Configuring DKIM over Postfix (iRedMail-1.3.1) in Ubuntu 18.04

Question

In order to have my mail server deliver mail to Microsoft, Gmail and Yahoo users I need to configure DKIM. I am following this Debian guide: https://wiki.debian.org/opendkim.

I wrote a script to do most of the work, though editing of config files I've left to do manually (with opportunities provided). Here's the script:

read mydomain
echo "Enter Selector (e.g. default, 2020, dkim):"
read myselector

echo "Installing opendkim..."
apt install opendkim opendkim-tools
echo "Generating keys..."
mkdir -p /etc/dkimkeys/"$mydomain"
chown -R $USER /etc/dkimkeys/"$mydomain"
#cd /etc/dkimkeys/"$mydomain"
sudo opendkim-genkey -D /etc/dkimkeys/"$mydomain" -d "$mydomain" -s "$myselector"
echo "Check location /etc/dkimkeys/$mydomain for created files. Optional (via SFTP would be best)"
echo "Continue?"
read
echo "Open /etc/opendkim.conf (via SFTP), so you can edit the parameters"
echo "(see https://wiki.debian.org/opendkim)..."
echo "When done, press ENTER"
read
echo "Restarting opendkim..."
systemctl restart opendkim
echo "Open /etc/postfix/main.cf (via SFTP), so you can edit the parameters"
echo "(see https://wiki.debian.org/opendkim)..."
echo "When done, press ENTER"
read
echo "Restarting postfix..."
systemctl reload postfix.
echo "Done! Publish your public key as a TXT record in DNS at $myselector._domainkey.$mydomain."
echo "The generated file /etc/dkimkeys/$mydomain/$myselector.txt contains the record."

After editing the /etc/opendkim.conf file, my Postfix SMTP no longer accepts any connections. Clients cannot connect and using an external checker, I get:

[006.573]    -->    STARTTLS
[006.635]   <--     454 4.3.0 Try again later
[006.636]       STARTTLS command rejected
[006.636]    -->    MAIL FROM:<test@checktls.com>
[006.782]   <--     451 4.7.1 Service unavailable - try again later
[006.782]       Cannot proof email address (reason: MAIL FROM rejected)

I think there is something wrong with this line in the guide:

Socket   inet:8891@localhost

I commented out:

Socket          local:/var/run/opendkim/opendkim.sock

...but it made no difference.

Has anyone got a working DKIM setup on Postfix? Could you compare my main.cf and opendkim files and advise what I'm doing wrong? Grab them from here: https://filebin.net/gwqv1ge2qpz9yy65

Thanks

Answer 1

There are 2 places where the listener is specified. In /etc/default/opendkim you need to add:

SOCKET="inet:8891@localhost".

Comment out the other sockets.

In /etc/postfix/main.cf you will need to add:

milter_default_action = accept

milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

I also have SOCKET inet:8891@localhost in my /etc/opendkim.conf but I'm not sure it is necessary.

I just got my server going again after an update crash. For some reason opendkim will not start if another user has rights to the keys. I fixed that buy copying the key to a folder owned by the opendkim user and group. The error description did not show up in systemctl status opendkim until I reinstalled opendkim. Before that it just show an error code but no explanation. The server has been running for 4 years without incident.