[Solved] DKIM rmilter error

Hello,

I’m currently working on setting DKIM and DMARC for my yunohost.
I’m running Yunohost 2.5.4
I have open DNS configuration in yunohost admin and update my ZoneDNS in OVH.

The problem is that in my mails i didn’t see any DKIM signature. I the log of rmilter:

postfix/smtpd[19317]: warning: connect to Milter service unix:/run/rmilter/rmilter.sock: No such file or directory

and yunohost says that rmilter is running.

Do you have an idea to help me, please?

Thanks to all !!
Bye

Hi there,

there has been a few fixes about rmilter in 2.5.5 and 2.5.6 so please try to update/upgrade Yunohost. There might still be an issue/warning remaining, the fix is dicussed here : /etc/yunohost/services.yml : rmilter.socket et rspamd.socket not active

Please let us know if that solved the issue for you !

Hello

THX for responding :slight_smile:
So I have Upgraded to 2.5.6 and rebbot, but the problem persists … :frowning:

And now I saw Rmilter with status inactive and I can’t start it

so the issue is not solved …

Bye

Hm okay.

Do you have any logs about why rmilter isn’t starting ? (with service rmilter status after doing a servic rmilter restart (or start maybe)). Did you tried @opi’s trick in the thread I linked : systemctl disable rspam.socket && systemctl disable rmilter.socket ?

Hi CaptainSqrt2,

Log

$ sudo service milter start
$ sudo service rmilter status
● rmilter.service - Another sendmail milter for different mail checks
Loaded: loaded (/lib/systemd/system/rmilter.service; disabled)
Active: failed (Result: signal) since jeu. 2017-02-23 14:40:59 CET; 29s ago
Process: 19863 ExecStart=/usr/sbin/rmilter -c /etc/rmilter.conf -n (code=killed, signal=SEGV)
Main PID: 19863 (code=killed, signal=SEGV)

févr. 23 15:12:31 mondomain systemd[1]: Started Another sendmail milter for different mail checks.
févr. 23 15:12:31 mondomain systemd[1]: rmilter.service: main process exited, code=killed, status=11/SEGV
févr. 23 15:12:31 mondomain systemd[1]: Unit rmilter.service entered failed state.

I didn’t try @opi’s trick because I thought that it was a workarround for < V2.5.4, and in V2.5.6 the point was corrected

what do you recommand?

Thank you :slight_smile:

Can you try to restart rmilter (service rmilter restart) (again, yes) and check for new lines in /var/log/mail.info, mail.err, and daemon.log which could correspond to error messages from rmilter ?

No pb

/var/log/mail.info:

Feb 23 15:40:52 mondomain postfix/smtpd[20892]: warning: connect to Milter service unix:/run/rmilter/rmilter.sock: No such file or directory

/var/log/mail.err:

EMPTY

/var/log/daemon/log:

Feb 23 15:42:25 mondomain systemd[1]: Cannot add dependency job for unit rspamd.socket, ignoring: Unit rspamd.socket failed to load: No such file or directory.
Feb 23 15:42:25 mondomain systemd[1]: Cannot add dependency job for unit rmilter.socket, ignoring: Unit rmilter.socket failed to load: No such file or directory.
Feb 23 15:42:25 mondomain systemd[1]: Starting Another sendmail milter for different mail checks…
Feb 23 15:42:25 mondomain systemd[1]: Started Another sendmail milter for different mail checks.
Feb 23 15:42:26 mondomain systemd[1]: rmilter.service: main process exited, code=killed, status=11/SEGV
Feb 23 15:42:26 mondomain systemd[1]: Unit rmilter.service entered failed state.
Feb 23 15:45:16 mondomain nslcd[906]: [a0799a] <passwd=“*”> request denied by validnames option

does it help?

Hm, I think you should definitely run @opi’s trick :wink:

systemctl disable rspam.socket && systemctl disable rmilter.socket

OK but for my understanding
this trik disable something so it will broke something? or by restarting this will be corrected rmilter starting?

From what I understand : rmilter/rspamd “recently” changed the way they work. And thus the rspam.socket and rmilter.socket are not needed anymore (and in fact seem to conflict because they were not entirely removed in your setup. Which is possibly our (the Yunohost’s team) fault ;). So disabling the rspam.socket and rmilter.socket should allow rspamd/rmilterd to work properly.

(But I’m not an expert regarding rmilter/rspamd or even mail in general :/)

OK , thx for détails but … same problem :sob:

$ sudo systemctl disable rspam.socket && sudo systemctl disable rmilter.socket >Removed symlink /etc/systemd/system/sockets.target.wants/rmilter.socket.

$ sudo systemctl disable rspam.socket && sudo systemctl disable rmilter.socket
Removed symlink /etc/systemd/system/sockets.target.wants/rmilter.socket.
$ sudo service rmilter restart
$ sudo service rmilter status
● rmilter.service - Another sendmail milter for different mail checks Loaded: loaded (/lib/systemd/system/rmilter.service; disabled)
Active: failed (Result: signal) since jeu. 2017-02-23 15:54:04 CET; 13s ago
Process: 21036 ExecStart=/usr/sbin/rmilter -c /etc/rmilter.conf -n (code=killed, signal=SEGV)
Main PID: 21036 (code=killed, signal=SEGV)

févr. 23 15:54:04 mondomain systemd[1]: Started Another sendmail milter for different mail checks.
févr. 23 15:54:04 mondomain systemd[1]: rmilter.service: main process exited, code=killed, status=11/SEGV
févr. 23 15:54:04 mondomain systemd[1]: Unit rmilter.service entered failed state.

/var/log/daemon.log

Feb 23 15:56:06 mondomain systemd[1]: Reloading.
Feb 23 15:56:30 mondomain systemd[1]: Cannot add dependency job for unit rspamd.socket, ignoring: Unit rspamd.socket failed to load: No such file or directory.
Feb 23 15:56:30 mondomain systemd[1]: Starting Another sendmail milter for different mail checks…
Feb 23 15:56:30 mondomain systemd[1]: Started Another sendmail milter for different mail checks.
Feb 23 15:56:31 mondomain systemd[1]: rmilter.service: main process exited, code=killed, status=11/SEGV
Feb 23 15:56:31 mondomain systemd[1]: Unit rmilter.service entered failed state.

rspamd looks broken too … and restart has faild

Feb 23 16:06:19 mondomain systemd[1]: Started rapid spam filtering system.
Feb 23 16:06:19 mondomain systemd[1]: rspamd.service: main process exited, code=killed, status=4/ILL
Feb 23 16:06:19 mondomain systemd[1]: Unit rspamd.service entered failed state.
Feb 23 16:06:19 mondomain systemd[1]: rspamd.service holdoff time over, scheduling restart.
Feb 23 16:06:19 mondomain systemd[1]: Cannot add dependency job for unit rspamd.socket, ignoring: Unit rspamd.socket failed to load: No such file or directory.
Feb 23 16:06:19 mondomain systemd[1]: Stopping rapid spam filtering system…
Feb 23 16:06:19 mondomain systemd[1]: Starting rapid spam filtering system…
Feb 23 16:06:19 mondomain systemd[1]: rspamd.service start request repeated too quickly, refusing to start.
Feb 23 16:06:19 mondomain systemd[1]: Failed to start rapid spam filtering system.
Feb 23 16:06:19 mondomain systemd[1]: Unit rspamd.service entered failed state.

Well, not cool :confused:

Hm, just to be sure, let’s regen the conf in case it has not been done during the update/upgrade :

yunohost service regen-conf rmilter --force

I do

yunohost service regen-conf rmilter --force
yunohost service regen-conf rspamd --force

and restart both … same log same problem …

I’m desperate

So apparently, ‘SEGV’ which appeared in previous logs you copy/pasted refers to segmentation fault, which is pretty bad. Can you tell which version of rmilter and rspamd you’re running ? Probably with rmilter --version and rspam --version (maybe with or without a d at the end of the name :/)

Ouch …

$ rmilter --version
Erreur de segmentation

Okay, that’s really really bad :slight_smile: .

I would suggest trying to reinstall the package.

Should be something like apt-get install rmilter --reinstall

ok I have done an apt-get update && apt-get upgarde

$ sudo apt-get upgrade
Lecture des listes de paquets… Fait
Construction de l’arbre des dépendances
Lecture des informations d’état… Fait
Calcul de la mise à jour… Fait
0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.
2 partiellement installés ou enlevés.
Après cette opération, 0 o d’espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n]
[master d5fac46] saving uncommitted changes in /etc prior to apt run
Author: pi pi@mondomain
55 files changed, 1895 insertions(+), 350 deletions(-)
create mode 100644 cron.d/yunohost-upgrade
create mode 100644 nginx/conf.d/mondomain.fr.d/roundcube.conf
create mode 100644 php5/fpm/pool.d/roundcube.conf
delete mode 100644 profile.d/sshpasswd.sh
create mode 100644 rmilter.conf.d/ynh_dkim.conf
create mode 100644 rspamd/redirectors.inc
create mode 100644 rspamd/worker-fuzzy.inc
create mode 120000 systemd/system/multi-user.target.wants/rspamd.service
delete mode 120000 systemd/system/sockets.target.wants/rmilter.socket
create mode 100644 yunohost/apps/roundcube/status.json
Paramétrage de rmilter (1.9.2+nmu2) …
Fichier de configuration « /etc/rmilter.conf »
==> Modifié (par vous ou par un script) depuis l’installation.
==> Le distributeur du paquet a fourni une version mise à jour.
Que voulez-vous faire ? Vos options sont les suivantes :
Y ou I : installer la version du responsable du paquet
N ou O : garder votre version actuellement installée
D : afficher les différences entre les versions
Z : suspendre ce processus pour examiner la situation
L’action par défaut garde votre version actuelle.
*** rmilter.conf (Y/I/N/O/D/Z) [défaut=N] ? Y
Installation de la nouvelle version du fichier de configuration /etc/rmilter.conf …
Installation de la nouvelle version du fichier de configuration /etc/rmilter.conf.common …
Installation de la nouvelle version du fichier de configuration /etc/rmilter.conf.sysvinit …
Paramétrage de yunohost (2.5.6) …
Regenerating configuration, this might take a while…
Attention : Le fichier de configuration « /etc/nslcd.conf » a été modifié manuellement et ne sera pas mis à jour
Attention : Le fichier de configuration « /etc/rmilter.conf » a été modifié manuellement et ne sera pas mis à jour
Restarting YunoHost firewall…
update-rc.d: error: no runlevel symlinks to modify, aborting!
[master 8c17a6d] committing changes in /etc after apt run
Author: pi pi@mondomain
4 files changed, 14 insertions(+), 54 deletions(-)
rewrite rmilter.conf (74%)
create mode 120000 systemd/system/multi-user.target.wants/rmilter.service

So I have respond : Y ou I : installer la version du responsable du paquet

So reinstall package (Paramétrage de rmilter (1.9.2+nmu2)) and regen-conf
and the problem still here …

segmentation fault

do I have to do the same for rspamd?

May be another information I’m running Raspbian on Raspberry … may be a dependance probleme ?

Hi. I just did the upgrade from 2.4 to 2.5. It seems that I have the same problem.

First, I update/upgrade all using the web administration panel.

Secondly, cron send me a first mail with : https://paste.yunohost.org/oyavilebav.vhdl. As you see, there was an error in rmilter too…
One our after, new mail (as the first cron failed) : https://paste.yunohost.org/afobutufib.vhdl. Same problem.

So, reading this thread I did :

 yunohost service regen-conf rmilter --force

Then manually run the upgrade script :

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get install yunohost moulinette yunohost-admin ssowat -y && rm -f /etc/cron.d/yunohost-upgrade

I entered “Y” when it asked me for rmilter (see log : https://paste.yunohost.org/dehozarara.vhdl).

Now, it seems to be ok for me as

systemctl status rmilter.service

shows Active: active (running)

However, I do have something wrong :

systemctl status rmilter.socket

gives me : Loaded: not-dound (Reason: No such file or directory) https://paste.yunohost.org/fuquvumupa.pas

EDIT :
Based on this post, it seems to have a configuration problem in /etc/rmilter.conf.common:

dkim {
    # Sample for dkim specific keys
    # domain {
    #   key = /etc/dkim/dkim_example.key;
    #   domain = "example.com";
    #       selector = "dkim";
    # };
    # domain {
    #   key = /etc/dkim/dkim_test.key;
    #   domain = "test.com";
    #       selector = "dkim";
    # };
    # Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key
domain {
            key = /etc/dkim;
            domain = "*";
            selector = "dkim";
    };
header_canon = relaxed;
body_canon = relaxed;
sign_alg = sha256;

};
The selector “dkim” is not the good one as in /etc/dkim/ the name is domain.ltd.mail.key and not domain.tld.dkim.key.

remove are your sure?