postfix/var/run/opendkim #RUNDIR=/var/run/opendkim # # Uncomment to specify an alternate socket # Note that setting this will override any Socket value in opendkim.conf # default: SOCKET=local:$RUNDIR/opendkim.sock # listen on all interfaces on port 54321: #SOCKET=inet:54321 # listen on loopback on port 12345: #SOCKET=inet:12345@localhost # listen on 192.0.2.1 on port 12345: #SOCKET=inet:[email protected] USER=opendkim GROUP=opendkim PIDFILE=$RUNDIR/$NAME.pid EXTRAAFTER=The includes the following lines where the socket is decided:
if [ -f /etc/opendkim.conf ]; then CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendkim.conf` fi # This can be set via Socket option in config file, so it's not required if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS" fi-
Miloš Đakonović about 7 years"so I can use it with postfix" Are you sure that you need this in order to make it work with Postfix? -
lw1.at about 7 years@Miloshio I thought so as postfix runs in a chroot. (According to the tutorial I am following)
-
lw1.at about 7 years@Miloshio postfix claims
connect to Milter service local:/var/run/opendkim/opendkim.sock: No such file or directoryeven thought it exists as it is chrooted to/var/spool/postfix/ -
Miloš Đakonović about 7 yearsIt sounds like it is not chrooted. Please could you check again? Your paths should look like
/var/spool/postfix/var/run...if it is -
Miloš Đakonović about 7 yearsIn any scenario, I would use
inetinstead oflocal. Maybe, if you are not debugging down service, try to implement: digitalocean.com/community/tutorials/… -
lw1.at about 7 yearsI don't think that postfix is the issue. I have also tested
/opendkim/opendkim.sock. But/var/spool/postfix/opendkim/opendkim.sockdoesn't get created. And when I am usingSOCKET="inet:8891@localhost"the it also doesn't work.
-
-
lw1.at about 7 yearsI have now changed the config to be exactly like yours (same port) but I still get
warning: connect to Milter service inet:localhost:12301: Connection refused -
Miloš Đakonović about 7 yearsdid you try to restart both services after editing?
-
lw1.at about 7 yearsI did and now I also rebooted. When looking at mail.log I always see the following line
OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock) -
Miloš Đakonović about 7 yearsYou see that line even with
SOCKET="inet:12301@localhostset to opendkim conf file? -
lw1.at about 7 yearsthanks for the ideas. I found the solution (there's something odd with the debian package)
-
lw1.at almost 7 yearsThis is exactly the change which is done by the /lib/opendkim/opendkim.service.generate script.
-
Ivan Mir over 6 yearsThanks a lot – this fixed it on Ubuntu 16.04.3 LTS that lacksopendkim.service.generate. -
Piyush Kumar over 5 yearsopendkim ignores /etc/default/opendkim socket setting - for now we have to change /etc/opendkim.conf -
Eaten by a Grue about 4 years🍺🍺🍺🍺🍺🍺🍺🍺 -
Admin about 2 yearsVery helpful!!!!