use*_*846 6 ubuntu postfix sendmail dkim ubuntu-20.04
我有两个后缀,一个用于接收邮件,另一个用于发送邮件,但我在外发邮件上签署 dkim 时遇到问题。我按照这个教程进行了操作。
\n日志也不能帮助我指出主要问题。OpenDKIM 运行良好:
\n\xe2\x97\x8f opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter\n Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)\n Active: active (running) since Fri 2021-06-18 17:39:40 UTC; 4s ago\n Docs: man:opendkim(8)\n man:opendkim.conf(5)\n man:opendkim-genkey(8)\n man:opendkim-genzone(8)\n man:opendkim-testadsp(8)\n man:opendkim-testkey\n http://www.opendkim.org/docs.html\n Process: 246310 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=0/SUCCESS)\n Main PID: 246321 (opendkim)\n Tasks: 7 (limit: 4681)\n Memory: 2.8M\n CGroup: /system.slice/opendkim.service\n \xe2\x94\x9c\xe2\x94\x80246321 /usr/sbin/opendkim -x /etc/opendkim.conf\n \xe2\x94\x94\xe2\x94\x80246322 /usr/sbin/opendkim -x /etc/opendkim.conf\n\nJun 18 17:39:40 testmailcdo systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...\nJun 18 17:39:40 testmailcdo systemd[1]: Started OpenDKIM DomainKeys Identified Mail (DKIM) Milter.\nJun 18 17:39:40 testmailcdo opendkim[246322]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)\n我的后缀 main.cf:
\nmilter_default_action = accept\nmilter_protocol = 6\n#smtpd_milters = inet:localhost:8891\nsmtpd_milters = local:opendkim/opendkim.sock\nnon_smtpd_milters = $smtpd_milters\nmaster.cf:
\nsmtp inet n - y - - smtpd\n#smtp inet n - y - 1 postscreen\n#smtpd pass - - y - - smtpd\n#dnsblog unix - - y - 0 dnsblog\n#tlsproxy unix - - y - 0 tlsproxy\nsubmission inet n - y - - smtpd\n -o syslog_name=postfix/submission\n -o smtpd_tls_security_level=may\n -o smtpd_sasl_auth_enable=yes\n# -o smtpd_tls_wrappermode=no\n# -o smtpd_tls_auth_only=yes\n -o smtpd_enforce_tls=yes\n# -o smtpd_reject_unlisted_recipient=no\n# -o smtpd_client_restrictions=$mua_client_restrictions\n# -o smtpd_helo_restrictions=$mua_helo_restrictions\n# -o smtpd_sender_restrictions=$mua_sender_restrictions\n# -o smtpd_recipient_restrictions=$smtpauth_recipient_restrictions\n# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n -o smtpd_client_restrictions=\n -o smtpd_sender_restrictions=\n -o smtpd_sasl_tls_security_options=noanonymous\nopendkim.conf:
\n# This is a basic configuration that can easily be adapted to suit a standard\n# installation. For more advanced options, see opendkim.conf(5) and/or\n# /usr/share/doc/opendkim/examples/opendkim.conf.sample.\n\n# Log to syslog\nSyslog yes\n# Required to use local socket with MTAs that access the socket as a non-\n# privileged user (e.g. Postfix)\nUMask 007\n\n# Sign for example.com with key in /etc/dkimkeys/dkim.key using\n# selector \'2007\' (e.g. 2007._domainkey.example.com)\n#Domain testmailcdo.apolloglobal.net\n#KeyFile /etc/dkimkeys/dkim.key\n#Selector mail1\n\n# Commonly-used options; the commented-out versions show the defaults.\nCanonicalization relaxed/relaxed\nMode sv\nSubDomains no\n\nAutoRestart yes\nAutoRestartRate 10/1M\nBackground yes\nDNSTimeout 5\nSignatureAlgorithm rsa-sha256\n\n# Socket smtp://localhost\n#\n# ## Socket socketspec\n# ##\n# ## Names the socket where this filter should listen for milter connections\n# ##\n# ## Names the socket where this filter should listen for milter connections\n# ## from the MTA. Required. Should be in one of these forms:\n# ##\n# ## inet:port@address to listen on a specific interface\n# ## inet:port to listen on all interfaces\n# ## local:/path/to/socket to listen on a UNIX domain socket\n#\n#Socket inet:8891@localhost\n#Socket local:/var/spool/postfix/opendkim/opendkim.sock\n#Socket local:/var/spool/postfix/opendkim/opendkim.sock\nSocket local:/var/spool/postfix/opendkim/opendkim.sock\n## PidFile filename\n### default (none)\n###\n### Name of the file where the filter should write its pid before beginning\n### normal operations.