Centos 7 fail to install OpenDKIM

Today i made another Virtualmin test on Centos 7. While the installation was successful i was not able to install OpenDKIM because of missing dependencies:

Error: Package: opendkim-2.9.2-2.el7.x86_64 (virtualmin)
           Requires: libopendkim.so.9()(64bit)
Error: Package: opendkim-2.9.2-2.el7.x86_64 (virtualmin)
           Requires: libbsd.so.0()(64bit)
Error: Package: opendkim-2.9.2-2.el7.x86_64 (virtualmin)
           Requires: libbsd.so.0(LIBBSD_0.0)(64bit)
Error: Package: opendkim-2.9.2-2.el7.x86_64 (virtualmin)
           Requires: libopendkim = 2.9.2-2.el7

I sort the problem with installing epel (yum install epel-release) and after that i was able to activate OpenDKIM. So far this is the only problem i encounter after last Virtualmin relese. Note: Didnt test if OpenDKIM is working on outgoing mails but i will do this later today.

Status: 
Active

Comments

Howdy -- thanks, we're working on correcting those dependencies so that you don't need to enable EPEL in the future.

Diabolico's picture
Submitted by Diabolico on Sun, 03/08/2015 - 19:10

Have another problem to report. When i try to change something (anything) in DKIM options i get this result:

Finding virtual servers to enable DKIM for ..
.. found 1 servers

Generating private key in file /etc/opendkim/keys/default.private ..
.. done

Extracting public key from private key in /etc/opendkim/keys/default.private ..
.. done

Setting domain and selector in DKIM filter configuration ..
.. done

Adding DKIM records to DNS domain mydomain.com ..
.. added successfully

Enabling DKIM filter at boot time ..
.. done

Starting DKIM filter ..
.. start failed : Job for opendkim.service failed. See 'systemctl status opendkim.service' and 'journalctl -xn' for details.

DKIM setup failed!

Re-starting DNS server ..
.. done

and...

opendkim.service - DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled)
   Active: failed (Result: exit-code) since Sun 2015-03-08 19:49:40 EDT; 4min 23s ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 3771 ExecStart=/usr/sbin/opendkim $OPTIONS (code=exited, status=78)

Mar 08 19:49:40 leeroy.mydomain.com opendkim[3771]: opendkim: /etc/opendkim.conf: /etc/dkim-domains.txt: dkimf_db_open(): Permission denied
Mar 08 19:49:40 leeroy.mydomain.com systemd[1]: opendkim.service: control process exited, code=exited status=78
Mar 08 19:49:40 leeroy.mydomain.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Mar 08 19:49:40 leeroy.mydomain.com systemd[1]: Unit opendkim.service entered failed state.

Problem is when Virtualmin install OpenDKIM and create dkim-domains.txt the permissions are set to owner: root and group: root instead of owner: root and group: opendkim. Once i changed the permissions OpenDKIM was able to (re)start normally. Another thing what i dont like is if i install OpenDKIM from Virtualmin it will generate one key for all domains while i would like to have separate keys for each domain (like i would do during manual installation). Not sure if there is any reason for that. Will it make things more complicated if we can set different keys for each domain?

Howdy -- just to clarify the permissions issue -- you're saying that you changed the group owner of /etc/dkim-domains.txt to group "opendkim", and once you did that, OpenDKIM started properly?

Diabolico's picture
Submitted by Diabolico on Mon, 03/09/2015 - 07:24

Howdy -- just to clarify the permissions issue -- you're saying that you changed the group owner of /etc/dkim-domains.txt to group "opendkim", and once you did that, OpenDKIM started properly? Yes, exactly. When i saw there is permission problem i went to check the file and i saw it was set to root/root. So it come to my mind that probably OpenDKIM is asking for his own permissions. Even i find it strange because if i install as root OpenDKIM should have granted access to all files what he needs but to be honest this is the point where my knowledge begins to fade. Never encounter this problem before as i used different method to setup OpenDKIM (manual install). It could be how Virtualmin try to use/write that file?

BTW, are you running Virtualmin 4.15 there? Because it changed the way DKIM setup is done on CentOS 7.

Diabolico's picture
Submitted by Diabolico on Mon, 03/09/2015 - 19:14

Installed same day when i posted here, more precisely it was 3-4 hours before my first post here. I wiped out that VPS so i cant give you anymore this information. I could make another try with Centos 7 and see how it goes.

Ok, please let us know if it doesn't install properly from within Virtualmin out of the box.

Diabolico's picture
Submitted by Diabolico on Mon, 03/09/2015 - 23:59

Virtualmin 4.15.gpl & Webmin 1.730 on Centos 7

I can confirm both problems are still here. OpenDKIM cant be installed if before that epel is not already on the server and if i dont change group of dkim-domains.txt i will have permission error. At this point i'm not even sure if i manually install OpenDKIM with separate keys for each domain will Virtualmin change this with his own settings. If this is the case then right now Virtualmin is useless to me and i was more happy how it was before. When Virtualmin was looking for dkim-milter at least i was sure it will not touch my settings for OpenDKIM.

Ok, I'm trying to re-produce this on a test system now..

Yep, looks like the /etc/dkim-domains.txt file isn't having permissions set correctly. However, you should be able to solve that by running chmod 755 /etc/dkim-domains.txt

Please note that the above mentioned permissions issues are much more extensive than already noted. I've been struggling to get opendkim to remain started. When it fails, I have the following in my logs. . .

Mar 13 23:31:11 sg1 opendkim: opendkim: /etc/opendkim.conf: refile:/etc/dkim-signingtable: dkimf_db_open(): Permission denied Mar 13 23:34:32 sg1 opendkim: opendkim: /etc/opendkim.conf: /etc/dkim-keytable: dkimf_db_open(): Permission denied

Performing a chown opendkim on the /etc/dkim-signingtable and /etc/dkim-keytable files enabled me to start opendkim. I'm not sure if it's running stable yet though.

Thanks, I'll have Virtualmin correct those permissions as well.

5 years have passed and virtualmin still has the same problem

Ilia's picture
Submitted by Ilia on Sun, 03/22/2020 - 08:46

5 years have passed and virtualmin still has the same problem

I cannot confirm that. What exactly is not working for you?