Enabling DKIM Fails [#44125]

Submitted by sandolution on Fri, 11/18/2016 - 05:53

Hi,

I'm trying to enable DKIM Signing for all virtual servers without BIND DNS. I've installed the DKIM package via Virtualmin (Email Messages > DomainKeys Identified Mail) and entered the following parameters:

Signing of outgoing mail enabled? >Yes
Selector for DKIM record name      >2016
Reject incoming email with invalid DKIM signature?    >No
Force generation of new private key?     >No (No difference if set to yes)
Size of new DKIM key         >2048
Additional domains to sign for    
>XXXXX1
>XXXXX2

When clicking save, Virtualmin shows me the following:

Finding virtual servers to enable DKIM for ..
.. no virtual servers with DNS and email enabled were found, but enabling for 5 extra domains
Extracting public key from private key in /etc/dkim.key ..
.. done
Setting domain and selector in DKIM filter configuration ..
.. done
Enabling DKIM filter at boot time ..
.. done
Starting DKIM filter ..
.. done
Configuring mail server to use DKIM filter ..
.. done

The syslog shows that it's actually doing something:

Nov 18 12:26:51 SNDLTN1 opendkim[8994]: OpenDKIM Filter: mi_stop=1
Nov 18 12:26:51 SNDLTN1 opendkim[8994]: OpenDKIM Filter v2.10.3 terminating with status 0, errno = 0
Nov 18 12:26:52 SNDLTN1 opendkim[10277]: OpenDKIM Filter v2.10.3 starting (args: -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost -b s)
Nov 18 12:26:54 SNDLTN1 postfix/postfix-script[10402]: refreshing the Postfix mail system

The file cat /etc/dkim-domains.txt shows all domains I entered. So far so good. However, when I go back to the DomainKeys Identified Mail it shows that the signing of outgoing mail is disabled. Also, each server shows no change in suggested DNS records.

Is this a bug or am I missing something?

Best Regards,

Sander

Status:

Active

Comments

Submitted by JamieCameron on Fri, 11/18/2016 - 11:08 Comment #1

Can you check if the opendkim server process is running on your system?

Also, what does /etc/default/opendkim contain on your system?

Submitted by sandolution on Fri, 11/18/2016 - 12:41 Comment #2

The status of opendkim:

service opendkim status

● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/lib/systemd/system/opendkim.service; disabled; vendor preset: enabled)
   Active: active (running) since Fri 2016-11-18 12:32:12 CET; 7h ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 11695 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p
  Process: 11693 ExecStartPre=/bin/chown opendkim.opendkim /var/run/opendkim (code=exited, status=0/SUCCESS)
  Process: 11690 ExecStartPre=/bin/mkdir -p /var/run/opendkim (code=exited, status=0/SUCCESS)
 Main PID: 11697 (opendkim)
   CGroup: /system.slice/opendkim.service
           └─11697 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid -p inet:889

Nov 18 12:32:12 SNDLTN1 systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
Nov 18 12:32:12 SNDLTN1 systemd[1]: opendkim.service: PID file /var/run/opendkim/opendkim.pid not readable (yet?) aft
Nov 18 12:32:12 SNDLTN1 opendkim[11697]: OpenDKIM Filter v2.10.3 starting (args: -x /etc/opendkim.conf -u opendkim -P
Nov 18 12:32:12 SNDLTN1 systemd[1]: Started DomainKeys Identified Mail (DKIM) Milter.

And the file:

/etc/default/opendkim

SOCKET=inet:8891@localhost
DAEMON_OPTS="-b s"

Thanks in advance!

Submitted by JamieCameron on Fri, 11/18/2016 - 19:51 Comment #3

Ok .. and in your /etc/postfix/main.cf file, is there a reference to port 8891 somewhere?

Submitted by sandolution on Sun, 11/20/2016 - 05:13 Comment #4

Yes, these lines have been added to the end:

/etc/postfix/main.cf

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Submitted by JamieCameron on Sun, 11/20/2016 - 13:57 Comment #5

That looks correct as well .... however, it doesn't explain why Virtualmin thinks that the DKIM server isn't running.

If you go to Webmin -> System -> Bootup and Shutdown, does it show that the opendkim action is both enabled at boot and running now?

Submitted by sandolution on Sun, 11/20/2016 - 16:29 Comment #6

Hi Jamie,

I did see opendkim running in Bootup & Shutdown. I've just upgraded the hardware of my VPS and decided to do a clean install. I've installed Ubuntu and Virtualmin again, and made sure DKIM was installed (via Virtualmin) before I added any domains. This resulted in a working instance of dkim, including the display of the DNS records that should be added. So it's working perfectly now.

Thanks for your help anyway and keep up the good work!

Regards, Sander

Submitted by JamieCameron on Tue, 11/22/2016 - 01:26 Comment #7

Ok, great!

Submitted by acosonic on Wed, 01/22/2020 - 05:43 Comment #8

Doesn't work by default on Ubuntu 18.04

Even though I've done everything thru virtualmin...

Everything seems fine, but Signing of outgoing mail enabled?

always turns to "No"

Submitted by acosonic on Wed, 01/22/2020 - 06:16 Comment #9

Eventually it worked once I did

apt purge opendkim opendkim-tools restarted whole system and then apt install opendkim

Once checked it was again set to no then set to yes, and it stayed as yes...

Submitted by azcunaga on Sun, 11/08/2020 - 19:11 Comment #10

Wow I was getting this same problem on Ubuntu 20, DKIM would not get enabled, but this simple solution by acosonic to purge and reinstall opendkim did the trick on 2 different servers:

apt purge opendkim opendkim-tools restarted whole system and then apt install opendkim

Thanks Acosonic & Jamie