Control Web Panel
WebPanel => E-Mail => DKIM => Topic started by: kandalf on March 14, 2022, 10:26:50 AM
-
I have 3 servers with CWP (2x centos 7 and 1x centos 8 stream delayed), the Centos 8 is my most recent server, I think I configure everything correctly but the cwp is not generating a DKIM record for new domains added.
I use cloudflare go manage the dns, usually I add a new domain it created the dns records locally and I copy the values to cloudflare, but on my new server the DKIM record is never created.
I already rebuild multiple times the mail server, I tried to go to Email -> DKIM manager and "Add DKIM" but it never adds a dkim record, it show a success message but don't do nothing.
When I add a new domain in the other server if I go to Dkim Manager I get all columns green, in the new server I get
TrustedHosts = Red
KeyTable = Red
v=DKIM1 = Green
v=spf1 = Green
I already tried do add the domain to /etc/opendkim/TrustedHosts manually and in that case I can turn TrustedHosts to green, but the dkim record is never generated. I saw that the /etc/opendkim/userkeys/ folder don't even exist I have a /etc/opendkim/keys/ but it's empty, I tried to create that folder but even after rebuild mailserver it still empty.
Please any tips to solve this problem
-
yeah... if you have to manually edit DKIM configuration files then the setup is now custom.
When you rebuild the mail server with DKIM/SPF checked, you would probably need to rebuild all DNS records. Simplest way is to run this command after completing rebuilding the mail server:
/usr/local/cwp/php71/bin/php /scripts/cwp_api account rebuild_var_named_all
After that, run this command to manually confirm that DKIM values has been added to your DNS records:
grep --include=\*.{db,} -rnw '/var/named/' -e 'default._domainkey'
If the last command shows good results then your DKIM is fine. The only step left is to confirm it really working by sending an email to:
https://www.mail-tester.com/
-
yeah... if you have to manually edit DKIM configuration files then the setup is now custom.
When you rebuild the mail server with DKIM/SPF checked, you would probably need to rebuild all DNS records. Simplest way is to run this command after completing rebuilding the mail server:
/usr/local/cwp/php71/bin/php /scripts/cwp_api account rebuild_var_named_all
After that, run this command to manually confirm that DKIM values has been added to your DNS records:
grep --include=\*.{db,} -rnw '/var/named/' -e 'default._domainkey'
If the last command shows good results then your DKIM is fine. The only step left is to confirm it really working by sending an email to:
https://www.mail-tester.com/
Unfortunately the command don't do nothing, in the other servers I have many results with running the second command but in this server don't show nothing
-
Is the opendkim service running?
systemctl status opendkim
-
Is the opendkim service running?
systemctl status opendkim
Yes it's running I already start and stop many times.
It's really strange I don't get any error it simply not generate any dkim record.
-
Please post the results of the following command.
journalctl -xeu opendkim
-
This is the result of journalctl -xeu opendkim coomand
Mar 14 11:34:04 moon.noop.pt systemd[1]: opendkim.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit opendkim.service has successfully entered the 'dead' state.
Mar 14 11:34:04 moon.noop.pt systemd[1]: Stopped DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has finished shutting down
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit opendkim.service has finished shutting down.
Mar 14 11:34:04 moon.noop.pt systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit opendkim.service has begun starting up.
Mar 14 11:34:05 moon.noop.pt systemd[1]: Started DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit opendkim.service has finished starting up.
--
-- The start-up result is done.
Mar 14 11:34:18 moon.noop.pt systemd[1]: Reloading DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has begun reloading its configuration
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit opendkim.service has begun reloading its configuration
Mar 14 11:34:18 moon.noop.pt systemd[1]: Reloaded DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has finished reloading its configuration
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit opendkim.service has finished reloading its configuration
--
-- The result is done.
This is really a strange problem, and I need to fix it but have no ideas for more things to test
-
I just got a hunch here, but can you run this command and post the entire result here. Also please tell us at what date did you install CWP.
dnf history info opendkim
-
I just got a hunch here, but can you run this command and post the entire result here. Also please tell us at what date did you install CWP.
dnf history info opendkim
I already reinstall the opendkim it's installed.
