Mails are not signed with DKIM

11 posts / 0 new
Last post
#1 Tue, 10/15/2019 - 07:26
Vipul.K

Mails are not signed with DKIM

My server is running Ubuntu 18 and I installed a fresh virtualmin on it. I then went on to enable DKIM but there was an error during installation. i fixed those and installed opendkim manually through SSH. Then I enabled outgoing signing and it worked fine. The problem is outgoing mails are not being signed with DKIM. In the /var/log/mail.log I have several lines of

warning: connect to Milter service inet:localhost:8891: Connection refused

I've searched for this error and there are many posts out there but for me they either didn't work or I couldn't understand them. Could someone help me figure out what the issue is here and how can we fix this?

Tue, 10/15/2019 - 10:04
Dibs

Is port 8891 open?

Tue, 10/15/2019 - 16:10
noisemarine

Run netstat -tan.

Do you see a line that looks like:

tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN

Tue, 10/15/2019 - 22:28
Vipul.K

No. I guess the port is not open then? Should I open the port or change something in virtualmin? I have not made any manual firewall changes. Its all been setup by virtualmin.

Wed, 10/16/2019 - 08:19
Dibs

Yes, you'll need to open the port. Either manually or thru Webmin - Networking - Linux Firewall. Doing it manually will show up in the GUI and vice versa. Whatever suits.

I'm not sure enabling DKIM opens the relevant ports automatically. It may do - but in your case having had an error may have prevented that (if that does happen).

Thu, 10/17/2019 - 02:39
noisemarine

You don't have to open anything in your firewall as it only listens on localhost (ie. 127.0.0.1).

First, you should check if opendkim service is running. if it isn't then restart it and try again.

If it is, edit /etc/opendkim.conf. Change it to look like this:

#Socket                 local:/var/run/opendkim/opendkim.sock
Socket                  inet:8891@localhost

Restart the opendkim service.

Thu, 10/17/2019 - 03:10 (Reply to #6)
Dibs

Oops - missed that it was the local loopback address (127.0.0.1). My bad.

Thu, 10/17/2019 - 04:15
Vipul.K

I did that but still no signature in the email and logs show the same error.

Thu, 10/17/2019 - 04:28
Thu, 10/17/2019 - 04:57
Vipul.K

I've ended up in a new problem. I thought I'd disable DKIM signing and enable again to hopefully fix configuration issues. In Email Settings > DKIM, I turned Signing of outgoing emails to "No". It worked. Then I tried to enable it again with option "Yes". It wouldn't turn back on. It doesn't give any errors and says DKIM filter enabled but when I open the previous page again, the option is still set to "No". Am I gonna have to do a fresh installation?

Thu, 11/28/2019 - 01:57
Vipul.K

No solution. I reinstalled the server and its working fine now.