I have followed: http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 and http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1

When i try to start dk-milter:
[root@mexus domainkeys]# service dk-milter start
Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed

I tried:
chown dk-milt:mail *.pem
postfix and dk..... restart but still there is no dk.sock.
How can i fix this?
I read http://www.howtoforge.com/forums/showthread.php?t=20410 and

http://domainkeys.sourceforge.net/policycheck.html says:
Testing mexus.org
Policy TXT=t=y; o=~
This policy record appears valid.
o ~ Domain signs some email
t y Domain is in test mode

the keys are identical (double checked that).

Please help me!

Seems like the socket can not be created do you have selinux in enforcing mode ?

What is the output of

ls /var/run/ -l

drwxrwx--- 2 dk-milt mail 4096 Feb 26 00:14 dk-milter

se linux is disabled....

Are you sure that there is no socket in
/var/run/dk-milter ?

If so then post your config here its see may be there is a typo in the location of your socket

sorry, yesterday it was missing... not its there:
srwxrwx--- 1 dk-milt mail 0 Feb 26 00:14 dk.sock

Here is the config:
USER="dk-milt"
PORT="local:/var/run/dk-milter/dk.sock"
SIGNING_DOMAIN="mexus.org"
SELECTOR_NAME="mexus.org"
KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem"
(its the same with the delault value; i'm sure that there is no typo in the generated files i have double checked....)
SIGNER=yes
VERIFIER=yes
CANON=simple
REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
EXTRA_ARGS="-h -l -D"
MILTER_GROUP="mail"

Okay now that its there what error are you getting from postfix ?

>/etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]




Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: Authentication-Warning: mexus.org: apache set sender to master@mexus.org using -f
Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: from=master@mexus.org, size=353, class=0, nrcpts=1, msgid=<e39ed2c3c6762b41ad1bd57095b5c7a3@localhost>, relay=apache@localhost
Feb 26 16:57:41 mexus postfix/smtpd[19419]: connect from localhost.localdomain[127.0.0.1]
Feb 26 16:57:41 mexus postfix/smtpd[19419]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Connection refused
Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 26 16:57:41 mexus postfix/smtpd[19419]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org>
Feb 26 16:57:41 mexus sendmail[19418]: m1QEvfhA019418: to=mexus@abv.bg, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30353, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later
Feb 26 16:57:41 mexus postfix/smtpd[19419]: disconnect from localhost.localdomain[127.0.0.1]
Feb 26 16:57:41 mexus imapd: LOGOUT, user=master@mexus.org, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=450, sent=423, time=0
Feb 26 16:57:41 mexus imapd: Connection, ip=[::ffff:127.0.0.1]
Feb 26 16:57:41 mexus imapd: LOGIN, user=master@mexus.org, ip=[::ffff:127.0.0.1], port=[56657], protocol=IMAP
Feb 26 16:57:41 mexus imapd: LOGOUT, user=master@mexus.org, ip=[::ffff:127.0.0.1], headers=2146, body=0, rcvd=478, sent=6190, time=0
Feb 26 16:57:42 mexus imapd: Connection, ip=[::ffff:127.0.0.1]
Feb 26 16:57:42 mexus imapd: LOGIN, user=master@mexus.org, ip=[::ffff:127.0.0.1], port=[56658], protocol=IMAP
Feb 26 16:57:42 mexus imapd: LOGOUT, user=master@mexus.org, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=301, sent=1799, time=0

Try running it on a tcp port instead of a unix socket, the other thread has details on doing that. If it fails then you did something wrong with the way you setup the keys.

