Milter 应用程序错误 Postfix 电子邮件服务器

Milter 应用程序错误 Postfix 电子邮件服务器

我正在尝试使用 opendkim 在我的电子邮件服务器上对电子邮件进行签名,但遇到了一个似乎无法修复的错误。我收到的错误是:warning: milter local:opendkim/opendkim.sock: can't read SMFIC_BODY reply packet header: Application error

我尝试在 中将SOCKET值设置为inet:8891@localhost(和 8892) /etc/opendkim.conf,并在 postfix 配置文件中将值设置为inet:127.0.0.1:8891。这没有帮助。我也尝试降低,milter_protocol但这也没有帮助。

我也尝试了旧etc/default/opendkim文件的几种不同版本,但现在我已将所有内容注释掉,但没有任何变化。我的防火墙中已打开 TCP/UDP 端口:53。

相关配置文件:

# /etc/postfix/main.cf

milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters
# /etc/opendkim.conf
# This is a basic configuration for signing and verifying. It can easily be
# adapted to suit a basic installation. See opendkim.conf(5) and
# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
# documentation of available configuration parameters.

# Log to syslog
Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes

# Common signing and verification parameters. In Debian, the "From" header is
# oversigned, because it is often the identity key used by reputation systems
# and thus somewhat security sensitive.
Canonicalization        relaxed/simple
Mode                    sv
SubDomains              no
OversignHeaders         From

AutoRestart             yes
AutoRestartRate         10/1M
Background              yes
DNSTimeout              5
SignatureAlgorithm      rsa-sha256

# Signing domain, selector, and key (required). For example, perform signing
# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
# using the private key stored in /etc/dkimkeys/example.private. More granular
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
#Domain                 example.com
#Selector               2020
#KeyFile                /etc/dkimkeys/example.private

# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID                  opendkim
UMask                   007

# Map domains in From address to keys used to sign messages
KeyTable                refile:/etc/opendkim/key.table
SigningTable            refile:/etc/opendkim/signing.table

# Hosts to ignore when verifying signatures
ExternalIgnoreList      /etc/opendkim/trusted.hosts

# A set of internal hosts whose mail should be signed
InternalHosts           /etc/opendkim/trusted.hosts

# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
# it must be ensured that the socket is accessible. In Debian, Postfix runs in
# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
# configured as shown on the last line below.
#Socket                 inet:8891@localhost
#Socket                 inet:8891
Socket                  local:/var/spool/postfix/opendkim/opendkim.sock

PidFile                 /run/opendkim/opendkim.pid

# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
# OPERATION section of opendkim(8) for more information.
#InternalHosts          192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
# by the package dns-root-data.
TrustAnchorFile         /usr/share/dns/root.key
#Nameservers            127.0.0.1
# /etc/default/opendkim --- legacy
# NOTE: This is a legacy configuration file. It is not used by the opendkim
# systemd service. Please use the corresponding configuration parameters in
# /etc/opendkim.conf instead.
#
# Previously, one would edit the default settings here, and then execute
# /lib/opendkim/opendkim.service.generate to generate systemd override files at
# /etc/systemd/system/opendkim.service.d/override.conf and
# /etc/tmpfiles.d/opendkim.conf. While this is still possible, it is now
# recommended to adjust the settings directly in /etc/opendkim.conf.
#
#DAEMON_OPTS=""
# Change to /var/spool/postfix/run/opendkim to use a Unix socket with
# postfix in a chroot:
#RUNDIR=/var/spool/postfix/run/opendkim
#RUNDIR=/run/opendkim
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
# default:
#SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"

# listen on all interfaces on port 54321:
#SOCKET=inet:54321
# listen on loopback on port 12345:
#SOCKET=inet:8891@localhost
# listen on 192.0.2.1 on port 12345:
#SOCKET=inet:[email protected]
#USER=opendkim
#GROUP=opendkim
#PIDFILE=$RUNDIR/$NAME.pid
#EXTRAAFTER=

是什么导致了这个错误?还有什么地方我还没检查过吗?

答案1

从您的评论中:

warning: milter inet:127.0.0.1:8891: can't read SMFIC_BODY reply packet header: Application error

这意味着 Postfix 可以连接到端口 8891。但是,它没有收到有效的响应。

所以,某物必须在端口 8891 上监听。尽管可能不是一个更温和的程序。

确保您在 Postfix 的配置中、在 OpenDKIM 的配置中一致地配置您的服务、端口 8891(或其他),然后检查 opendkim 进程确实正确启动并监听端口 8891。检查日志。

相关内容