我正在关注这个教程集成 opendkim 并签署我的电子邮件,我不太熟悉 ubuntu,但我按照教程配置了一切,但电子邮件发送时没有 dkim 签名,我 3 天都遇到了问题!至于可能的原因,在以下配置中,我已经尝试使用 .sock 文件,但没有成功,所以我切换到 tcp 端口
我的 opendkim 正在运行 systemctl status opendkim
opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-02-08 15:57:47 CET; 13min ago
Docs: man:opendkim(8)
man:opendkim.conf(5)
man:opendkim-genkey(8)
man:opendkim-genzone(8)
man:opendkim-testadsp(8)
man:opendkim-testkey
http://www.opendkim.org/docs.html
Process: 41753 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=0/SUCCESS)
Main PID: 41761 (opendkim)
Tasks: 7 (limit: 19123)
Memory: 5.2M
CGroup: /system.slice/opendkim.service
└─41761 /usr/sbin/opendkim -x /etc/opendkim.conf
Feb 08 15:57:47 vmi995035.contaboserver.net systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...
Feb 08 15:57:47 vmi995035.contaboserver.net systemd[1]: Started OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Feb 08 15:57:47 vmi995035.contaboserver.net opendkim[41761]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)
Feb 08 15:58:05 vmi995035.contaboserver.net opendkim[41761]: E6F8BA010E6: s=verifier201208 d=port25.com a=rsa-sha256 SSL
在 ubuntu 20.04 和 postfix 以及 opendkim 上
我的/etc/opendkim.conf
Syslog yes
UMask 007
Canonicalization relaxed/simple
Mode sv
SubDomains no
Socket inet:8891@localhost
PidFile /run/opendkim/opendkim.pid
OversignHeaders From
UserID opendkim
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
ExternalIgnoreList /etc/opendkim/trusted.hosts
InternalHosts /etc/opendkim/trusted.hosts
我的/etc/opendkim/key.table
default._domainkey.fluffyksa.com fluffyksa.com:default:/etc/opendkim/keys/fluffyksa.com/default.private
我的/etc/opendkim/SigningTable
*@fluffyksa.com default._domainkey.fluffyksa.com
我也尝试过替换,*@fluffyksa.com但@fluffyksa.com没有成功
我的/etc/default/opendkim
RUNDIR=/run/opendkim
SOCKET="inet:8891@localhost"
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=
文件中的 Milter 配置/etc/postfix/main/cf
# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
我的完整/etc/postfix/main.cf
myhostname = vmi995035.contaboserver.net
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.fluffyksa.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.fluffyksa.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
message_size_limit = 52428800
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_note_starttls_offer = yes
smtpd_tls_received_header = yes
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_base = /var/vmail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:private/policyd-spf
我的/etc/opendkim/key.table
default._domainkey.fluffyksa.com fluffyksa.com:default:/etc/opendkim/keys/fluffyksa.com/default.private
我的signing.table
*@fluffyksa.com default._domainkey.fluffyksa.com
我的trusted.hosts
127.0.0.1
localhost
vmi995035.contaboserver.net
mail.fluffyksa.com
*.fluffyksa.com
fluffyksa.com
生成DKIM并将其添加到我的 DNS 后,我进行了测试,这是输出
opendkim-testkey -d fluffyksa.com -s default -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.fluffyksa.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK
测试发送到[email protected]
我得到这个
==========================================================
Summary of Results
==========================================================
SPF check: pass
"iprev" check: pass
DKIM check: none
当我做cat /var/log/mail.log | grep dkim
Feb 8 15:58:05 vmi995035 opendkim[41761]: E6F8BA010E6: s=verifier201208 d=port25.com a=rsa-sha256 SSL
有人能帮助我找出问题吗
更新 1: 使用 thunderbird 邮件客户端从我的域帐户[email protected] 向我的 gmail 帐户发送电子邮件后的 mail.log[email protected]
Feb 8 17:33:23 vmi995035 postfix/smtpd[46943]: connect from unknown[41.69.213.148]
Feb 8 17:33:24 vmi995035 postfix/smtpd[46943]: Anonymous TLS connection established from unknown[41.69.213.148]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: auth client connected (pid=0)
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=173.249.3.187#011rip=41.69.213.148#011secured#011resp=AGFtaXIuaGFyb3VuQGZsdWZmeWtzYS5jb20AV2ViaXRhbGxAbWUyMDEy (previous base64 data may contain sensitive data)
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148): Performing passdb lookup
Feb 8 17:33:24 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8646>: Handling PASSV request
Feb 8 17:33:24 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148): Performing passdb lookup
Feb 8 17:33:24 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148): query: SELECT username AS user,password FROM mailbox WHERE username = '[email protected]' AND active='1'
Feb 8 17:33:24 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148): Finished passdb lookup
Feb 8 17:33:24 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8646>: Finished
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148): Finished passdb lookup
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: auth([email protected],41.69.213.148): Auth request finished
Feb 8 17:33:24 vmi995035 dovecot: auth: Debug: client passdb out: OK#0111#[email protected]#011
Feb 8 17:33:24 vmi995035 postfix/trivial-rewrite[46946]: warning: /etc/postfix/main.cf, line 97: overriding earlier entry: smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Feb 8 17:33:24 vmi995035 postfix/cleanup[46947]: warning: /etc/postfix/main.cf, line 97: overriding earlier entry: smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Feb 8 17:33:24 vmi995035 postfix/smtpd[46943]: D28B7A010E6: client=unknown[41.69.213.148], sasl_method=PLAIN, [email protected]
Feb 8 17:33:25 vmi995035 postfix/cleanup[46947]: D28B7A010E6: message-id=<[email protected]>
Feb 8 17:33:25 vmi995035 postfix/qmgr[45631]: D28B7A010E6: from=<[email protected]>, size=756, nrcpt=1 (queue active)
Feb 8 17:33:25 vmi995035 postfix/smtp[46948]: warning: /etc/postfix/main.cf, line 97: overriding earlier entry: smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Feb 8 17:33:25 vmi995035 postfix/smtp[46948]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[64.233.166.27]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: auth client connected (pid=46949)
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: client passdb out: FAIL#0112#[email protected]
Feb 8 17:33:25 vmi995035 postfix/smtpd[46937]: warning: unknown[45.129.14.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Feb 8 17:33:25 vmi995035 postfix/smtp[46948]: D28B7A010E6: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.166.27]:25, delay=0.78, delays=0.25/0.01/0.13/0.38, dsn=2.0.0, status=sent (250 2.0.0 OK 1707410005 t14-20020a5d42ce000000b0033ae7550864si2006012wrr.348 - gsmtp)
Feb 8 17:33:25 vmi995035 postfix/qmgr[45631]: D28B7A010E6: removed
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=CqDfXuEQX/EpRdWU#011lip=173.249.3.187#011rip=41.69.213.148#011lport=143#011rport=61791#011local_name=mail.fluffyksa.com#011ssl_cipher=TLS_AES_256_GCM_SHA384#011ssl_cipher_bits=256#011ssl_pfs=KxANY#011ssl_protocol=TLSv1.3
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: client passdb out: CONT#0111#011
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: client in: CONT#0111#011AGFtaXIuaGFyb3VuQGZsdWZmeWtzYS5jb20AV2ViaXRhbGxAbWUyMDEy (previous base64 data may contain sensitive data)
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Performing passdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8647>: Handling PASSV request
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Performing passdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): query: SELECT username AS user,password FROM mailbox WHERE username = '[email protected]' AND active='1'
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Finished passdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8647>: Finished
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Finished passdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: auth([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Auth request finished
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: client passdb out: OK#0111#[email protected]#011
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: master in: REQUEST#0113736469505#01146949#0111#011b335251ac595f2163f6d92c2b812ec47#011session_pid=46951#011request_auth_token
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Performing userdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8648>: Handling USER request
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Performing userdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Finished userdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth-worker(5823): Debug: conn unix:auth-worker (pid=5818,uid=115): auth-worker<8648>: Finished
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: sql([email protected],41.69.213.148,<CqDfXuEQX/EpRdWU>): Finished userdb lookup
Feb 8 17:33:25 vmi995035 dovecot: auth: Debug: master userdb out: USER#0113736469505#[email protected]#011maildir=fluffyksa.com/amir.haroun/#011uid=2000#011gid=2000#011auth_token=f1deb285d69a4b3ecc403b4184e71d0e3efb8faf
Feb 8 17:33:25 vmi995035 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=41.69.213.148, lip=173.249.3.187, mpid=46951, TLS, session=<CqDfXuEQX/EpRdWU>
Feb 8 17:33:26 vmi995035 dovecot: imap([email protected])<46951><CqDfXuEQX/EpRdWU>: Logged out in=446 out=600 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Feb 8 17:33:26 vmi995035 postfix/smtpd[46937]: disconnect from unknown[45.129.14.179] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
更新 2:检查输出后,我发现 opendkim 正在处理收到的电子邮件,但不能处理发送的电子邮件journalctl -eu opendkim
:
Feb 08 22:09:05 vmi995035.contaboserver.net opendkim[55515]: 90A13A0125B: verifier.port25.com [34.209.113.130] not internal
Feb 08 22:09:05 vmi995035.contaboserver.net opendkim[55515]: 90A13A0125B: not authenticated
Feb 08 22:09:06 vmi995035.contaboserver.net opendkim[55515]: 90A13A0125B: DKIM verification successful
Feb 08 22:09:06 vmi995035.contaboserver.net opendkim[55515]: 90A13A0125B: s=verifier201208 d=port25.com a=rsa-sha256 SSL
Feb 08 22:10:56 vmi995035.contaboserver.net opendkim[55515]: 5C3B5A0125B: verifier.port25.com [34.209.113.130] not internal
Feb 08 22:10:56 vmi995035.contaboserver.net opendkim[55515]: 5C3B5A0125B: not authenticated
Feb 08 22:10:56 vmi995035.contaboserver.net opendkim[55515]: 5C3B5A0125B: DKIM verification successful
Feb 08 22:10:56 vmi995035.contaboserver.net opendkim[55515]: 5C3B5A0125B: s=verifier201208 d=port25.com a=rsa-sha256 SSL
Feb 08 22:15:47 vmi995035.contaboserver.net opendkim[55515]: B8763A0125B: mail-yb1-f178.google.com [209.85.219.178] not internal
Feb 08 22:15:47 vmi995035.contaboserver.net opendkim[55515]: B8763A0125B: not authenticated
Feb 08 22:15:47 vmi995035.contaboserver.net opendkim[55515]: B8763A0125B: DKIM verification successful
Feb 08 22:15:47 vmi995035.contaboserver.net opendkim[55515]: B8763A0125B: s=20230601 d=gmail.com a=rsa-sha256 SSL
答案1
感谢您的帮助,我发现我错过了 postfix master.cf 中的某些配置,我恢复了正确的配置:
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth