AlternC icon indicating copy to clipboard operation
AlternC copied to clipboard

Published 20 hours ago verified publisher icon AlternC

Error in opendkim installation on debian buster

Open ulvida opened this issue 5 years ago • 7 comments

On a fresh alternc installation, on a fresh debian buster, opendkim is not properly configured when running alternc.install:

root@myhost:~# alternc.install 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
...
apache2: no process found
Job for opendkim.service failed because a timeout was exceeded.
See "systemctl status opendkim.service" and "journalctl -xe" for details.
invoke-rc.d: initscript opendkim, action "start" failed.
● opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: timeout) since Mon 2020-01-27 20:34:04 -03; 29ms ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 45062 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=0/SUCCESS)

ene 27 20:34:04 anacahuita opendkim[45063]: OpenDKIM Filter v2.11.0 terminating with status 0, errno = 0
ene 27 20:34:04 anacahuita systemd[1]: opendkim.service: Failed with result 'timeout'.
ene 27 20:34:04 anacahuita systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Fix all the permission. May be quite long...
YOU CAN INTERUPT THIS BY USING Ctrl-c THEN y TO BYPASS THE ERROR.

Done
...

ulvida avatar Jan 27 '20 23:01 ulvida

Maybe this was due to some little changes I did to install scrips. Proceeding on command line I don't have the bug. Sorry.

ulvida avatar Jan 28 '20 13:01 ulvida

I reopen this issue, because after several intents, I can confirm that opendkim doesn't run well on debian buster:

root@uralan:~# service opendkim status
● opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
   Active: activating (start) since Wed 2020-01-29 17:08:24 -03; 15s ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 17841 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 9830)
   Memory: 1.9M
   CGroup: /system.slice/opendkim.service
           └─17842 /usr/sbin/opendkim -x /etc/opendkim.conf

ene 29 17:08:24 uralan systemd[1]: Starting OpenDKIM DomainKeys Identified Mail (DKIM) Milter...
ene 29 17:08:24 uralan systemd[1]: opendkim.service: Can't open PID file /run/opendkim/opendkim.pid (yet?) after start: No such file or directory
ene 29 17:08:24 uralan opendkim[17842]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)

ulvida avatar Jan 29 '20 20:01 ulvida

I can confirm that opendkim doesn't run well on debian buster

to solve this issue :

1-Save the original template

cd /etc/alternc/templates
mv opendkim.conf opendkim.conf.bak

2-Create a new template

cat << 'EOF' > opendkim.conf
#
# %%warning_message%%
#

# Log to syslog
Syslog                  yes
SyslogSuccess                   yes

# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

KeyTable           /etc/opendkim/KeyTable
SigningTable       /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts      /etc/opendkim/TrustedHosts

# The value from /etc/default/opendkim doesn't seem to be taken into account
# @see https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=861169
Socket inet:[email protected]
PidFile /run/opendkim/opendkim.pid
EOF

3-Expand new template

alternc.install

4-Verify the opendkim service

systemctl status opendkim.service

Regards

ghost avatar Jul 20 '20 13:07 ghost

Confirmed here. We just have to put back that line in opendkim.conf

PidFile /run/opendkim/opendkim.pid

albancrommer avatar Nov 18 '20 20:11 albancrommer

Thank you! However, this two workarounds (only the PidFile, or also the Socket), even if they make opendkim starting and running, do not fully configure opendkim for AlternC: if you don't specify the Socket, postfix fails to access opendkim, it sends mails but not signed. If you specify the socket opendkim is called, but it fails to read its signing keys, as their files are owned by opendkim unix user and opendkim itself is ran as root (see #472).

ulvida avatar Jul 06 '21 11:07 ulvida

In fact, alternc.install knows how to properly configure opendkim, but it does it only for debian stretch distribution.

ulvida avatar Jul 06 '21 11:07 ulvida

I'll try to propose a PR, but I'm wondering how to fix the bug, in order to be as resilient as possible for future debian versions upgreade.

Instead of adding buster to the distribution version test:

if [ "$SYSTEMD" = "1" -a "$(lsb_release -s -c)" = "stretch" ] ; then

I would therefore prefer to exclude older debian versions: jessie, wheezy, ... I wonder which distributions present AlternC code is compatible with, but I understand it does not much sense to install alternc 3.5 or upper on a version older than oldoldstable (presently jessie).

Similarly, alternc 3.5-rc wasn't resilient to a php version upgrade (See #459). I think we should try to code all these configurations and tweaks in AlternC to be compatible with any package or distribution version upgrade. This will facilitate the upgrade of AlternC itself, being broken only if something new or different appears, not because AlternC stops performing tasks because of the upgrade.

ulvida avatar Jul 06 '21 11:07 ulvida