大量 OpenDKIM 问题

tag-icon tag-icon postfix debian-stretch opendkim raspbian
大量 OpenDKIM 问题

我终其一生都无法让 OpenDKIM 正常工作。我可以用 postfix 和 roundcube 正常收发邮件。我尝试了很多方法让它正常工作。目前,我没有收到任何错误,但 OpenDKIM 未对邮件进行签名。我已经尝试了此网站上能找到的所有方法。

这是我的main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Raspbian) This is not an open relay.
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

policyd-spf_time_limit = 3600

milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non-smtpd_milters = unix:/var/run/opendkim/opendkim.sock

# TLS parameters
smtpd_tls_cert_file = /root/fullchain.pem
smtpd_tls_key_file = /root/privkey.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 2

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes


smtpd_relay_restrictions =
  # subject even authenticated users and trusted networks
  # to the policy check
  #check_policy_service inet:127.0.0.1:10031
  permit_mynetworks
  reject_unknown_sender_domain
  permit_sasl_authenticated
  defer_unauth_destination

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  check_policy_service unix:private/policyd-spf,
  # we exclude our networks and SASL authenticated users
  # from all further checks.
  # since I don't know if the policy service is relevant
  # for unauthenticated mail, I commented it out here
  # check_policy_service inet:127.0.0.1:10031
  warn_if_reject reject_non_fqdn_hostname
  warn_if_reject reject_non_fqdn_sender
  reject_invalid_hostname
  reject_unknown_sender_domain

smtpd_data_restrictions = reject_unauth_pipelining

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.smbecker.tk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost =
mynetworks = 10.0.0.0/8 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

inet_protocols = ipv4

这是我的 opendkim.conf:

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

# Map domains in From addresses to keys used to sign messages
KeyTable                /etc/opendkim/key.table
SigningTable            /etc/opendkim/signing.table

# Hosts to ignore when verifying signatures
ExternalIgnoreList      /etc/opendkim/trusted.hosts
InternalHosts           /etc/opendkim/trusted.hosts


# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain                 example.com
#KeyFile                /etc/dkimkeys/dkim.key
#Selector               2007

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization       simple
Mode                    sv
SubDomains              no

AutoRestart             yes
AutoRestartRate         10/1m
Background              yes
DNSTimeout              5
SignatureAlgorithm      rsa-sha256

# Socket smtp://localhost
#
# ##  Socket socketspec
# ##
# ##  Names the socket where this filter should listen for milter connections
# ##  from the MTA.  Required.  Should be in one of these forms:
# ##
# ##  inet:port@address           to listen on a specific interface
# ##  inet:port                   to listen on all interfaces
# ##  local:/path/to/socket       to listen on a UNIX domain socket
#
#Socket                  inet:8892@localhost
Socket                  local:/var/spool/postfix/var/run/opendkim/opendkim.sock

##  PidFile filename
###      default (none)
###
###  Name of the file where the filter should write its pid before beginning
###  normal operations.
#
PidFile               /var/spool/postfix/var/run/opendkim/opendkim.pid


# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

##  ResolverConfiguration filename
##      default (none)
##
##  Specifies a configuration file to be passed to the Unbound library that
##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
##  documentation at http://unbound.net for the expected content of this file.
##  The results of using this and the TrustAnchorFile setting at the same
##  time are undefined.
##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
##  unbound package

# ResolverConfiguration     /etc/unbound/unbound.conf

##  TrustAnchorFile filename
##      default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile       /usr/share/dns/root.key

##  Userid userid
###      default (none)
###
###  Change to user "userid" before starting normal operation?  May include
###  a group ID as well, separated from the userid by a colon.
#
UserID                opendkim

这是我的 /etc/systemd/system/multi-user.target.wants/opendkim.service(我必须进行编辑才能使 opendkim.sock 和 opendkim.pid 显示出来并能够摆脱后缀错误)

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/spool/postfix/var/run/opendkim/opendkim.pid
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

键.表:

smbecker.tk smbecker.tk:YYYYMM:/etc/opendkim/keys/smbecker.tk.private

签名表:

*@smbecker.tk smbecker.tk

我进行了大量编辑并检查所有者和权限,直到现在才消除了 milter 连接错误(未找到和拒绝)。每次重新启动 opendkim 时,opendkim.pid 都会更改为 root 所有权,但即使我执行 chown 和 chmod 将其赋予 opendkim 并使用 0777,我仍然会得到相同的结果。消息未签名:

DKIM Information:
DKIM Signature

This message does not contain a DKIM Signature

我正在使用 Raspian-Stretch。我的 Postfix、Dovecot 和 Roundcube 都可以使用,并且我通过 Roundcube 发送电子邮件。所有外发电子邮件都应该有 DKIM 签名,但是没有。

请求的 mail.log:

Jan 10 18:35:34 raspberrypi postfix[23526]: Postfix is running with backwards-compatible default settings
Jan 10 18:35:34 raspberrypi postfix[23526]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 18:35:34 raspberrypi postfix[23526]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 18:35:34 raspberrypi postfix/postfix-script[23533]: stopping the Postfix mail system
Jan 10 18:35:34 raspberrypi postfix/master[23241]: terminating on signal 15
Jan 10 18:35:35 raspberrypi postfix[23602]: Postfix is running with backwards-compatible default settings
Jan 10 18:35:35 raspberrypi postfix[23602]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 18:35:35 raspberrypi postfix[23602]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 18:35:37 raspberrypi postfix/postfix-script[23709]: starting the Postfix mail system
Jan 10 18:35:37 raspberrypi postfix/master[23711]: daemon started -- version 3.1.8, configuration /etc/postfix
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: initializing the server-side TLS engine
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:35:44 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:35:57 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23761, TLS, session=<BPvl4CN/TKcKZGQB>
Jan 10 18:35:57 raspberrypi dovecot: imap([email protected]): Logged out in=32 out=479
Jan 10 18:35:57 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23763, TLS, session=<+Ezu4CN/TqcKZGQB>
Jan 10 18:35:58 raspberrypi dovecot: imap([email protected]): Logged out in=44 out=675
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:36:14 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:36:15 raspberrypi dovecot: imap([email protected]): Connection closed in=133 out=1271
Jan 10 18:36:16 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23767, TLS, session=<D+YD4iN/IrcKZGQB>
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: initializing the server-side TLS engine
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: connect from unknown[10.100.100.1]
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: 4630CDDC30: client=unknown[10.100.100.1]
Jan 10 18:36:21 raspberrypi postfix/cleanup[23770]: 4630CDDC30: message-id=<[email protected]>
Jan 10 18:36:21 raspberrypi postfix/qmgr[23713]: 4630CDDC30: from=<[email protected]>, size=492, nrcpt=1 (queue active)
Jan 10 18:36:21 raspberrypi postfix/smtpd[23768]: disconnect from unknown[10.100.100.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jan 10 18:36:21 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23773, TLS, session=<4MZZ4iN/WqcKZGQB>
Jan 10 18:36:21 raspberrypi dovecot: imap([email protected]): Logged out in=351 out=635
Jan 10 18:36:21 raspberrypi postfix/smtp[23771]: 4630CDDC30: to=<[email protected]>, relay=31045262.in1.mandrillapp.com[54.245.105.162]:25, delay=0.73, delays=0.13/0.05/0.37/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CBAA421FF4)
Jan 10 18:36:21 raspberrypi postfix/qmgr[23713]: 4630CDDC30: removed
Jan 10 18:36:22 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23775, TLS, session=<5Wtr4iN/XqcKZGQB>
Jan 10 18:36:23 raspberrypi dovecot: imap([email protected]): Logged out in=44 out=675
Jan 10 18:36:24 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23778, TLS, session=<0op+4iN/YKcKZGQB>
Jan 10 18:36:24 raspberrypi dovecot: imap([email protected]): Logged out in=120 out=850
Jan 10 18:36:24 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=23779, TLS, session=<EDaC4iN/YqcKZGQB>
Jan 10 18:36:24 raspberrypi dovecot: imap([email protected]): Logged out in=292 out=2438
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:36:44 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: connect from unknown[10.100.0.3]
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 18:37:14 raspberrypi postfix/smtpd[23721]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1

来自 10.100.0.3 的连接是 Mikrotik Dude 服务器,它只探测服务和设备,因此可以忽略。如您所见,日志中目前没有错误,但我也没有看到任何有关 DKIM 的信息。

改回 DKIM 后,邮件日志会重新启动:

Jan 10 20:28:49 raspberrypi postfix[25666]: Postfix is running with backwards-compatible default settings
Jan 10 20:28:49 raspberrypi postfix[25666]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 20:28:49 raspberrypi postfix[25666]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 20:28:49 raspberrypi postfix/postfix-script[25672]: stopping the Postfix mail system
Jan 10 20:28:49 raspberrypi postfix/master[25566]: terminating on signal 15
Jan 10 20:28:50 raspberrypi postfix[25741]: Postfix is running with backwards-compatible default settings
Jan 10 20:28:50 raspberrypi postfix[25741]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jan 10 20:28:50 raspberrypi postfix[25741]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jan 10 20:28:52 raspberrypi postfix/postfix-script[25849]: starting the Postfix mail system
Jan 10 20:28:52 raspberrypi postfix/master[25851]: daemon started -- version 3.1.8, configuration /etc/postfix
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: initializing the server-side TLS engine
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:29:14 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:29:24 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=25869, TLS, session=<J66gdiV/bKkKZGQB>
Jan 10 20:29:24 raspberrypi dovecot: imap([email protected]): Logged out in=90 out=896
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:29:44 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:30:14 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1
Jan 10 20:30:24 raspberrypi dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=10.100.100.1, lip=10.100.0.150, mpid=25925, TLS, session=<dlcxeiV/cKkKZGQB>
Jan 10 20:30:24 raspberrypi dovecot: imap([email protected]): Logged out in=90 out=896
Jan 10 20:30:29 raspberrypi opendkim[25654]: OpenDKIM Filter: mi_stop=1
Jan 10 20:30:29 raspberrypi opendkim[25654]: OpenDKIM Filter v2.11.0 terminating with status 0, errno = 0
Jan 10 20:30:29 raspberrypi opendkim[25934]: OpenDKIM Filter v2.11.0 starting (args: -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock)
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: connect from unknown[10.100.0.3]
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: lost connection after EHLO from unknown[10.100.0.3]
Jan 10 20:30:44 raspberrypi postfix/smtpd[25864]: disconnect from unknown[10.100.0.3] ehlo=1 commands=1

另外 ps -aux | grep opendkim

opendkim 25933  0.0  0.3  14884  2976 ?        Ss   20:30   0:00 /usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
opendkim 25934  0.0  0.6  59044  5804 ?        Sl   20:30   0:00 /usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sock
root     26283  0.0  0.0   4376   576 pts/0    S+   20:52   0:00 grep opendkim

发送电子邮件时的 TCPDUMP:

listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
17:52:44.828861 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [S], seq 3182105441, win 43690, options [mss 65495,sackOK,TS val 3741998642 ecr 0,nop,wscale 7], length 0
17:52:44.828938 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [S.], seq 435085374, ack 3182105442, win 43690, options [mss 65495,sackOK,TS val 3741998642 ecr 3741998642,nop,wscale 7], length 0
17:52:44.829036 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [.], ack 1, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 0
17:52:44.829290 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 1:18, ack 1, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 17
17:52:44.829596 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [P.], seq 1:18, ack 18, win 342, options [nop,nop,TS val 3741998642 ecr 3741998642], length 17
17:52:44.829749 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 18:122, ack 18, win 342, options [nop,nop,TS val 3741998643 ecr 3741998642], length 104
17:52:44.829912 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [P.], seq 18:23, ack 122, win 342, options [nop,nop,TS val 3741998643 ecr 3741998643], length 5
17:52:44.831489 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [P.], seq 122:138, ack 23, win 342, options [nop,nop,TS val 3741998644 ecr 3741998643], length 16
17:52:44.831571 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [F.], seq 138, ack 23, win 342, options [nop,nop,TS val 3741998644 ecr 3741998643], length 0
17:52:44.832194 IP 127.0.0.1.8892 > 127.0.0.1.33124: Flags [F.], seq 23, ack 139, win 342, options [nop,nop,TS val 3741998645 ecr 3741998644], length 0
17:52:44.832271 IP 127.0.0.1.33124 > 127.0.0.1.8892: Flags [.], ack 24, win 342, options [nop,nop,TS val 3741998645 ecr 3741998645], length 0
17:53:13.817007 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [S], seq 2310383764, win 43690, options [mss 65495,sackOK,TS val 3742027630 ecr 0,nop,wscale 7], length 0
17:53:13.817082 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [S.], seq 2557593622, ack 2310383765, win 43690, options [mss 65495,sackOK,TS val 3742027630 ecr 3742027630,nop,wscale 7], length 0
17:53:13.817156 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 1, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 0
17:53:13.817363 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1:18, ack 1, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 17
17:53:13.817401 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 18, win 342, options [nop,nop,TS val 3742027630 ecr 3742027630], length 0
17:53:13.817704 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 1:18, ack 18, win 342, options [nop,nop,TS val 3742027631 ecr 3742027630], length 17
17:53:13.818019 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 18:23, ack 124, win 342, options [nop,nop,TS val 3742027631 ecr 3742027631], length 5
17:53:13.860290 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 23, win 342, options [nop,nop,TS val 3742027673 ecr 3742027631], length 0
17:53:14.068860 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 124:407, ack 23, win 342, options [nop,nop,TS val 3742027882 ecr 3742027631], length 283
17:53:14.069221 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 23:28, ack 407, win 350, options [nop,nop,TS val 3742027882 ecr 3742027882], length 5
17:53:14.069275 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 28, win 342, options [nop,nop,TS val 3742027882 ecr 3742027882], length 0
17:53:14.156900 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 407:519, ack 28, win 342, options [nop,nop,TS val 3742027970 ecr 3742027882], length 112
17:53:14.157128 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 28:33, ack 519, win 350, options [nop,nop,TS val 3742027970 ecr 3742027970], length 5
17:53:14.157166 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 33, win 342, options [nop,nop,TS val 3742027970 ecr 3742027970], length 0
17:53:14.203842 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 519:538, ack 33, win 342, options [nop,nop,TS val 3742028017 ecr 3742027970], length 19
17:53:14.250297 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 538, win 350, options [nop,nop,TS val 3742028063 ecr 3742028017], length 0
17:53:14.250369 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 538:595, ack 33, win 342, options [nop,nop,TS val 3742028063 ecr 3742028063], length 57
17:53:14.250405 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 595, win 350, options [nop,nop,TS val 3742028063 ecr 3742028063], length 0
17:53:14.250693 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 33:38, ack 595, win 350, options [nop,nop,TS val 3742028064 ecr 3742028063], length 5
17:53:14.250722 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 38, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 0
17:53:14.250877 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 595:648, ack 38, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 53
17:53:14.251112 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 648:686, ack 43, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 38
17:53:14.251234 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 43:48, ack 686, win 350, options [nop,nop,TS val 3742028064 ecr 3742028064], length 5
17:53:14.251334 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 686:748, ack 48, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 62
17:53:14.251458 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 48:53, ack 748, win 350, options [nop,nop,TS val 3742028064 ecr 3742028064], length 5
17:53:14.251562 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 748:830, ack 53, win 342, options [nop,nop,TS val 3742028064 ecr 3742028064], length 82
17:53:14.251688 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 53:58, ack 830, win 350, options [nop,nop,TS val 3742028065 ecr 3742028064], length 5
17:53:14.251784 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 830:872, ack 58, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 42
17:53:14.251905 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 58:63, ack 872, win 350, options [nop,nop,TS val 3742028065 ecr 3742028065], length 5
17:53:14.252010 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 872:987, ack 63, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 115
17:53:14.252137 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 63:68, ack 987, win 350, options [nop,nop,TS val 3742028065 ecr 3742028065], length 5
17:53:14.252236 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 987:1044, ack 68, win 342, options [nop,nop,TS val 3742028065 ecr 3742028065], length 57
17:53:14.252577 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 73:78, ack 1115, win 350, options [nop,nop,TS val 3742028066 ecr 3742028065], length 5
17:53:14.252680 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1115:1163, ack 78, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 48
17:53:14.252803 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 78:83, ack 1163, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.252903 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1163:1251, ack 83, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 88
17:53:14.253026 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 83:88, ack 1251, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.253143 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1251:1301, ack 88, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 50
17:53:14.253264 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 88:93, ack 1301, win 350, options [nop,nop,TS val 3742028066 ecr 3742028066], length 5
17:53:14.253351 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1301:1325, ack 93, win 342, options [nop,nop,TS val 3742028066 ecr 3742028066], length 24
17:53:14.264091 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 93:98, ack 1325, win 350, options [nop,nop,TS val 3742028077 ecr 3742028066], length 5
17:53:14.264434 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 1325:4540, ack 98, win 342, options [nop,nop,TS val 3742028077 ecr 3742028077], length 3215
17:53:14.264532 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [.], ack 4540, win 1373, options [nop,nop,TS val 3742028077 ecr 3742028077], length 0
17:53:14.264652 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 98:103, ack 4540, win 1373, options [nop,nop,TS val 3742028078 ecr 3742028077], length 5
17:53:14.264734 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [P.], seq 4540:4564, ack 103, win 342, options [nop,nop,TS val 3742028078 ecr 3742028078], length 24
17:53:14.266378 IP 127.0.0.1.8892 > 127.0.0.1.33126: Flags [P.], seq 103:108, ack 4564, win 1373, options [nop,nop,TS val 3742028079 ecr 3742028078], length 5
17:53:14.310331 IP 127.0.0.1.33126 > 127.0.0.1.8892: Flags [.], ack 108, win 342, options [nop,nop,TS val 3742028123 ecr 3742028079], length 0

^C
75 packets captured
164 packets received by filter
9 packets dropped by kernel

答案1

您的 postfix 是否已 chrooted?如果没有,套接字路径将不匹配。也许可以尝试本地 tcp 端口,通常 opendkim 设置为 8891,因此请 smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = inet:127.0.0.1:8891 在 postfix 的 main.cf 和 opendkim.conf 中进行更改。 Socket inet:[email protected]

这样,您就可以 tcpdump 本地接口并查看 postfix 和 opendkim 之间是否有任何通信。有点奇怪,因为如果 opendkim 收到邮件,您应该在日志中看到一些来自 opendkim 的信息。显然取决于 syslog 的配置方式。如果您重新启动 opendkim,您是否会在此日志中看到任何内容(应该记录一行有关启动的内容),也许 opendkim 日志在另一个文件中。

答案2

在 Sandor Marton 的帮助下,我把一些问题从潜在问题列表中删除了。我在某处看到,refile: 在这里不是必需的,于是修复了其他人的问题:

SigningTable            /etc/opendkim/signing.table

然而,对我来说情况并非如此。我需要将 refile: 放回到 opendkim.conf 中,作为与签名表相关的行。这是使 opendkim 开始实际尝试签署外发电子邮件的新条目。

SigningTable            refile:/etc/opendkim/signing.table

然后我开始看到邮件日志中的密钥的权限错误,我修复了这些错误,现在一切都正常了。

相关内容