I tried that too.
I did that:
/usr/share/doc/dk-milter-0.6.0/gentxt.sh mexus.org mexus.org
i send to the dns admin of the domain to add this to the zone:
default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJQfGTmsFzILU6ep 6aSFg+WrTkaOLmoRillFNbOpNOr5Gst5H8wG9Oh2SpUytaruP/7j/eWQ8Wyz6zX2gAtzwF0CAwEAAQ==" ; ----- DomainKey default for example.com (example)
_domainkey IN TXT "t=y; o=~"

mv default.private /etc/mail/domainkeys/dk_mexus.org.pem
chown dk-milt:dk-milt /etc/mail/domainkeys/dk_mexus.org.pem
chmod 600 /etc/mail/domainkeys/dk_mexus.org.pem

that's all. Have double checked the keys are fine.
Where could be the problem?

> service dk-milter restart
Shutting down all DomainKeys milter (dk-filter): [FAILED]
Cleanup for DomainKeys milter (dk-filter #0):
Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed

I tried that too.
I did that:
/usr/share/doc/dk-milter-0.6.0/gentxt.sh mexus.org mexus.org
i send to the dns admin of the domain to add this to the zone:
default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJQfGTmsFzILU6ep 6aSFg+WrTkaOLmoRillFNbOpNOr5Gst5H8wG9Oh2SpUytaruP/7j/eWQ8Wyz6zX2gAtzwF0CAwEAAQ==" ; ----- DomainKey default for example.com (example)
_domainkey IN TXT "t=y; o=~"

mv default.private /etc/mail/domainkeys/dk_mexus.org.pem
chown dk-milt:dk-milt /etc/mail/domainkeys/dk_mexus.org.pem
chmod 600 /etc/mail/domainkeys/dk_mexus.org.pem

that's all. Have double checked the keys are fine.
Where could be the problem?

> service dk-milter restart
Shutting down all DomainKeys milter (dk-filter): [FAILED]
Cleanup for DomainKeys milter (dk-filter #0):
Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed

smfi_opensocket() is only when you are using a unix socket and the socket file exists i.e was not removed by the previous process.

If your PORT is pointing to a TCP socket you cannot get that error.

Okay now i see, you have misconfigured your system.

Your selector is pointing to this

SELECTOR_NAME="mexus.org"


And yet in dns your SELECTOR_NAME is set to default.

default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJQfGTmsFzILU6ep 6aSFg+WrTkaOLmoRillFNbOpNOr5Gst5H8wG9Oh2SpUytaruP/7j/eWQ8Wyz6zX2gAtzwF0CAwEAAQ=="

I pasted the default value from the how-to for security reasons, i had tried with the tcp setup and it didn't worked out too.

you can not have a dot "." in the selector name it confuses the DNS.

You need to edit your config file and set this

SELECTOR_NAME="default"


As the only selector you have in dns is "default"

dig txt default._domainkey.mexus.org
default._domainkey.mexus.org. 83338 IN TXT "g=\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK0FXLEeV8mMy9AN i6eCLcJcYmuIpsTk8YzFB6e5eNZj9Qgyjx0pUEIfgksenhFk97 urT8OWpOn9JKMeVGndf9ECAwEAAQ=="

Still doesn't work... here is the maillog

Feb 27 12:50:46 mexus imapd: LOGIN, user=master@mexus.org, ip=[::ffff:127.0.0.1], port=[55712], protocol=IMAP
Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: Authentication-Warning: mexus.org: apache set sender to master@mexus.org using -f
Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: from=master@mexus.org, size=325, class=0, nrcpts=1, msgid=<7360dceb401e2eced1eaa51c68777c7b@localhost>, relay=apache@localhost
Feb 27 12:50:46 mexus postfix/smtpd[6828]: connect from localhost.localdomain[127.0.0.1]
Feb 27 12:50:46 mexus postfix/smtpd[6828]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory
Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 12:50:46 mexus postfix/smtpd[6828]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org>
Feb 27 12:50:46 mexus sendmail[6827]: m1RAokbA006827: to=mexus@abv.bg, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30325, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later

ls -la /var/run/dk-milter
total 12
drwxrwx--- 2 dk-milt mail 4096 Feb 27 00:42 .
drwxr-xr-x 29 root root 4096 Feb 27 12:43 ..

If i try with the TCP setting:
[root@mexus ~]# /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mexus ~]# service dk-milter restart
Shutting down all DomainKeys milter (dk-filter): [FAILED]
Cleanup for DomainKeys milter (dk-filter #0):
chgrp: cannot access `inet:10034@localhost': No such file or directory
chmod: cannot access `inet:10034@localhost': No such file or directory

[root@mexus ~]#

Thats because you are not following the instructions, you have switched to use TCP sockets with the milter but your postfix is still pointing to a UNIX socket.

Just revert back to using UNIX sockets in your milter configuration as the problem was not the milter the problem was having the wrong selector in your configuration file.

/etc/sysconfig/dk-milter

USER="dk-milt"
PORT="local:/var/run/dk-milter/dk.sock"
SIGNING_DOMAIN="mexus.org"
SELECTOR_NAME="default"
KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem"
SIGNER=yes
VERIFIER=yes
CANON=simple
REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
EXTRA_ARGS="-h -l -D"
MILTER_GROUP="mail"

/etc/postfix/main.cf
smtpd_milters = unix:/var/run/dk-milter/dk.sock
non_smtpd_milters = unix:/var/run/dk-milter/dk.sock


[root@mexus ~]# /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mexus ~]# service dk-milter restart
Shutting down all DomainKeys milter (dk-filter): [ OK ]
Cleanup for DomainKeys milter (dk-filter #0):
Starting DomainKeys milter (dk-filter #0): [ OK ]
[root@mexus ~]#

maillog
Feb 27 15:06:17 mexus postfix/smtpd[14004]: connect from unknown[127.0.0.1]
Feb 27 13:06:17 mexus postfix/smtpd[14004]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: No such file or directory
Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: CONNECT from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: EHLO from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 13:06:17 mexus postfix/smtpd[14004]: NOQUEUE: milter-reject: MAIL from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<localhost>
Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Negative SMTP resp to DATA: 503 5.5.1 Error: need MAIL command
Feb 27 13:06:17 mexus postfix/smtpd[14004]: disconnect from unknown[127.0.0.1]
Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Negative SMTP resp. to QUIT: 503 5.5.1 Error: need RCPT command
Feb 27 15:06:17 mexus amavis[6982]: (06982-06) (!)FWD via SMTP: <master@mexus.org> -> <mexus@abv.bg>,BODY=8BITMIME 451 4.6.0 Failed, id=06982-06, from MTA([127.0.0.1]:10025): 451 4.7.1 Service unavailable - try again later
Feb 27 15:06:17 mexus amavis[6982]: (06982-06) Blocked MTA-BLOCKED, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <master@mexus.org> -> <mexus@abv.bg>, Message-ID: <8d186d29166f46712fabbfb5f003b97a@localhost>, mail_id: VtuGx-P-QxDO, Hits: -0.78, size: 988, 5886 ms
Feb 27 15:06:17 mexus postfix/smtp[13991]: CE9FF4438249: to=<mexus@abv.bg>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.1, delays=0.18/0.02/0.01/5.9, dsn=4.7.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.7.1 Service unavailable - try again later (in reply to end of DATA command))

I think there is a problem with your keys as well, when using the UNIX socket the error does not get generated.

Please generate new keys using selector default and try again.

than i changed dk-milter:
PORT="local:/var/run/dk-milter/dk.sock"
to
PORT="unix:/var/run/dk-milter/dk.sock"

now i get

Feb 27 15:16:25 mexus postfix/smtpd[14685]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Permission denied
Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 27 15:16:25 mexus postfix/smtpd[14685]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org>
Feb 27 15:16:25 mexus sendmail[14753]: m1RDGPbE014753: to=mexus@abv.bg, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30333, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later

What's the output of ls -la /var/run/dk-milter?

