Get the most out of your Centmin Mod LEMP stack
Become a Member

Email Issues installing DKIM on Centmin

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Kainzo, Aug 22, 2018.

  1. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    2:23 AM
    Unsure
    10
    Greetings, I am unable to install DKIM with a fresh install of the beta centmin. My goal here is to setup mail so it stops hitting junk.

    I've gone through this guide > Set Up DKIM (DomainKeys Identified Mail) Working With Postfix On CentOS Using OpenDKIM

    and then this is what happens. I've attempted:
    Rebooting the system, ensuring the ports were forwarded in CSF. Unsure what to do next, i didnt have this issue on Debian

    Code:
    -- Unit opendkim.service has begun starting up.
    Aug 21 17:07:18 site.fpgatalk.org opendkim[1749]: /etc/opendkim/keys/default.private: open(): No such file or directory
    Aug 21 17:07:18 site.fpgatalk.org opendkim[1749]: opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory
    Aug 21 17:07:18 site.fpgatalk.org systemd[1]: opendkim.service: control process exited, code=exited status=78
    Aug 21 17:07:18 site.fpgatalk.org systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
    -- Subject: Unit opendkim.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit opendkim.service has failed.
    --
    -- The result is failed.
    Aug 21 17:07:18 site.fpgatalk.org systemd[1]: Unit opendkim.service entered failed state.
    Aug 21 17:07:18 site.fpgatalk.org systemd[1]: opendkim.service failed.
    Aug 21 17:07:18 site.fpgatalk.org polkitd[536]: Unregistered Authentication Agent for unix-process:1733:23335 (system bus name :1.18, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
    lines 2457-2502/2502 (END)
    
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.11.10
    • PHP Version Installed: 5.6.30
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? today
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    5:23 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Reverse and undo your manual OpenDKIM changes. Then use Centmin Mod addons/opendkim.sh referenced in Email - Steps to ensure your site/server email doesn't end up in spam inboxes to properly setup for main hostname only (not actual site domains as that has to have DKIM done at 3rd party domain @yourdomain.com email provider and can not be done on Centmin Mod server itself). Beta Branch - Automated DKIM setup with opendkim

    If you still run into problems with addons/opendkim.sh, to troubleshoot addons/opendkim.sh setup post to pastebin.com or gist.github.com the contents of the following files. You can use cat command to output them to display and then highlight and copy and paste the contents.
    • /etc/opendkim/KeyTable
      Code (Text):
      cat /etc/opendkim/KeyTable
    • /etc/opendkim/SigningTable
      Code (Text):
      cat /etc/opendkim/SigningTable
    • /etc/opendkim/TrustedHosts
      Code (Text):
      cat /etc/opendkim/TrustedHosts
    • /root/centminlogs/dkim_spf_dns_domain.com_${DT} where domain.com is domain name and/or server main hostname.domain.com you are setting up
      Code (Text):
      cat /root/centminlogs/dkim_spf_dns_domain.com_${DT}
    If you run the clean command below, you will reset and wipe all OpenDKIM KeyTable, SigningTable, TrustedHosts entriesin for main hostname for server ONLY leaving any vhostname sites you added as clean command is only for main hostname. And then opendkim.sh will auto re-run addons/opendkim.sh for main hostname to regenerate a new DKIM signature TXT entry and require you to update your main hostname's domain DNS TXT entry for DKIM again.
    Code (Text):
    /usr/local/src/centminmod/addons/opendkim.sh clean
    
     
  3. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    2:23 AM
    Unsure
    10
    Really appreciate the quick reply! You guys rock. I had one question.

    "By default addons/opendkim.sh will only setup DKIM for the server's main hostname which is setup by Centmin Mod end user as per"
    I want to set it up for "Fpgatalk.org" will this have any issue adding the DKIM to the DNS records? Its site.fpgatalk.org but do I have to send mail from that subdomain or does it work for the entire fpgatalk.org domain?

    Also: I just deleted my droplet and recreated, do I need to redo the DKIM process if the files are the same from my snapshot? After deleting my droplet, it looks like no mail is being sent, do i need to do something to recreate the dkim stuff?
     
    Last edited: Aug 25, 2018
  4. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    5:23 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah main hostname/subdomain only as Centmin Mod doesn't do @yourdomain.com mail so your 3rd party domain @yourdomain.com provider will handle DKIM/SPF/DMARC so no need to do it for Centmin Mod servers.

    For site based emails outbound @yourdomain.com via your web app, you should use a transactional SMTP provider rather than your your server's own Postfix MTA anyway for best uptime, reliability and deliverability i.e. Amazon AWS SES Amazon AWS - Amazon AWS SES SMTP Transactional Email Info. Especially, if you use Cloudflare etc as you don't want to leak your origin server's real IP address when you send emails from your server. Only Amazon AWS SES hides origin server's real IP addresses in mail headers. Other 3rd party SMTP providers don't hide them and sending direct from Centmin Mod server's Postfix will expose the real IP anyway. Making Cloudflare DDOS protection useless too.

    If you snapshot had working addons/opendkim.sh run configured main hostname DKIM, then no. But if snapshot didn't, then yes. Even if it did have working one, re-running
    /usr/local/src/centminmod/addons/opendkim.sh clean command will allow you to have refreshed DKIM setup.
     
  5. Kainzo

    Kainzo New Member

    12
    0
    1
    Aug 17, 2018
    Ratings:
    +1
    Local Time:
    2:23 AM
    Unsure
    10
    I'm using Xenforo combined with Centmin... so the centmin hostname/domain is the one sending the mail. I won't be passing it off to AWS or anything like that.
    Is this not doable with the addon of DKIM?
     
  6. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    5:23 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
..