DKIM setup failed!

Stegan · September 30, 2022, 4:14pm

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 20.04.5
Virtualmin version	7.2-1 GPL

Trying to add DKIM results in

… start failed : Starting opendkim (via systemctl): opendkim.serviceJob for opendkim.service failed because the control process exited with error code.

I completed Email Settings → DomainKeys identified mail options
Setting
Signing of outgoing mail enabled? to yes
Extra domains to sign for entered all the virtual domains with MX records

Ilia · September 30, 2022, 6:44pm

Hello,

What is the output of systemctl status opendkim command?

Stegan · September 30, 2022, 6:52pm

root@*********:~# systemctl status opendkim
● opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter
     Loaded: loaded (/lib/systemd/system/opendkim.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2022-09-30 16:23:06 UTC; 2h 23min ago
       Docs: man:opendkim(8)
             man:opendkim.conf(5)
             man:opendkim-genkey(8)
             man:opendkim-genzone(8)
             man:opendkim-testadsp(8)
             man:opendkim-testkey
             http://www.opendkim.org/docs.html
    Process: 146886 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=78)

Sep 30 16:23:05 ******.com systemd[1]: opendkim.service: Control process exited, code=exited, status=78/CONFIG
Sep 30 16:23:05 ******.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Sep 30 16:23:05 ******.com systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Sep 30 16:23:06 ******.com systemd[1]: opendkim.service: Scheduled restart job, restart counter is at 5.
Sep 30 16:23:06 ******.com systemd[1]: Stopped OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Sep 30 16:23:06 ******.com systemd[1]: opendkim.service: Start request repeated too quickly.
Sep 30 16:23:06 ******.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Sep 30 16:23:06 ******.com systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.

Thanks IIia, I hope that makes more sense to you than it does to me.

Ilia · September 30, 2022, 7:25pm

You need to figure out why OpenDKIM is not starting! Virtualmin by default configures it with no problem.

Did you make any modifications manually to OpenDKIM configs?

Also, what is the content of /etc/opendkim.conf and cat /etc/default/opendkim files?

And what is the output of ps aux | grep opendkim command?

Stegan · September 30, 2022, 8:04pm

Yep thanks, that is why I’m here, cause I haven’t a clue

All I did is load OpenDKIM by pressing the button in Virtualmin - that seemed to go without a hitch then loaded the details as mentioned in the first post, then was returned the failed error.

Some other work has been done on the server since but nothing that should have interfered, like some more test emails and some more users.

/etc/opendkim.conf gave me

PidFile /run/opendkim/opendkim.pid

Always oversign From (sign using actual From and a null From to prevent

malicious signatures header fields (From and/or others) between the signer

and the verifier. From is oversigned by default in the Debian pacakge

because it is often the identity key used by reputation systems and thus

somewhat security sensitive.

OversignHeaders From

ResolverConfiguration filename

default (none)

Specifies a configuration file to be passed to the Unbound library that

performs DNS queries applying the DNSSEC protocol. See the Unbound

documentation at http://unbound.net for the expected content of this file.

The results of using this and the TrustAnchorFile setting at the same

time are undefined.

In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested

unbound package

ResolverConfiguration /etc/unbound/unbound.conf

TrustAnchorFile filename

default (none)

Specifies a file from which trust anchor data should be read when doing

DNS queries and applying the DNSSEC protocol. See the Unbound documentation

at http://unbound.net for the expected format of this file.

TrustAnchorFile /usr/share/dns/root.key

Userid userid

default (none)

Change to user “userid” before starting normal operation? May include

a group ID as well, separated from the userid by a colon.

UserID opendkim

cat /etc/default/opendkim gave me

root@***********:/etc/update-motd.d# cat /etc/default/opendkim
GROUP=opendkim
SOCKET=inet:8891@localhost
RUNDIR=/run/opendkim
EXTRAAFTER=“”
USER=opendkim
PIDFILE=$RUNDIR/$NAME.pid
DAEMON_OPTS=“-b sv”

ps aux | grep opendkim gave me

root 162483 0.0 0.0 8160 720 pts/0 S+ 20:01 0:00 grep --color=auto opendkim

stuckinthehouse · October 7, 2022, 4:38am

Sometimes the journalctl will give you more info.

journalctl -u opendkim.service

Stegan · October 7, 2022, 9:09am

Thanks, progress very useful:

Sep 30 08:42:36 *****.com systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...
Sep 30 08:42:36 *****.com opendkim[106559]: opendkim: /etc/opendkim.conf: opendkim: no such user
Sep 30 08:42:36 *****.com systemd[1]: opendkim.service: Control process exited, code=exited, status=78/CONFIG
Sep 30 08:42:36 *****.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Sep 30 08:42:36 *****.com systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Sep 30 08:42:37 *****.com systemd[1]: opendkim.service: Scheduled restart job, restart counter is at 1.
Sep 30 08:42:37 *****.com systemd[1]: Stopped OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Sep 30 08:42:37 *****.com systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...
Sep 30 08:42:37 *****.com opendkim[106584]: opendkim: /etc/opendkim.conf: opendkim: no such user
Sep 30 08:42:37 *****.com systemd[1]: opendkim.service: Control process exited, code=exited, status=78/CONFIG
Sep 30 08:42:37 *****.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Sep 30 08:42:37 *****.com systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Sep 30 08:42:37 *****.com systemd[1]: opendkim.service: Scheduled restart job, restart counter is at 2.
Sep 30 08:42:37 *****.com systemd[1]: Stopped OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
....ditto...

I have checked under Virtualmin → Edit Users for each of the 4 domains and all users seem to be there (also sending and receiving mail for all users is OK) so “no such user” error message not very helpful - which user?

So one step nearer the cause + solution

system · December 6, 2022, 9:09am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.