But after I compare the commands on the forlder "/usr/sbin/" of the working server and the current server I found something missing, in the current server I don't have the commands:
opendkim-genkey
opendkim-genzone
opendkim-testkey
opendkim-testmsg
I search a little and found that the "opendkim-tools" was not installed I run dnf install opendkim-tools to install it then rebuild the mail server and generate again the dkim for all domains and its WORKING ;D
This server is mostly for backups and development and I'm testing Centos 8 Stream, I think at the moment the most important things are working, very soon I will get a new production server and will use Centos 8 Stream again I will check if this is a problem with the instalation on CWP or if is only something that fail during the installation on this server
Thank you iraqiboy90 and rcschaff
-
Glad I could be of help leading you to solving the problem, but I just checked my centos 8 stream server and I have a working DKIM manager without opendkim-tools installed.
And I also don't have those files you're talking about:
[root@pmail ~]# ll /usr/sbin/*dkim*
-rwxr-xr-x 1 root root 227856 Feb 24 05:14 /usr/sbin/opendkim
-rwxr-xr-x 1 root root 1430 Feb 24 05:14 /usr/sbin/opendkim-default-keygen
-rwxr-xr-x 1 root root 14498 Feb 24 05:14 /usr/sbin/opendkim-reportstats
These are the only things that got installed by CWP when DKIM got installed:
User : root <root>
Return-Code : Success
Releasever : 8
Command Line : --enablerepo=epel -y install opendkim libopendkim perl-Mail-DKIM perl-Mail-SPF pypolicyd-spf
Comment :
Packages Altered:
Install libmemcached-libs-1.0.18-17.el8.x86_64 @appstream
Install python3-pip-9.0.3-22.el8.noarch @appstream
Install python36-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64 @appstream
Install sendmail-milter-8.15.2-34.el8.x86_64 @appstream
Install python3-setuptools-39.2.0-6.el8.noarch @baseos
Install libbsd-0.9.1-4.el8.x86_64 @epel
Install libopendkim-2.11.0-0.17.el8.x86_64 @epel
Install opendbx-1.4.6-21.el8.x86_64 @epel
Install opendkim-2.11.0-0.17.el8.x86_64 @epel
Install pypolicyd-spf-2.0.2-7.el8.noarch @epel
Install python3-py3dns-3.2.1-1.el8.noarch @epel
Install python3-pyspf-2.0.14-8.el8.noarch @epel
-
It's a little strange I only make it work after I install opendkim-tools,
Now I have this
[root@mercury ~]# ll /usr/sbin/*dkim*
-rwxr-xr-x 1 root root 162104 Dec 21 2016 /usr/sbin/opendkim
-rwxr-xr-x 1 root root 1430 Dec 21 2016 /usr/sbin/opendkim-default-keygen
-rwxr-xr-x 1 root root 6445 Dec 21 2016 /usr/sbin/opendkim-genkey
-rwxr-xr-x 1 root root 68280 Dec 21 2016 /usr/sbin/opendkim-genzone
-rwxr-xr-x 1 root root 14498 Dec 21 2016 /usr/sbin/opendkim-reportstats
-rwxr-xr-x 1 root root 72688 Dec 21 2016 /usr/sbin/opendkim-testkey
-rwxr-xr-x 1 root root 15640 Dec 21 2016 /usr/sbin/opendkim-testmsg
And this was what I have in all other servers with Centos 7 only the one with Centos 8 was missing some commands and start working after I install it.
-
why are your files dated 2016? Did you have this centos 8 server since then and you installed CWP on it without reinstalling centos 8 first?
-
why are your files dated 2016? Did you have this centos 8 server since then and you installed CWP on it without reinstalling centos 8 first?
Yes this is a print from my centos 7 that it now exactly the same of the centos 8, only the dates changed, but here is the files from the correct server:
[root@moon ~]# ll /usr/sbin/*dkim*
-rwxr-xr-x 1 root root 227856 Feb 24 05:14 /usr/sbin/opendkim
-rwxr-xr-x 1 root root 1430 Feb 24 05:14 /usr/sbin/opendkim-default-keygen
-rwxr-xr-x 1 root root 6445 Feb 24 05:14 /usr/sbin/opendkim-genkey
-rwxr-xr-x 1 root root 85344 Feb 24 05:14 /usr/sbin/opendkim-genzone
-rwxr-xr-x 1 root root 14498 Feb 24 05:14 /usr/sbin/opendkim-reportstats
-rwxr-xr-x 1 root root 85488 Feb 24 05:14 /usr/sbin/opendkim-testkey
-rwxr-xr-x 1 root root 16760 Feb 24 05:14 /usr/sbin/opendkim-testmsg
All files have the same timestamp this probably is the original creation date of the last opendkim version