OpenDKIM is not running (port 8891)

byezy · April 12, 2016, 10:27am

In a new install of miab, I run the Status Checks, and receive (for a start):

System Status Checks

System OpenDKIM is not running (port 8891).

Could someone give me a hint as to the severity of this and how to fix it?

Thanks very much. Cheers

v60fan · April 12, 2016, 3:24pm

Have you tried re-running the mailinabox command?
sudo mailinabox

This will run through the install again. Some others have had this “stuck” issue in the past and report that setting the server up again fixes it.

byezy · April 12, 2016, 10:37pm

Thanks mate.

Tried that but it didn’t work.

[I was expecting it to put me back into that naughty loop and for my test users to be blasted away, but none of that happened, which was good ]

I’ll keep researching, maybe someone else has an idea?

Cheers

v60fan · April 12, 2016, 10:52pm

what is the output of:
ps -aux | grep opendkim

(just to verify it really isn’t running)

byezy · April 12, 2016, 10:55pm

dave@box:~$ ps -aux | grep opendkim
opendkim 30491 0.0 0.2 214828 2196 ? Ssl 08:34 0:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid
dave 32101 0.0 0.0 11740 940 pts/4 S+ 08:53 0:00 grep --color=auto opendkim

! greek to me !

v60fan · April 12, 2016, 10:58pm

Okay that first line makes it look like it is in fact running.

Have you rebooted the machine recently?
sudo shutdown -r now

v60fan · April 12, 2016, 11:07pm

Can you also try running the status checks manually:
mailinabox/management/status_checks.py

run this from the root directory

it should output all the status information that you see on the status checks webpage

byezy · April 12, 2016, 11:07pm

I just did a

sudo reboot

with no change…

I take it that is the same as

sudo shutdown -r now

?

Thanks for your help mate. Cheers

byezy · April 12, 2016, 11:11pm

dave@box:/$ sudo /home/dave/mailinabox/management/status_checks.py

System

OpenDKIM is not running (port 8891).
✓ SSH disallows password-based login.
✓ System software is up to date.
✓ Mail-in-a-Box is up to date. You are running version v0.17c.
✓ System administrator address exists as a mail alias.
[administrator@box.happygoanna.com.au ↦
administrator@box.happygoanna.com.au]
✓ The disk has 25.3 GB space remaining.
✓ System memory is 59% free.

Network

✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.happygoanna.com.au

✓ Nameserver glue records are correct at registrar.
[ns1/ns2.box.happygoanna.com.au ↦ 128.199.224.255]
✓ Domain resolves to box’s IP address. [box.happygoanna.com.au ↦
128.199.224.255]
✓ Reverse DNS is set correctly at ISP. [128.199.224.255 ↦
box.happygoanna.com.au]
✓ The DANE TLSA record for incoming mail is correct
(_25._tcp.box.happygoanna.com.au).
✓ Hostmaster contact address exists as a mail alias.
[hostmaster@box.happygoanna.com.au ↦ administrator@box.happygoanna.com.au]
✓ Domain’s email is directed to this domain. [box.happygoanna.com.au ↦ 10
box.happygoanna.com.au]
✓ Postmaster contact address exists as a mail alias.
[postmaster@box.happygoanna.com.au ↦ administrator@box.happygoanna.com.au]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 89 days
on 07/11/16.

happygoanna.com.au

✓ Nameservers are set correctly at registrar. [ns1.box.happygoanna.com.au;
ns2.box.happygoanna.com.au]
✓ Domain’s email is directed to this domain. [happygoanna.com.au ↦ 10
box.happygoanna.com.au]
✓ Postmaster contact address exists as a mail alias.
[postmaster@happygoanna.com.au ↦ administrator@box.happygoanna.com.au]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ Domain resolves to this box’s IP address. [happygoanna.com.au ↦
128.199.224.255]
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 89 days
on 07/11/16.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS
record activates DNSSEC. To set a DS record, you must follow the
instructions provided by your domain name registrar and provide to them this
information:

Key Tag: 42390
Key Flags: KSK
Algorithm: 7 / RSASHA1-NSEC3-SHA1
Digest Type: 2 / SHA-256
Digest: e84b5c2d5c290580c8fb787acefd21c5e40fb6c13b5e53a7f047b1691fe8d1d7
Public Key:

AwEAAZgbqo5bLOFvq2pqLUn5MgZgeTaCZXea67QifodvUnH1e6Zc1IpB6bMJwRDSQvycplMwRrUEpJYF0bcSttO6TJBN7m9hfD+37UnZk+6CFGFQtkf8ZwKcP4EJjLwn1Pbgopjb+vvo9m9ItFWO67v4rpgQH55DXO7Y+sstlMfkCinurgkNXjweS+7n6ctxMLD+QydDKQRf+nikEVumw0BmtyZ6EtyOWNX6QhYGIpG22ok4KdmxoJtfXOdfZmGkrRdFVhWjIsmbZOYBD8kfRpI4zboX4/DOra+T3rS1j6bZqztGsuyx2qq5HrR7wA2pESRO/r2D8I/gWiPHqPE03a7saH0=

Bulk/Record Format:
happygoanna.com.au. 3600 IN DS 42390 7 2
e84b5c2d5c290580c8fb787acefd21c5e40fb6c13b5e53a7f047b1691fe8d1d7

www.happygoanna.com.au

✓ Domain resolves to this box’s IP address. [www.happygoanna.com.au ↦
128.199.224.255]
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 89 days
on 07/11/16.
dave@box:/$

v60fan · April 12, 2016, 11:15pm

Okay this looks better now that you put sudo on

Can you try:
netstat -nap | grep 8891

This will tell us if opendkim is bound to the local port 8891 or not.

byezy · April 12, 2016, 11:18pm

yeh I’m a muppet, often forgetting sudo!

dave@box:/$ sudo netstat -nap | grep 8891
tcp 0 0 127.0.1.1:8891 0.0.0.0:* LISTEN 30491/opendkim
dave@box:/$

v60fan · April 12, 2016, 11:20pm

Run:
service opendkim status
You should see:
* opendkim is running

If you don’t, try:
service opendkim start

byezy · April 12, 2016, 11:23pm

dave@box:/$ sudo service opendkim status

opendkim is running

… so maybe the check script is getting it wrong?

v60fan · April 12, 2016, 11:24pm

the box is pretty smart; I would tend to trust it!
I am out of ideas, sorry!

byezy · April 12, 2016, 11:28pm

Thanks very much for all your help mate, greatly appreciated.

It seems that OpenDKIM is in fact running… so if it actually is (can’t see that being reported wrong)… then can’t see another logical conclusion other than the status report is in error ?

I’ll have to live with it for now!

CHEERS!

v60fan · April 12, 2016, 11:31pm

There is definitely a reason it’s showing that error. When I stop my service, the status checks page shows the error you see. When I restart it, the error goes away.

When I’ve encountered any issues in the past I couldn’t resolve, I do these things:

I backup my user-data
do a completely fresh setup of the VPS
run the install from scratch, and
bring my data back over

I’ve seen that error only 1 time before, when I had first setup a different hosting provider. But I got it working.

JoshData · April 13, 2016, 9:02pm

OpenDKIM is running on the wrong network interface. Your localhost is probably defined in an unusual way to be 127.0.1.1 instead of 127.0.0.1.

(See https://github.com/mail-in-a-box/mailinabox/issues/797.)

byezy · April 13, 2016, 9:54pm

Thanks @JoshData, that is in fact the case!

I did a quick grep and 127.0.1.1 is all over the place in a squillion files…

Would you know if a utility exists or if there is a standard way to achieve this (my linux is pretty average)?

Would a simple find/replace using sed possibly work, or will it be much more painful than that?

thanks heaps. Cheers

byezy · April 13, 2016, 10:14pm

Sorry Josh, just re-read the link, so I only need to change OpenDKIM service settings to “localhost”… or does it need to be changed throughout miab system somehow? Cheers

byezy · April 13, 2016, 10:54pm

SO the quick fix for this is to edit

./etc/opendkim.conf

changing

socket inet:8891@localhost

to

socket inet:8891@127.0.0.1

then restart the service

sudo service opendkim restart

this at least makes miab happy and gives all-green test status test results…

Cheers