2

I'm trying to send mail from my ubuntu (17.04) server to gmail, hotmail but the email is going to spam folder. I've checked /var/log/mail.log and I found out that there is a warning about opendkim there:

Jul 25 15:12:31 francooro postfix/cleanup[21233]: warning: connect to Milter service inet:localhost:12301: Connection refused

I've tried to disable chroot check, my firewall is disabled, the opendkim service is up, but it's seems it doesn't listen to any port, so I tried adding another port, and the connection is refused for both ports.

My configuration is :

/etc/postfix/main.cf

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.x-pole-israel.org/cert.pem
smtpd_tls_CAfile=/etc/letsencrypt/live/mail.x-pole-israel.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.x-pole-israel.org/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = x-pole-israel.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, x-pole-israel.org, francooro, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all


smtp_tls_security_level = may
smtpd_tls_security_level = may
milter_protocol = 6
milter_default_action = accept
#smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
#non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
smtpd_milters = inet:localhost:12301
non_smtpd_milters = $smtpd_milters

/etc/opendkim.conf

TrustAnchorFile       /usr/share/dns/root.key

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   0002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

/etc/default/opendkim

SOCKET="inet:12301@localhost"

my chroot is on right now, but I tried to disable it, and it didn't help

my permissions on the keys looks like that:

drwxr-xr-x 2 root     root     4096 Jul 24 15:59 ./
drwxr-xr-x 3 root     root     4096 Jul 24 15:09 ../
-rw------- 1 opendkim opendkim 1679 Jul 24 15:09 mail.private
-rw------- 1 root     root      507 Jul 24 15:09 mail.txt

sudo netstat -ltnp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1443/sshd           
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      21779/master        
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      5904/mysqld         
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      1371/systemd-resolv 
tcp6       0      0 :::22                   :::*                    LISTEN      1443/sshd           
tcp6       0      0 :::25                   :::*                    LISTEN      21779/master        
tcp6       0      0 :::443                  :::*                    LISTEN      14402/apache2       
tcp6       0      0 :::5355                 :::*                    LISTEN      1371/systemd-resolv 
tcp6       0      0 :::80                   :::*                    LISTEN      14402/apache2
Nadav Shabtai
  • 121
  • 3
  • Can you provide the output from > sudo netstat -ltnp Want to make sure that your process is listening on the desired port first. – Joey Jul 25 '17 at 15:35
  • I edited and added the output to the question. I wrote in the question - opendkim doesn't listen to the port, I don't know why – Nadav Shabtai Jul 25 '17 at 15:41
  • So based on your output from netstat, it would appear the desired application (whatever it really is) is not actively running/listening on the intended port, which is why you're getting the connection refused in your log files. You should first investigate why the 'Milter' service is not running. – Joey Jul 25 '17 at 15:43
  • Yes, I know, the question is why? the milter service as I know is opendkim service and it's running, but is not listening – Nadav Shabtai Jul 25 '17 at 15:45
  • Apologies, but you'd have to provide more output from either the postfix or opendkim logs. I'm not specifically versed in the method or the purpose with what you're doing, only trying to help trouble-shoot. – Joey Jul 25 '17 at 15:50
  • Thank you for that, and for the quick response. The only message in the logs, related to the milter service is what I posted in the question... Everything else is fine. dkim is a signature that should verify the source of an email is the original, and not fake, opendkim should sign on emails, in this case sent by postfix, but as you can see, the signing part is not working – Nadav Shabtai Jul 25 '17 at 15:54

1 Answers1

0

I can't find three things in your /etc/opendkim.conf, something like:

Domain   example.com
KeyFile  /etc/opendkim/keys/example.com/dkim.private
Selector dkim

Otherwise looks rather similar to my running setup.

ajaaskel
  • 231
  • 3
  • 3