DKIM Milter won't start

31 posts / 0 new
Last post
#1 Tue, 01/13/2015 - 04:14
Lanna

DKIM Milter won't start

I've been facing a number of problems on a fresh intall for five days and I'm starting to despair, so I sure hope someone can advice on a new problem. DKIM won't start through the Virtualmin form, I get the following error. . .

Starting DKIM filter .. .. start failed : Starting dkim-milter (via systemctl): Job for dkim-milter.service failed. See 'systemctl status dkim-milter.service' and 'journalctl -xn' for details. [FAILED]

Checking systemctl I get this. . .

Jan 13 10:03:32 en3.example.com systemd[1]: Starting SYSV: DomainKeys Identified Mail Milter... Jan 13 10:03:32 en3.example.com runuser[31821]: pam_unix(runuser:session): session opened for user dkim-milter by (uid=0) Jan 13 10:03:32 en3.example.com dkim-milter[31820]: Starting DomainKeys Identified Mail Milter (dkim-filter): dkim-filter: smfi_opensocket() failed Jan 13 10:03:32 en3.example.com dkim-milter[31820]: [FAILED] Jan 13 10:03:32 en3.example.com systemd[1]: dkim-milter.service: control process exited, code=exited status=1 Jan 13 10:03:32 en3.example.com systemd[1]: Failed to start SYSV: DomainKeys Identified Mail Milter. Jan 13 10:03:32 en3.example.com systemd[1]: Unit dkim-milter.service entered failed state.

Hopeing someone can advise.

Tue, 01/13/2015 - 05:30
Lanna

Doing some further investigation, I checked the /run/dkim-milter directory and the last modified date is 2010 (this is a fresh VPS install in 2015!). Investingating further the status of dkim-milter it appears to be a dead project and the bugs are catastrophic.

DKIM is now a critical part of mail delivery and should not be considered an 'option' (for example, Hotmail automatically null route any email not DKIM signed). Recommend Virtualmin team consider urgently removing dkim-milter and replacing with opendkim, this issue appears to be dead in the water otherwise.

Tue, 01/13/2015 - 11:03
andreychek

Howdy,

Virtualmin uses either dkim-milter or opendkim, depending on which is available in that particular distributions.

Newer distributions do come with opendkim.

Which distribution/version is it that you're using there?

-Eric

Tue, 01/13/2015 - 11:15
Lanna

CentOS 7

Tue, 02/24/2015 - 18:42
Lucrian

Hi Lanna,

Did you solve the problem? In my case (CentOS 7 too), dkim started only first time after installation. After reboot I received similar errors. After research I saw that folder /var/run/dkim-milter is missing. If this is your case too, I resolved my problem creating a small script:

#!/bin/bash
mkdir /var/run/dkim-milter
chown dkim-milter:dkim-milter /var/run/dkim-milter

This script must be put in cron and run (as root) @restart

Regards, Lucrian

Wed, 06/10/2015 - 16:02 (Reply to #5)
7stars

hi Lucrian, why a script at boot?

not enough to create the dir and chown? please explain... it's deleted at start that directory and why?

thanks

Wed, 06/10/2015 - 16:41 (Reply to #6)
7stars

I did it and service...

Loaded: loaded (/etc/rc.d/init.d/dkim-milter) Active: activating (start) since Wed 2015-06-10 23:35:39 CEST; 47s ago

but....

"can't write pid to /var/run/dkim-milter/dkim-milter.pid: No such file or directory"

and the directory is empty... so, how to fix?

Wed, 02/25/2015 - 06:09
Diabolico
Diabolico's picture

I had same problem and then just removed this old and obsolete script dkim-milter what was abandoned for several years. Aside of this, dkim-milter was the main and only culprit why my Virtualmin would not start with server reboot until manual start over SSH. For Lanna or anyone else on Centos 7 i would like to suggest to forget dkim-milter and switch to his successor OpenDKIM. In this links you can find all info how to setup OpenDKIM in literally few minutes: http://goo.gl/tfo3W9. Tested on fresh Centos 7 with Virtualmin/Webmin and never had any problem. The only "downside" if you want to call in this way is you will not be able to configure OpenDKIM with Virtualmin. But if you dont have dozens or hundreds domains you will be able to setup everything in no time. Really, its just 3 or 4 commands per domain with one copy and paste into your DNS.

I know that "virtualmin will install what comes with your distro" but i dont think it would be a problem to change this. Sorry but Centos 7 is new on the market and there is no real excuse to have 2-3 years old script on your server. If anyone has a solution how to make Virtualmin to work with OpenDKIM on Centos 7 it would be great to hear. EDIT: Actually time i saw on dkim-milter on my server was from 2010 so its 5 years not 2-3.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 02/25/2015 - 10:13
andreychek

Howdy,

Yeah CentOS 7 is using the dkim-milter script that was used with CentOS 6, as it was known to work there.

However, it certainly looks like there's some trouble in getting it to work on CentOS 7. I'll talk to Jamie about switching that over to use opendkim, as opendkim is available in EPEL and will be relatively simple to import into the Virtualmin repository.

-Eric

Wed, 02/25/2015 - 23:43
Diabolico
Diabolico's picture

Great news Eric. It would be great if we can get OpenDKIM at least for Centos 7. These days if you send email without rDNS, SPF and DKIM there is big chance your mail will end in spam folder or deleted.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Mon, 03/09/2015 - 23:46
tommmy

I successfully installed opendkim using virtualmin control panel. However still fail to start the service. When I try to enable dkim, I see following error.

Finding virtual servers to enable DKIM for ..
.. no virtual servers with DNS and email enabled were found, but enabling for 3 extra domains

Extracting public key from private key in /etc/opendkim/keys/default.private ..
.. done

Setting domain and selector in DKIM filter configuration ..
.. done

Enabling DKIM filter at boot time ..
.. done

Starting DKIM filter ..
.. start failed : Job for opendkim.service failed. See 'systemctl status opendkim.service' and 'journalctl -xn' for details.

DKIM setup failed!

Can you help me solve this problem? I'm using centos7

Tue, 03/10/2015 - 01:47
tommmy

I think following chown solved the problem.

chown opendkim /etc/dkim-domains.txt

I got information from here https://virtualmin.com/node/36456

It seems working but Is this ok for now?

thanks

Tue, 03/10/2015 - 11:03
andreychek

Howdy,

Yeah that's a good solution -- we're looking into a long-term fix for that.

-Eric

Wed, 03/11/2015 - 00:55
tommmy

ok, thank Eric

Wed, 06/10/2015 - 17:12
7stars

well, the problem seems to be that postfix starts before the dkim-milter? Can you confirm?

BECAUSE...

1) the directory /var/run/dkim-milter was not there...

2) at first I tried to create it manually

mkdir /var/run/dkim-milter
chown dkim-milter:dkim-milter /var/run/dkim-milter

but at the reboot it got deleted ! (why?)

3) so i put that in the script and @reboot /path/to/script.sh from crontab

4) after the reboot the directory was there...

5) BUT the dkim-milter didn't start properly service Active: activating... and also dkim-filter[1133]: can't write pid to /var/run/dkim-milter/dkim-milter.pid: No such file or directory

6) I tried to save again with Virtualmin DomainKeys Identified Mail

7) again failed to start because of dkim-filter[4671]: Sendmail DKIM Filter: Unable to bind to port inet:8891@localhost: Address already in use the PID 1133 was still there...

8) I had to kill the PID 1133

9)

service dkim-milter stop
service dkim-milter start
service postfix restart

and now is active running... the dkim-milter.pid is regularly inside the /var/run/dkim-milter directory

who's able to explain what's the issue here? Do I need to do all this at any reboot OR how to avoid this stuff? thank you

Wed, 06/10/2015 - 17:18 (Reply to #15)
Lucrian

Hi 7stars,

I don't know why that folder is deleted at every reboot. My solution probably isn't the best, but is working for me.

For you... I have one more suggestion :)

  1. disable auto-start postfix

  2. at the end of the cron script, start postfix

Maybe this will work fine for you.

Wed, 06/10/2015 - 17:15
7stars

maybe when you save in "DomainKeys Identified Mail" should you do

service dkim-milter stop
service dkim-milter start
service postfix restart

?

maybe this the issue with Centos 7 ? I would know if I can avoid to do those steps every time... I hope...

Wed, 06/10/2015 - 17:57
7stars

unfortunately the same...

apart from the fact that at the end of the script I wrote service postfix start but it didn't start... why? can't be started from the sh script in that way?

then, the problem is always a bad PID which is there to do nothing dkim-filter[2070]: can't write pid to /var/run/dkim-milter/dkim-milter.pid: No such file or directory

again, I had to kill that 2070 and go on with service stop/start postfix start or restart...

please, andreychek or Jamie.. can you help to avoid to do this any time? thanks

Wed, 06/10/2015 - 18:09
7stars

I found that in dkim-filter.conf

# BaseDirectory /var/run/dkim-filter

so the BaseDirectory is commented with #...

maybe the issue?

Wed, 06/10/2015 - 18:59
7stars

well, on my server was /usr/bin/service

it's the same.. to get it working at every boot I have to do:

1) no need to manually start postfix (so apparently the start order is not related to this issue)

2)

service dkim-milter status

3) check the bad PID

4) kill PID

5)

service dkim-milter stop
service dkim-milter start
service postfix restart

and with this it's working as usual. And also the Virtualmin Save works....

anyway, I didn't try to uncomment "BaseDirectory"...

if I can avoid to do this at every boot is really appreciated (even if I reboot a few in a long time...)

thanks

Wed, 06/10/2015 - 23:36 (Reply to #20)
Lucrian

You may try to see what's happening. If is not good, you may comment it back.

if you need to stop and start many processes, add then in script.

First of all, disable auto-start those services. If you don't disable auto-start at reboot, it will not work. Disable postfix and dkim-milter

At the end of the script use:

systemctl start dkim-milter
systemctl start postfix
Thu, 06/11/2015 - 04:26 (Reply to #21)
7stars

Lucrian, maybe you're right.. 'cause if that directory is deleted at reboot, maybe the dkim-milter starts before the directory creation... and so that PID behaves badly... we should understand why that directory is deleted.

i will do it...

how is your /etc/mail/dkim-milter/dkim-filter.conf ? thanks

Thu, 06/11/2015 - 16:58 (Reply to #22)
Lucrian

The most of file is commented, except:

KeyFile /etc/dkim.key
KeyList /etc/mail/dkim-milter/keys/keylist
Selector qwerty
SocketĀ  local:/var/run/dkim-milter/dkim-milter.sock
Thu, 06/11/2015 - 06:25
Diabolico
Diabolico's picture

If you are on Centos 7 remove DKIM-Milter and install OpenDKIM what is actually his successor. DKIM-Milter is several years old and obsolete software. Even if you are on Centos 6 you can install and use OpenDKIM without any problem.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 06/11/2015 - 09:37 (Reply to #24)
7stars

Diabolico, really it works fine... the only problem is to understand why guys at Virtualmin didn't have a look at the .conf ...if the generic conf was good or bad...

IF the commented BaseDirectory is a problem... and why that directory /var/run/dkim-milter is not there at boot..

then, it does its work as usual... I don't think that ATM I need to change the software for such a reason...the workaround is there but I think that's something on the conf...

Honestly, I can't reboot the server many times just to test this... maybe i will test it on local

Thu, 06/11/2015 - 11:12
7stars

so, in the virtualbox ...installing Virtualmin, for CentOS 7 now it installs opendkim by default

I have all updated on my server, even Virtualmin...

it means that if I remove dkim-milter then if I go to DomainKeys Identified Mail, it installs opendkim instead of dkim-milter?

Thu, 06/11/2015 - 11:42
7stars

was so easy... but since no updates by andreychek on this topic I lost time...

it was enough to

service dkim-milter stop
yum remove dkim-milter

and going to "DomainKeys Identified Mail" the last Virtualmin version installs opendkim now.

No problems at all. Kind regards

p.s.: remember that if you do this, you have to update the DKIM TXT record for any external domain (those on remote DNS servers) 'cause the new generated key is different. Sorry andreychek, I didn't see this on 4.16 changelog... "Fixed bugs setting up OpenDKIM on CentOS 7 systems."

Thu, 06/11/2015 - 11:37
Diabolico
Diabolico's picture

it means that if I remove dkim-milter then if I go to DomainKeys Identified Mail, it installs opendkim instead of dkim-milter? Yes. But you could do this by yourself long time ago and not wait for Virtualmin to change this for Centos 7 (on Centos 6 is still DKIM-Milter last time i check). I said same thing before 4 months. Doesnt make sense to install old and obsolete software on new OS like Centos 7.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 06/11/2015 - 11:46 (Reply to #28)
7stars

Diabolico, thank you. Honestly, I wasn't even aware of this issue 'cause I didn't notice any anomaly with the mail server, all the emails were successfully sent.

as already stated "I didn't see this on Virtualmin 4.16 changelog... "Fixed bugs setting up OpenDKIM on CentOS 7 systems."

thanks, bye bye lol

Thu, 06/11/2015 - 15:27
7stars

installing the opendkim on CentOS 7, if you're running Spamassassin you can find this issue on maillog https://bugzilla.redhat.com/show_bug.cgi?id=1200167

do steps on Comment 29...

;-) bye

Thu, 04/11/2019 - 15:05
ramarao

how to fix

service dkim-milter start Starting DomainKeys Identified Mail Milter (dkim-filter): dkim-filter: no such group `dkim-milter' [FAILED]