SYSTEM INFORMATION | |
---|---|
OS type and version | AlmaLinux release 9.2 (Turquoise Kodkod) |
Webmin version | 2.021 |
Virtualmin version | 7.7 |
Opendkim | 2.11.0 |
Postfix | 3.5.9 |
Bind | 9.16 |
I installed Virtualmin 7 on an AlmaLinux 9.2 exclusively for email server purposes.
Sending and receiving emails works
Each domain has an exclusive virtual server with only two features enabled:
- Mail for domain
- Spam filtering
I did not enabled DNS for the virtual servers since it is configured externally
- External DNS records are fine, including all email related: MX, SPF, DKIM, DMARC
- Testing with Gmail and email-tester . com confirms all records, except that the email isn’t being signed with DKIM
Opendkim is listening on 127.0.0.1:8891
after checking with ss -tulpn | grep 8891
tcp LISTEN 0 128 127.0.0.1:8891 0.0.0.0:* users:(("opendkim",pid=11546,fd=3))
Postfix is configured to use Opendkim, with the following on /etc/postfix/main.cf
:
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Complete /etc/postfix/main.cf
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = dane
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_rbl_client zen.spamhaus.org check_policy_service unix:/var/spool/postfix/postgrey/socket
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
mailbox_size_limit = 0
allow_percent_hack = no
resolve_dequoted_address = no
message_size_limit = 102400000
milter_default_action = accept
tls_server_sni_maps = hash:/etc/postfix/sni_map
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtp_use_tls = yes
Checking Opendkim with systemctl status opendkim
I identified that:
- current command is:
/usr/sbin/opendkim -f -b s
- if I change it to
/usr/sbin/opendkim -x /etc/opendkim.conf
and restarts it (after a propersystemctl daemon-reload
), it still doesn’t sign anything
On Virtualmin → Email Settings → DomainKeys Identified Mail
- Signing of outgoing mail enabled? is Yes
- Extra domains to sign for have all the domains added as “virtual servers” on the server
- The tab Domains currently signed for presents a list with all the domains as well
- The DKIM DNS records for domains is correctly added on the DNS records of all the domains listed
Strangely, when I send an email, nothing is written on /var/log/mail.log
When sending an email to check-auth@verifier.port25.com, I get:
==========================================================
Summary of Results
==========================================================
SPF check: pass
"iprev" check: pass
DKIM check: none
...
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: none (message not signed)
ID(s) verified: