DKIM Cause emails to stall

hello there-

so trying to activate the DKIM settings .. on the server.. makes the emails to get stuck.. also other mail clients are not able to connect to the server..

I basically just activated the settings under mail options.. and relevant key was generated to all DNS records.. https://www.virtualmin.com/documentation/email/dkim

the moment i disable it, everything seems to work again..

appreciate your guidance here too,

Rohit.

Status: 
Active

Comments

What do you mean by stuck exactly? Are emails not going out, or not coming in?

emails dont go out.. they get stuck in the queue in postfix.. i think incoming emails does come in..

What gets logged to the Postfix mail log? (usually /var/log/mail.log)

Jan 9 14:00:49 server2 dovecot: imap-login: Login: user=info@inconsulting.tech, method=PLAIN, rip=134.3.101.130, lip=144.76.8.249, mpid=22644, TLS, session=<iQ/5gFdiJdiGA2WC> Jan 9 14:00:49 server2 dovecot: imap(info@inconsulting.tech): Connection closed in=223 out=1849 Jan 9 14:00:49 server2 dovecot: imap-login: Login: user=info@inconsulting.tech, method=PLAIN, rip=134.3.101.130, lip=144.76.8.249, mpid=22696, TLS, session= Jan 9 14:01:02 server2 postfix/smtps/smtpd[22832]: 6E0132AC98: client=HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130], sasl_method=PLAIN, sasl_username=info@inconsulting.tech Jan 9 14:01:02 server2 postfix/cleanup[22837]: 6E0132AC98: milter-reject: END-OF-MESSAGE from HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130]: 4.7.1 Service unavailable - try again later; from=info@inconsulting.tech to=interstellar.consulting@gmail.com proto=ESMTP helo=<[IPv6:::ffff:192.168.0.21]> Jan 9 14:01:06 server2 postfix/smtps/smtpd[22832]: 22C772AC98: client=HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130], sasl_method=PLAIN, sasl_username=info@inconsulting.tech Jan 9 14:01:06 server2 postfix/cleanup[22837]: 22C772AC98: milter-reject: END-OF-MESSAGE from HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130]: 4.7.1 Service unavailable - try again later; from=info@inconsulting.tech to=interstellar.consulting@gmail.com proto=ESMTP helo=<[IPv6:::ffff:192.168.0.21]> Jan 9 14:02:00 server2 postfix/smtps/smtpd[22832]: 498CC2AC98: client=HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130], sasl_method=PLAIN, sasl_username=info@inconsulting.tech Jan 9 14:02:00 server2 postfix/cleanup[22837]: 498CC2AC98: milter-reject: END-OF-MESSAGE from HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130]: 4.7.1 Service unavailable - try again later; from=info@inconsulting.tech to=interstellar.consulting@gmail.com proto=ESMTP helo=<[IPv6:::ffff:192.168.0.21]>

this is the error.. email greylisting is active.. along with port 10023 open in the firewall.

this is the DKIM setting.https://d.pr/i/tWxg8t

Does it help to restart the DKIM service? You can do that with the command "service opendkim restart".

If DKIM weren't started or weren't listening, that could cause the issue you're seeing.

i have tried that.. but the emails are still bouncing.....

Jan 9 19:37:00 server2 postfix/cleanup[19349]: 101432AC9F: milter-reject: END-OF-MESSAGE from HSI-KBW-134-3-101-130.hsi14.kabel-badenwuerttemberg.de[134.3.101.130]: 4.7.1 Service unavailable - try again later; from=info@inconsulting.tech to=rohit.sharma.g@gmail.com proto=ESMTP helo=<[IPv6:::ffff:192.168.0.21]>

my server is not configured for ipv6.. but the message shows this.. is this the cause may be ?

Hmm, just to verify, is your server the one with the IP "134.3.101.130" mentioned in the logs there?

Also, what is the output of the command "postconf -n"?

no that is the ip adresss of my pc, from where i tried to logon onto the mail server to send the email ..

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_helo_required = yes
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual

The Postfix config looks okay.

That's a pretty unusual error you're seeing, but we should verify that DKIM is actually listening on the proper port... what is the output of this command:

netstat -anlp | grep :8891

yup,, its definitely weird..

tcp        0      0 127.0.0.1:8891          127.0.0.1:34188         TIME_WAIT   -
tcp        0      0 127.0.0.1:34152         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34132         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34234         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34182         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34242         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34190         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34204         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34122         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:8891          127.0.0.1:34248         ESTABLISHED 19542/opendkim
tcp        0      0 127.0.0.1:34240         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34140         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34134         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34164         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34154         127.0.0.1:8891          TIME_WAIT   -
tcp        0      0 127.0.0.1:34248         127.0.0.1:8891          ESTABLISHED 21454/smtpd

sometimes..just removing and reinstalling a package helps.. after reinstalling.. i am not seeing a problem.. but will let it be and incase i see an issue... i will come back to this thread.

Please post here the commands to reinstall package the virtualmin way so forumreaders have the complete solution if so. ;)

apt-get remove opendkim apt-get purge opendkim

commands to remove the remove and then reinstall via the virtualmin option.. for profit :)