\n#\nPidFile /var/run/opendkim/opendkim.pid\n\n\n# Always oversign From (sign using actual From and a null From to prevent\n# malicious signatures header fields (From and/or others) between the signer\n# and the verifier. From is oversigned by default in the Debian pacakge\n# because it is often the identity key used by reputation systems and thus\n# somewhat security sensitive.\nOversignHeaders From\n\n## ResolverConfiguration filename\n## default (none)\n##\n## Specifies a configuration file to be passed to the Unbound library that\n##\n## Specifies a configuration file to be passed to the Unbound library that\n## performs DNS queries applying the DNSSEC protocol. See the Unbound\n## documentation at http://unbound.net for the expected content of this file.\n## The results of using this and the TrustAnchorFile setting at the same\n## time are undefined.\n## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested\n## unbound package\n\n# ResolverConfiguration /etc/unbound/unbound.conf\n\n## TrustAnchorFile filename\n## default (none)\n##\n## Specifies a file from which trust anchor data should be read when doing\n## DNS queries and applying the DNSSEC protocol. See the Unbound documentation\n## at http://unbound.net for the expected format of this file.\n\nTrustAnchorFile /usr/share/dns/root.key\n\n## Userid userid\n### default (none)\n###\n### Change to user "userid" before starting normal operation? May include\n### a group ID as well, separated from the userid by a colon.\n#\nUserID opendkim\n# Map domains in From addresses to keys used to sign messages\nKeyTable refile:/etc/opendkim/key.table\nSigningTable refile:/etc/opendkim/signing.table\n\n# Hosts to ignore when verifying signatures\nExternalIgnoreList /etc/opendkim/trusted.hosts\n\n# A set of internal hosts whose mail should be signed\nInternalHosts /etc/opendkim/trusted.hosts\n发送邮件时的日志影响trusted.hosts
Jun 18 18:14:08 testmailcdo postfix/submission/smtpd[247218]: connect from unknown[202.60.9.10]\nJun 18 18:14:08 testmailcdo postfix/submission/smtpd[247218]: 6D0D413C124: client=unknown[202.60.9.10]\nJun 18 18:14:08 testmailcdo postfix/cleanup[247221]: 6D0D413C124: message-id=<4beaf35a08d40fa7f8f746ab309b8436@poultrymax.com>\nJun 18 18:14:08 testmailcdo postfix/qmgr[246787]: 6D0D413C124: from=<testmenard@poultrymax.com>, size=601, nrcpt=1 (queue active)\nJun 18 18:14:08 testmailcdo postfix/submission/smtpd[247218]: disconnect from unknown[202.60.9.10] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5\nJun 18 18:14:10 testmailcdo postfix/smtp[247222]: 6D0D413C124: to=<potapo183@gmail.com>, relay=gmail-smtp-in.l.google.com[142.250.157.26]:25, delay=1.8, delays=0.06/0/0.82/0.97, dsn=2.0.0, status=sent (250 2.0.0 OK 1624040055 p7si10315751pjl.99 - gsmtp)\nJun 18 18:14:10 testmailcdo postfix/qmgr[246787]: 6D0D413C124: removed\nls -l /var/spool/postfix/opendkim/opendkim.sock输出:
srwxrwx--- 1 opendkim opendkim 0 Jun 18 17:39 /var/spool/postfix/opendkim/opendkim.sock\n我真的迷失了。任何建议和帮助将不胜感激!
\n你的模式有错误opendkim.sock。这些是0770按rwx所有者,rwx按组,对于其他人来说没有任何内容,其中所有者是opendkim,组是opendkim,但是Postfix经常以postfix:mail这样的方式运行或类似的东西,所以它属于“其他”类别并且不允许访问。您应该在 Postfix 日志中找到对此的提及(在 Debian 中我们会查看/var/log/mail.err)。
另请注意,chown您所做的是作用于包含套接字的目录,而不是套接字本身,因此它还不够。
尝试将其设置0777为opendkim.sock一次性测试解决方案:
chmod 0777 /var/spool/postfix/opendkim/opendkim.sock
如果有帮助,我们就走在正确的道路上。OpenDKIM 在每次重新启动时都会使用以前的模式重新创建套接字,因此模式将重置,这就是为什么此解决方案是一次性的。为了使其持久化,请将用户(或在其下运行的postfix任何帐户)添加到组中,因此第二个“7”将应用于它(允许组访问):smtpdopendkim
gpasswd -a postfix opendkim
或者(例如,如果smtpd在 下运行nobody),您可以稍微更改 OpenDKIM 的启动脚本,以便它在套接字创建后设置模式0777。
| 归档时间: |
|
| 查看次数: |
1559 次 |
| 最近记录: |