about opendkim service

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
maslakyavuz1
Posts: 6
Joined: Fri Apr 19, 2019 1:28 pm

about opendkim service

Post by maslakyavuz1 »

i have a zimbra server foss edition on ubuntu. It has been running for about a couple of years.
i have got an error since last night in the mail.log;
postfix/dkimmilter/smtpd[17357]: warning: connect to Milter service inet:localhost:8465: Connection refused
postfix/dkimmilter/smtpd[17357]: NOQUEUE: milter-reject: CONNECT from localhost[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
when i check zmcontrol status, i saw openkim and memcache stopped and other services ran.

if i restart the machine, this situation works for a while but then the problem occurs again.

what can be the problem ?
12313jimbo
Advanced member
Advanced member
Posts: 114
Joined: Fri Sep 12, 2014 10:01 pm

Re: about opendkim service

Post by 12313jimbo »

I've got the same issue that just started happening.

Any resolutions for this?
maslakyavuz1
Posts: 6
Joined: Fri Apr 19, 2019 1:28 pm

Re: about opendkim service

Post by maslakyavuz1 »

I changed milter_default_action accept instead of tempfail in the main.cf. But it is a makeshift action.
it must be more appropriate solution. I am waiting for a solution from the forum too.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: about opendkim service

Post by phoenix »

Take a look at this thread (you should alo search the forums before posting) and see if it applies to your server: viewtopic.php?f=15&t=66546
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
12313jimbo
Advanced member
Advanced member
Posts: 114
Joined: Fri Sep 12, 2014 10:01 pm

Re: about opendkim service

Post by 12313jimbo »

Thanks guys!

I was able to solve the issue following the recommendations in this thread:
Take a look at this thread (you should alo search the forums before posting) and see if it applies to your server: viewtopic.php?f=15&t=66546
rodrigoferra
Posts: 18
Joined: Thu Jul 11, 2019 11:11 am

Re: about opendkim service

Post by rodrigoferra »

I was facing the exact same problem, solved with it: https://sebastian.marsching.com/blog/ar ... erver.html
Recently I stumbled across a bug in the OpenDKIM configuration of the Zimbra Collaboration Server.

In ZCS 8.0.3 (Community Edition, but I guess the same applies to the Network Edition), the file /opt/zimbra/conf/opendkim.conf.in specifies the socket that OpenDKIM listens on in the following way:

Socket %%zimbraInetMode%%:8465@[%%zimbraLocalBindAddress%%]

This results in the following socket address of "inet6:8465@[::1]" in the final file (opendkim.conf). However, the Postfix configuration file /opt/zimbra/postfix/conf/master.cf.in specifies the socket as "inet:localhost:8465". This leads to Postfix trying to connect to an IPv4 socket, while OpenDKIM is listening on an IPv6 socket, so that the connection cannot be established.

The fix is quite easy: By changing "%%zimbraInetMode%%:8465@[%%zimbraLocalBindAddress%%]" to "inet:8465@[127.0.0.1]" in opendkim.conf.in and restarting Zimbra, OpenDKIM can be made to listen on an IPv4 socket, so that Postfix can connect again.

The curious thing is, that this bug has already been reported half a year ago and has supposedly been fixed. However, it seems like this fix was only applied to the 9.0 branch of Zimbra and not to Zimbra 8.0.
Thanks to https://sebastian.marsching.com/blog/au ... -Marsching
maslakyavuz1
Posts: 6
Joined: Fri Apr 19, 2019 1:28 pm

Re: about opendkim service

Post by maslakyavuz1 »

What's the result about the service named opendkim ?
i didn't any suspicious crontab file. Also i tried instructions at https://lorenzo.mile.si/zimbra-cve-2019 ... ction/961/ and regarding port 8465 in /opt/zimbra/conf/opendkim.conf.in

i did not able to start opendkim but rebooting the server.

Any advice?

12313jimbo wrote:Thanks guys!

I was able to solve the issue following the recommendations in this thread:
Take a look at this thread (you should alo search the forums before posting) and see if it applies to your server: viewtopic.php?f=15&t=66546
Post Reply