Skip to content
This repository was archived by the owner on Dec 1, 2024. It is now read-only.

How I can add second DKIM for second domain? #108

Open
juan77 opened this issue May 15, 2022 · 10 comments
Open

How I can add second DKIM for second domain? #108

juan77 opened this issue May 15, 2022 · 10 comments

Comments

@juan77
Copy link

juan77 commented May 15, 2022

Hi! First thanks for the dockerized effort :D

I have successfully dockerized for one domain, and now I would like to implement an second domain, and digging it, I found than I need to touch the following file /etc/amavis/conf.d/50-user to add the corresponding second DKIM like:

dkim_key('domain2.com', 'dkim', '/var/lib/dkim/domain2.com.pem');

and then

"domain2.com" => { d => "domain2.com", a => 'rsa-sha256', ttl => 10*24*3600 },

But I found that the file /etc/amavis/conf.d/50-user is not accessible to outside, right? or I missing something?

Have some of us successfully implemented an second domain? Appreciate some tips to solve it. :D

Thanks,
juan.-
@iredmail
Copy link
Owner

Please use /opt/iredmail/custom/amavisd/amavisd.conf instead, also store DKIM keys under /opt/iredmail/custom/amavisd/dkim/.

Docker edition follows our iRedMail Easy "Best Practice": https://docs.iredmail.org/iredmail-easy.best.practice.html

@juan77
Copy link
Author

juan77 commented May 17, 2022

Hi @iredmail!

Thanks for the tip!! and the best practice!

@juan77 juan77 closed this as completed May 17, 2022
@juan77
Copy link
Author

juan77 commented May 19, 2022

hi! I'm back again :(

I have added a custom amavisd.conf in /opt/iredmail/custom/amavisd folder as is:

dkim_key("second_domain.com", "dkim", "/opt/iredmail/custom/amavisd/dkim/second_domain.com.pem");
dkim_key("third_domain.com", "dkim", "/opt/iredmail/custom/amavisd/dkim/third_domain.com.pem");

@dkim_signature_options_bysender_maps = ({
   "second_domain.com"  => { d => "second_domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
   "third_domain.com"  => { d => "third_domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
});

And generated the corresponding pem files with:

amavisd-new genrsa /opt/iredmail/custom/amavisd/dkim/second_domain.com.pem 1024
amavisd-new genrsa /opt/iredmail/custom/amavisd/dkim/second_domain.com.pem 1024

And now when start is spamming all the time the following log

2022-05-19 00:56:33,937 INFO spawned: 'amavisd' with pid 1238
2022-05-19 00:56:34,238 INFO success: amavisd entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2022-05-19 00:56:34,242 INFO exited: amavisd (exit status 13; not expected)

But I don't see what wrong with that config, curious is that if I add an empty amavsid.conf the errors is persisted, but if I delete the amavisd.conf is working back fine.

Any idea?
Thanks,
juan.-

@juan77 juan77 reopened this May 19, 2022
@iredmail
Copy link
Owner

Amavisd logs to /var/log/maillog, please check whether there's more detailed info.

@juan77
Copy link
Author

juan77 commented May 19, 2022

Hi!

I have checked logs, and the output are:

May 19 12:00:05 mail postfix/postfix-script[894]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
May 19 12:00:05 mail postfix/postfix-script[909]: warning: not owned by root: /var/spool/postfix/etc/localtime
May 19 12:00:05 mail postfix/postfix-script[910]: warning: not owned by root: /var/spool/postfix/etc/hosts
May 19 12:00:05 mail postfix/postfix-script[911]: warning: not owned by root: /var/spool/postfix/etc/resolv.conf
May 19 12:00:05 mail postfix/postfix-script[919]: starting the Postfix mail system
May 19 12:00:05 mail postfix/master[920]: daemon started -- version 3.4.13, configuration /etc/postfix
May 19 12:00:05 mail postfix/qmgr[921]: 4L3T1R18skz9lC3: from=<[email protected]>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3XJt07CJz9nlk: from=<[email protected]>, size=7762, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3WWd6dV9z9lCh: from=<[email protected]>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3X9G75Tyz9nS8: from=<[email protected]>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/pickup[922]: 4L3pM93bT4z9ktp: uid=0 from=<[email protected]>
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/cleanup[924]: 4L3pM93bT4z9ktp: message-id=<[email protected]>
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3T1R18skz9lC3: to=<[email protected]>, relay=none, delay=46891, delays=46891/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3pM93bT4z9ktp: from=<[email protected]>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3XJt07CJz9nlk: to=<[email protected]>, relay=none, delay=37976, delays=37976/0.04/0.01/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3WWd6dV9z9lCh: to=<[email protected]>, relay=none, delay=40120, delays=40120/0.04/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/error[938]: 4L3X9G75Tyz9nS8: to=<[email protected]>, relay=none, delay=38371, delays=38371/0.06/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/error[938]: 4L3pM93bT4z9ktp: to=<[email protected]>, relay=none, delay=3.1, delays=3.1/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

Is possible that the port 10026 is causing amavisd to fail?? Because works fine when working with one domain...

Any tips?
Thx in advance!
juan.-

@iredmail
Copy link
Owner

Try to restart amavisd service with command supervisorctl and check the log file immediately. I expect amavis logs something useful for troubleshooting.

@tpimh
Copy link
Contributor

tpimh commented Jun 8, 2022

I just tried to replicate the setup, and it failed as expected. However, no useful info in the logs.

What I did:

  1. Created /opt/iredmail/custom/amavisd/amavisd.conf
  2. Restarted amavisd with supervisorctl restart amavisd

In supervisorctl status, amavisd was showing as "RUNNING" however, it's uptime was always 0:00:00.

In maillog, the following entries were added (I don't think these are related to amavis in any way):

Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max connection rate 1/60s for (submission:141.98.11.23) at Jun  8 09:11:20
Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max connection count 1 for (submission:141.98.11.23) at Jun  8 09:11:20
Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max cache size 1 at Jun  8 09:11:20

To fix this, I removed /opt/iredmail/custom/amavisd/amavisd.conf and restarted amavisd again. It started counting up the seconds of uptime.

Any suggestions how to debug this?

@tpimh
Copy link
Contributor

tpimh commented Jun 10, 2022

I think I have finally solved it with chown root:amavis. Will test again and publish a fix.

@palzino
Copy link

palzino commented Mar 7, 2023

I think I have finally solved it with chown root:amavis. Will test again and publish a fix.

Did you ever find a solution to this issue?

@tpimh
Copy link
Contributor

tpimh commented Mar 9, 2023

Sorry, unfortunately I couldn't find the right solution to this, so never published the actual fix.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@juan77 @tpimh @iredmail @palzino