search

iredmail / dockerized

Official dockerized iRedMail.
https://www.iredmail.org/
281 stars 71 forks source link

How I can add second DKIM for second domain? #108

Open juan77 opened 2 years ago

juan77 commented 2 years ago

Hi! First thanks for the dockerized effort :D

I have successfully dockerized for one domain, and now I would like to implement an second domain, and digging it, I found than I need to touch the following file /etc/amavis/conf.d/50-user to add the corresponding second DKIM like:

dkim_key('domain2.com', 'dkim', '/var/lib/dkim/domain2.com.pem');

and then

"domain2.com" => { d => "domain2.com", a => 'rsa-sha256', ttl => 10*24*3600 },

But I found that the file /etc/amavis/conf.d/50-user is not accessible to outside, right? or I missing something?

Have some of us successfully implemented an second domain? Appreciate some tips to solve it. :D

Thanks, juan.-

iredmail commented 2 years ago

Please use /opt/iredmail/custom/amavisd/amavisd.conf instead, also store DKIM keys under /opt/iredmail/custom/amavisd/dkim/.

Docker edition follows our iRedMail Easy "Best Practice": https://docs.iredmail.org/iredmail-easy.best.practice.html

juan77 commented 2 years ago

Hi @iredmail!

Thanks for the tip!! and the best practice!

juan77 commented 2 years ago

hi! I'm back again :(

I have added a custom amavisd.conf in /opt/iredmail/custom/amavisd folder as is:

dkim_key("second_domain.com", "dkim", "/opt/iredmail/custom/amavisd/dkim/second_domain.com.pem");
dkim_key("third_domain.com", "dkim", "/opt/iredmail/custom/amavisd/dkim/third_domain.com.pem");

@dkim_signature_options_bysender_maps = ({
   "second_domain.com"  => { d => "second_domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
   "third_domain.com"  => { d => "third_domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
});

And generated the corresponding pem files with:

amavisd-new genrsa /opt/iredmail/custom/amavisd/dkim/second_domain.com.pem 1024
amavisd-new genrsa /opt/iredmail/custom/amavisd/dkim/second_domain.com.pem 1024

And now when start is spamming all the time the following log

2022-05-19 00:56:33,937 INFO spawned: 'amavisd' with pid 1238
2022-05-19 00:56:34,238 INFO success: amavisd entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2022-05-19 00:56:34,242 INFO exited: amavisd (exit status 13; not expected)

But I don't see what wrong with that config, curious is that if I add an empty amavsid.conf the errors is persisted, but if I delete the amavisd.conf is working back fine.

Any idea? Thanks, juan.-

iredmail commented 2 years ago

Amavisd logs to /var/log/maillog, please check whether there's more detailed info.

juan77 commented 2 years ago

Hi!

I have checked logs, and the output are:

May 19 12:00:05 mail postfix/postfix-script[894]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
May 19 12:00:05 mail postfix/postfix-script[909]: warning: not owned by root: /var/spool/postfix/etc/localtime
May 19 12:00:05 mail postfix/postfix-script[910]: warning: not owned by root: /var/spool/postfix/etc/hosts
May 19 12:00:05 mail postfix/postfix-script[911]: warning: not owned by root: /var/spool/postfix/etc/resolv.conf
May 19 12:00:05 mail postfix/postfix-script[919]: starting the Postfix mail system
May 19 12:00:05 mail postfix/master[920]: daemon started -- version 3.4.13, configuration /etc/postfix
May 19 12:00:05 mail postfix/qmgr[921]: 4L3T1R18skz9lC3: from=<root@mail.xxxxxx.com>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3XJt07CJz9nlk: from=<root@mail.xxxxxx.com>, size=7762, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3WWd6dV9z9lCh: from=<root@mail.xxxxxx.com>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3X9G75Tyz9nS8: from=<root@mail.xxxxxx.com>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/pickup[922]: 4L3pM93bT4z9ktp: uid=0 from=<root@mail.xxxxxx.com>
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/cleanup[924]: 4L3pM93bT4z9ktp: message-id=<4L3pM93bT4z9ktp@mail.xxxxxx.com>
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3T1R18skz9lC3: to=<postmaster@xxxxxx.com>, relay=none, delay=46891, delays=46891/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/qmgr[921]: 4L3pM93bT4z9ktp: from=<root@mail.xxxxxx.com>, size=7754, nrcpt=1 (queue active)
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3XJt07CJz9nlk: to=<postmaster@xxxxxx.com>, relay=none, delay=37976, delays=37976/0.04/0.01/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/amavis/smtp[925]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
May 19 12:00:05 mail postfix/amavis/smtp[925]: 4L3WWd6dV9z9lCh: to=<postmaster@xxxxxx.com>, relay=none, delay=40120, delays=40120/0.04/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/error[938]: 4L3X9G75Tyz9nS8: to=<postmaster@xxxxxx.com>, relay=none, delay=38371, delays=38371/0.06/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
May 19 12:00:05 mail postfix/error[938]: 4L3pM93bT4z9ktp: to=<postmaster@xxxxxx.com>, relay=none, delay=3.1, delays=3.1/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

Is possible that the port 10026 is causing amavisd to fail?? Because works fine when working with one domain...

Any tips? Thx in advance! juan.-

iredmail commented 2 years ago

Try to restart amavisd service with command supervisorctl and check the log file immediately. I expect amavis logs something useful for troubleshooting.

tpimh commented 2 years ago

I just tried to replicate the setup, and it failed as expected. However, no useful info in the logs.

What I did:

  1. Created /opt/iredmail/custom/amavisd/amavisd.conf
  2. Restarted amavisd with supervisorctl restart amavisd

In supervisorctl status, amavisd was showing as "RUNNING" however, it's uptime was always 0:00:00.

In maillog, the following entries were added (I don't think these are related to amavis in any way):

Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max connection rate 1/60s for (submission:141.98.11.23) at Jun  8 09:11:20
Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max connection count 1 for (submission:141.98.11.23) at Jun  8 09:11:20
Jun  8 09:18:04 mail postfix/anvil[13605]: statistics: max cache size 1 at Jun  8 09:11:20

To fix this, I removed /opt/iredmail/custom/amavisd/amavisd.conf and restarted amavisd again. It started counting up the seconds of uptime.

Any suggestions how to debug this?

tpimh commented 2 years ago

I think I have finally solved it with chown root:amavis. Will test again and publish a fix.

palzino commented 1 year ago

I think I have finally solved it with chown root:amavis. Will test again and publish a fix.

Did you ever find a solution to this issue?

tpimh commented 1 year ago

Sorry, unfortunately I couldn't find the right solution to this, so never published the actual fix.