We use opendkim and have been running it successfully since mid-2014.
We recently upgraded from opendkim-2.9.0 to 2.10.1 via yum due to a
push from the epel repository. Since that update was applied we are
getting this in the maillog.
Mar 31 16:17:58 inet08 postfix-p25/smtpd[20097]: warning: connect to
Milter service inet:127.0.0.1:8891: Connection refused
There were no configuration changes made to postfix.
The postfix service has been restarted. In fact, due to another
update, the host was rebooted before we had noticed the dkim problem.
Nonetheless the issue commenced logging immediately after the update
and before the reboot.
I cannot roll back because opendkim-2.9.0 is gone from the repos.
There are no SELinux AVCs at all.
We have confirmed that it is not a firewall issue.
Extract from postconf -n
smtpd_client_restrictions = permit
smtpd_data_restrictions = permit_mynetworks,
reject_multi_recipient_bounce, reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/etc/postfix/helo_checks.pcre, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:8891
smtpd_proxy_timeout = 300s
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unauth_pipelining, check_policy_service
unix:/var/spool/postfix/postgrey/socket, check_policy_service
unix:private/policyd-spf, permit
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/sender_access, check_sender_mx_access
hash:/etc/postfix/sender_mx_access, check_sender_ns_access
hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_starttls_timeout = ${stress?10}${stress:120}s
smtpd_timeout = ${stress?10}${stress:120}s
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/ca.harte-lyne.hamilton.smtp.crt
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = /etc/pki/tls/private/ca.harte-lyne.hamilton.smtp.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
Any ideas?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
