# /run/opendkim owned by opendkim, milter can't create socket

## jhon987

Hi,

Whenever I restart my VPS, /run/opnedkim directory is automatically owned by opendkim user and the result is:

OpenDKIM Filter: Unable to bind to port local:/var/run/opendkim/opendkim.sock: Permission denied

the socket simply cannot be created as the UserID in opendkim.conf = milter.

Only when I 

```
chown milter:milter /run/opnedkim 
```

only then can the socket be created and opendkim does not crash.

I have followed this guide: https://wiki.gentoo.org/wiki/OpenDKIM

and have tried adding milter to opendkim as well as dkimsocket groups but that doesn't change anything:

```
 # groups milter

opendkim dkimsocket milter

# rc-service opendkim restart

opendkim          | * Stopping opendkim ...

opendkim          | * start-stop-daemon: no matching processes found                [ ok ]

opendkim          | * Starting opendkim ... 

 rc-service opendkim status

 * status: crashed
```

Only when I manually chown /run/opendkim folder to milter, only then opendkim doesn't crash.

I'm looking for a solution that will work throughout reboots, without having to chown manually (nor through crontab)...?

----------

## Ant P.

Create an override for /usr/lib/tmpfiles.d/opendkim.conf in /etc/tmpfiles.d

----------

## jhon987

 *Ant P. wrote:*   

> Create an override for /usr/lib/tmpfiles.d/opendkim.conf in /etc/tmpfiles.d

 

thanks!

I should note it's not the safest thing as according to the guide I referenced before both milter and opendkim should access the socket through a 3rd group (dkimsocket for instance) - but that doesn't work unfortunately...

----------

## UberLord

I had this problem on my mail relay after I stupidly upgraded it to a Debian version with systemd opendkim/dmarc, etc.

I gave up, and replaced my email filtering stack with rspamd which does it all and without the overhead of perl or seperate milters.

Not looked back since, highly recommend it.

----------

## jhon987

 *UberLord wrote:*   

> I had this problem on my mail relay after I stupidly upgraded it to a Debian version with systemd opendkim/dmarc, etc.
> 
> I gave up, and replaced my email filtering stack with rspamd which does it all and without the overhead of perl or seperate milters.
> 
> Not looked back since, highly recommend it.

 

thanks for the experienced advice, I'll consider it

----------

## jhon987

 *UberLord wrote:*   

> I had this problem ...
> 
> I gave up, and replaced my email filtering stack with rspamd which does it all and without the overhead of perl or seperate milters.
> 
> Not looked back since, highly recommend it.

 

Hey @UberLord, do you mind if I'll ask you a few questions?

When you say you replaced your email filtering stack: 

first, are you using postfix?

if so, do you mean rspam replaces also amavis and clam? (because i haven't managed to detach postfix from both of these services - whenever i re/start postfix it automatically launches both)

lastly, i followed the rspamd quickstart guide, setting it up with dovecot and redis, i use unix sockets wherever possible but i still haven't managed to set it up correctly I guess, because I still have a few issues:

when i send / receive mails these what i see in rspamd log:

```
(normal) <766bd7>; task; rspamd_worker_body_handler: cannot handle request: invalid command

(rspamd_proxy) rspamd_http_decrypt_message: cannot verify encrypted message, first bytes of the input: 7b226572726f72223a22696e76616c696420636f6d6d616e64222c226572726f725f646f6d61696e223a2270726f746f636f6c2d6572726f72227d

(rspamd_proxy) <3ee727>; proxy; proxy_backend_master_error_handler: abnormally closing connection from backend: /var/run/rspamd/rspamd-normal.sock, error: HTTP parser error: the on_message_complete callback failed, retries left: 5

(rspamd_proxy) <3ee727>; proxy; proxy_backend_master_error_handler: retry connection to: /var/run/rspamd/rspamd-normal.sock retries left: 4
```

have no idea what invalid command does it refers to...

and another issue, if you happen to know, rspamd webUI is referring to the same address:port as the worker-controller, it seems i can only access it if the worker-controller is binded to a TCP socket (as unix sockets are only possible to access locally), is there a way make worker-controller still bind to to unix socket (which performs faster than TCP, AFAIK) and still use webUI?

----------

## UberLord

 *jhon987 wrote:*   

>  *UberLord wrote:*   I had this problem ...
> 
> I gave up, and replaced my email filtering stack with rspamd which does it all and without the overhead of perl or seperate milters.
> 
> Not looked back since, highly recommend it. 
> ...

 

Sure and yes

 *Quote:*   

> if so, do you mean rspam replaces also amavis and clam? (because i haven't managed to detach postfix from both of these services - whenever i re/start postfix it automatically launches both)

 

amavis is just a middle man between postfix and a filter (like clam).

rspamd does NOT replace clam - it's not a virus checker.

That being said, I don't run a virus checker on my mail server as virus checkers run on the machines I generally use and viruses would target - ie windows.

Postfix doesn't actually start anything external (amavis, clam) itself - but the init.d/postfix service might! Check there.

I don't use Gentoo these days so can't help much there really.

 *Quote:*   

> 
> 
> lastly, i followed the rspamd quickstart guide, setting it up with dovecot and redis, i use unix sockets wherever possible but i still haven't managed to set it up correctly I guess, because I still have a few issues:
> 
> when i send / receive mails these what i see in rspamd log:
> ...

 

I setup rspamd without setting the controller password - the WebUI is locked down to my local IP range AND is http password protected.

Also using sockets, so not exposed on the wire either (other than the WebUI) so again, no need to setup a password in rspamd.

----------

## jhon987

 *UberLord wrote:*   

>  *jhon987 wrote:*    *UberLord wrote:*   I had this problem ...
> 
> I gave up, and replaced my email filtering stack with rspamd which does it all and without the overhead of perl or seperate milters.
> 
> Not looked back since, highly recommend it. 
> ...

 

Thanks for taking the time to answer.

----------

