Home / server / Questions / 61232
Accepted
neezer
Asked: 2009-09-02 09:04:55 +0800 CST

Postfix & DKIMproxy woes: Connection Refused

  • 772

I have my server setup exactly like this article here: Getting DKIMproxy installed and configured, yet I am having the following issue.

When I go to send an email to my server through port 587, I get the following in my mail.log:

Sep  1 16:49:38 mailer postfix/smtpd[9974]: connect from unknown[xxx.xxx.xxx.xxx]
Sep  1 16:49:39 mailer postfix/smtpd[9974]: 0B6C5301BC: client=unknown[xxx.xxx.xxx.xxx]
Sep  1 16:49:39 mailer postfix/cleanup[9970]: 0B6C5301BC: message-id=<[email protected]>
Sep  1 16:49:39 mailer postfix/qmgr[9949]: 0B6C5301BC: from=<[email protected]>, size=552, nrcpt=1 (queue active)
Sep  1 16:49:39 mailer postfix/smtp[9953]: connect to 127.0.0.1[127.0.0.1]:10027: Connection refused
Sep  1 16:49:39 mailer postfix/smtp[9953]: 0B6C5301BC: to=<[email protected]>, relay=none, delay=0.14, delays=0.14/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10027: Connection refused)

I have /etc/dkimproxy/dkimproxy_out.conf set like the following:

# specify what address/port DKIMproxy should listen on
listen    127.0.0.1:10027

# specify what address/port DKIMproxy forwards mail to
relay     127.0.0.1:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)
# Note that this is set in /etc/init.d/dkimproxy in this Debian package
# unactivate it there if you want to use the config file
domain    mailer.xxx.com

# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=nofws)

# specify location of the private key
keyfile   /etc/dkimproxy/keys/email.key

# specify the selector (i.e. the name of the key record put in DNS)
selector  mail

And then my /etc/postfix/master.cf has the following appended to it (per the tutorial):

submission  inet  n     -       n       -       -       smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dksign:[127.0.0.1]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

dksign    unix  -       -       n       -       10      smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime,starttls

What I can't seem to figure out is why I keep getting "Connection Refused" on the port that DKIMproxy should be listening on. Can anyone help me out with this? I don't need to open anything in my firewall, do I? Since it should just be connecting internally on localhost?

I feel like I'm so close to get this working!

email

2 Answers

  1. Added 2 comments to your posting but are you sure you added the following section to master.cf?

    # service for accepting messages FROM the DKIM signing proxy
127.0.0.1:10028 inet  n  -      n       -       10      smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

    Postfix needs to be listening on 10028 so that DKIM can pass the connection along after its done its part.

    • 0
  2. Best Answer

    Got it.

    I had a firewall rule limiting localhost traffic and preventing those ports from being reached (or so I think):

    REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable

    Removing that allowed me to run dkimproxy and use the ports specified. Thanks for the help!

    • 0