[root@mexus ~]# ls -la /var/run/dk-milter

total 12
drwxrwx--- 2 dk-milt mail 4096 Feb 27 15:14 .
drwxr-xr-x 29 root root 4096 Feb 28 22:43 ..
srwxr-xr-x 1 dk-milt dk-milt 0 Feb 27 15:14 dk.sock

It still doesn't work. I have generated new files, with selector name default and domain mexus.org, the domain sells administrator added the new keys to the dns.

Here is the dk-milter conf:
USER="dk-milt"
PORT="local:/var/run/dk-milter/dk.sock"
SIGNING_DOMAIN="mexus.org"
SELECTOR_NAME="default"
KEYFILE="/etc/mail/domainkeys/dk_mexus.org.pem"
SIGNER=yes
VERIFIER=yes
CANON=simple
REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
EXTRA_ARGS="-h -l -D"
MILTER_GROUP="mail"


Here is the lines i have added to postfix main.cf:
smtpd_milters = unix:/var/run/dk-milter/dk.sock
non_smtpd_milters = unix:/var/run/dk-milter/dk.sock

maillog
Feb 28 22:42:39 mexus imapd: LOGIN, user=master@mexus.org, ip=[::ffff:127.0.0.1], port=[37319], protocol=IMAP
Feb 28 22:42:39 mexus sendmail[5538]: m1SKgdKp005538: Authentication-Warning: mexus.org: apache set sender to master@mexus.org using -f
Feb 28 22:42:39 mexus sendmail[5538]: m1SKgdKp005538: from=master@mexus.org, size=363, class=0, nrcpts=1, msgid=<262e6f414dd7e7f583e7d61be15454db@localhost>, relay=apache@localhost
Feb 28 22:42:40 mexus postfix/smtpd[5539]: connect from localhost.localdomain[127.0.0.1]
Feb 28 22:42:40 mexus postfix/smtpd[5539]: warning: connect to Milter service unix:/var/run/dk-milter/dk.sock: Permission denied
Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: CONNECT from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Feb 28 22:42:40 mexus postfix/smtpd[5539]: NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<mexus.org>
Feb 28 22:42:40 mexus sendmail[5538]: m1SKgdKp005538: to=mexus@abv.bg, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30363, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Service unavailable - try again later
Feb 28 22:42:40 mexus postfix/smtpd[5539]: disconnect from localhost.localdomain[127.0.0.1]

The keys in DNS have not been changed. Its still the same key that you had before.
dig txt default._domainkey.mexus.org

[mexus@mexus ~]$ dig txt default._domainkey.mexus.org

; <<>> DiG 9.5.0b1 <<>> txt default._domainkey.mexus.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18905
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;default._domainkey.mexus.org. IN TXT

;; ANSWER SECTION:
default._domainkey.mexus.org. 86400 IN TXT "g=\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM+EJEsvwJ9Ioi0z VKBa8Nn1tQkPa1zrdnzViIkOpP2f1ZlzVCZlh0vmWJJrke33y4 uaLsdzKOg4TkWvtl57LmkCAwEAAQ=="

;; AUTHORITY SECTION:
mexus.org. 83974 IN NS redirns1.bgdns.net.
mexus.org. 83974 IN NS redirns2.bgdns.net.

;; ADDITIONAL SECTION:
redirns1.bgdns.net. 219883 IN A 87.120.40.31
redirns2.bgdns.net. 269376 IN A 82.195.156.164

;; Query time: 3 msec
;; SERVER: 85.11.172.1#53(85.11.172.1)
;; WHEN: Sat Mar 1 02:13:42 2008
;; MSG SIZE rcvd: 292

Everyting is right. No problem with ther dns. I don't realy know what could be. I'm doing everything right and it still doesn't work :(

Please take a look at post 11, i did query your key then some time back, compare that with the current key, its still the same.

This means since you say you have generated new keys, your dns admin has not added the new key that you sent him.

Please get that sorted then we can debug further.