Bug#944513: opendkim: Signing via TCP socket works, unix socket fails with SSL error
Package: opendkim
Version: 2.11.0~alpha-12
Severity: normal
Dear Maintainer,
I'm using opendkim to sign outbound messages in Postfix.
My previous installation used a TCP socket, that configuration still
works. According to Debian Wiki and upstream, we should use a unix
socket now, not TCP. Postfix is in a chroot at /var/spool/postfix.
I switched the socket, as advised, to
local:/var/spool/postfix/var/run/opendkim/opendkim.sock
in /etc/opendkim.conf and gave
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
in /etc/postfix/main.cf.
After restarting postfix and opendkim, signing outbound messages fails.
The postfix submission process returns an error to the client.
The error message in /var/log/mail.info is
Nov 10 20:47:03 seed10 opendkim[24709]: 120F6205B0: SSL error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data
Nov 10 20:47:03 seed10 opendkim[24709]: 120F6205B0: dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed
I expected a localhost:TCP socket and a unix socket would behave the
same. It looks as if SSL is not receiving all the information
it needs from opendkim.
I worked around the failure by reverting the socket change.
-- System Information:
Debian Release: 10.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-cloud-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages opendkim depends on:
ii adduser 3.118
ii dns-root-data 2019031302
ii libbsd0 0.9.1-2
ii libc6 2.28-10
ii libdb5.3 5.3.28+dfsg1-0.5
ii libldap-2.4-2 2.4.47+dfsg-3+deb10u1
ii liblua5.1-0 5.1.5-8.1+b2
ii libmemcached11 1.0.18-4.2
ii libmemcachedutil2 1.0.18-4.2
ii libmilter1.0.1 8.15.2-14~deb10u1
ii libopendbx1 1.4.6-13+b1
ii libopendkim11 2.11.0~alpha-12
ii librbl1 2.11.0~alpha-12
ii libssl1.1 1.1.1d-0+deb10u2
ii libunbound8 1.9.0-2+deb10u1
ii libvbr2 2.11.0~alpha-12
ii lsb-base 10.2019051400
opendkim recommends no packages.
Versions of packages opendkim suggests:
ii opendkim-tools 2.11.0~alpha-12
pn unbound <none>
-- Configuration Files:
/etc/default/opendkim changed:
RUNDIR=/var/spool/postfix/var/run/opendkim
SOCKET=local:$RUNDIR/opendkim.sock
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=
/etc/dkimkeys/README.PrivateKeys [Errno 13] Permission denied: '/etc/dkimkeys/README.PrivateKeys'
/etc/opendkim.conf changed:
Syslog yes
UMask 007
KeyFile /etc/dkimkeys/truffula.private
Domain truffula.us
Selector mail
Socket inet:12301@localhost
PidFile /run/opendkim/opendkim.pid
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
UserID opendkim
-- no debconf information
Reply to: