Can't make DKIM work

[Hamsterman]

I tried this

docker run -d --name SMTP -p 25:25 -e POSTFIX_myhostname=mydomain.com -e OPENDKIM_DOMAINS=mydomain.com -v "SomeLocalPath:/etc/opendkim/keys/" mwader/postfix-relay

Then I tried sending a mail
Send-MailMessage -To [email protected] -From [email protected] -Subject "Test Subject" -Body "Test Body" -SmtpServer IPofDocker

But I get this error
Send-MailMessage : Error in processing. The server response was: 4.7.1 Service unavailable - try again later

I can see that the DKIM files is generated and they look alright.

I played around with it some more and it seems there are some things that needs to be done.
First I need to set it to allow "outside docker" relay
-e POSTFIX_mynetworks="0.0.0.0/0" -e POSTFIX_mynetworks_style=subnet
Can probably be more restrictive.

But then there is the DKIM again.
Because I have added a volume to reuse the DKIM keys OpenDKIM complains about them not being safe.

opendkim[33]: mail._domainkey.mydomain.com: key data is not secure: /etc/opendkim/keys can be read or written by other users
opendkim[33]: 29AF1200458: error loading key 'mail._domainkey.mydomain.com'

To avoid this I had to edit the /etc/opendkim.conf and put in (RequireSafeKeys no).
That removed the second error (about loading the key).
It's really not a fix because that will get overridden when the container is restarted.
I tried this: -e OPENDKIM_RequireSafeKeys=no but that did not work

[wader]

Hello! are you running Send-MailMessage on the host? You probably don't wan to export port 25 as default it is configured to be an open relay (https://github.com/wader/postfix-relay/blob/master/Dockerfile#L22) so anyone could send mail thru it. The idea with the default configuration is to relay on docker networking for security so you can't have to configure anything.

About -e OPENDKIM_RequireSafeKeys=no, yeah it won't work. Only postfix options can be configured using env variables at the moment.

[hemberger]

@Hamsterman I think the DKIM permissions issue is related to how you are volume-mounting. Do you have only a single domain? If so, then try the following instead:

docker run ... -v "SomeLocalPath:/etc/opendkim/keys/mydomain.com" ...

Where SomeLocalPath is a directory that contains (or will contain) your mail.private file.

[Hamsterman]

@Hamsterman I think the DKIM permissions issue is related to how you are volume-mounting. Do you have only a single domain? If so, then try the following instead:

docker run ... -v "SomeLocalPath:/etc/opendkim/keys/mydomain.com" ...

Where SomeLocalPath is a directory that contains (or will contain) your mail.private file.

I just tried that - same error. But good idea though.

[Hamsterman]

Hello! are you running Send-MailMessage on the host? You probably don't wan to export port 25 as default it is configured to be an open relay (https://github.com/wader/postfix-relay/blob/master/Dockerfile#L22) so anyone could send mail thru it. The idea with the default configuration is to relay on docker networking for security so you can't have to configure anything.

About -e OPENDKIM_RequireSafeKeys=no, yeah it won't work. Only postfix options can be configured using env variables at the moment.

I am running Send-MailMessage on my personal PC which is on the same local network as the docker host. My whole purpose is that my machine (and other hosts in my network) can use the relay. But for sure I need to have this as restrictive as possible - That is phase 2. Phase 1 is making it work.

[wader]

@Hamsterman Ok good, just want to make sure you don't expose it to the public internet and have a bad time

[wader]

@Hamsterman do you have any idea what parent of SomeLocalPath that opendkim conciders being writable and not safe?

[Hamsterman]

@Hamsterman do you have any idea what parent of SomeLocalPath that opendkim conciders being writable and not safe?
It's a "standard" volume: "/c/Applications/Docker/SMTP/DKIM/".
My docker host is on Windows and the host user got full access to that share. So from opendkim's viewpoint the keys are indeed unsafe.

[hemberger]

@Hamsterman I think the only way to track down this issue is by inspecting your container, rather than the host filesystem. Can you enter your running container (by execing sh) and look at the permissions of /etc/opendkim/keys and subdirectories? It would be especially helpful if you could do this while trying my suggestion from #14 (comment). If you're not modifying /etc/opendkim/keys, then that directory should have the same permissions that I see so long as we're using the same image.

[Hamsterman]

root@9c97391916e4:/# cd /etc/opendkim/keys
root@9c97391916e4:/etc/opendkim/keys# ls -lha
total 4.0K
drwxrwxrwx 1 root root 0 Mar 15 20:16 .
drwxr-xr-x 1 root root 4.0K Mar 17 06:30 ..
drwxrwxrwx 1 root root 0 Mar 15 18:58 mydomain.com
-rwxr-xr-x 1 root root 267 Mar 15 20:17 opendkim.conf

[hemberger]

Thanks for the info! In the base image, the permissions of /etc/opendkim/keys should be drwxr-xr-x, as per #15 (comment). Is it possible that you've modified the contents of the container? If you start from a fresh container and only volume-mount to /etc/opendkim/keys/mydomain.com, I would expect it to work (otherwise there's something else going on that I don't understand).

[wader]

Im no very experience with Windows but i read up a bit about docker bind mounts on windows i get the feeling the mapping between windows permissions and linux is a bit lacking depending on how docker is run (in VM, WSL etc).

If you docker exec into a running postfix container and try chmod u=,o= /etc/opendkim/keys/somedomain/mail.private does it have any effect?

Maybe you could also look into if it is possible to bind mount with umask, fmask options etc to remove group and other permissions. Docker in WSL mode seems to support this.

I would like to see if this is possible to fix with docker configuration first before concidering changes.

Security wise copying the private keys from a bind mount to get around the opendkim security check would defeat the point of the check as the private keys would still be accessible as a non-opendkim user inside the container at the bind mount path. This probably need to be documented at least.

[Hamsterman]

That rights change made it worse I am afraid. Now the logs says this:
opendkim[33]: can't load key from /etc/opendkim/keys/mydomain.com/mail.private: Operation not permitted.

I have no Idea on how to change the folder rights - all I do is use the "-v" parameter. Not much you can change there.

[wader]

How does it look if you do ls -l /etc/opendkim/keys/mydomain.com/mail.private?

[Hamsterman]

root@9c97391916e4:/# ls -l /etc/opendkim/keys/mydomain.com/mail.private
-r-xr-xr-x 1 root root 1679 Mar 15 18:58 /etc/opendkim/keys/mydomain.com/mail.private

[wader]

and if you do chmod g=,o= /etc/opendkim/keys/mydomain.com/mail.private and chown opendkim:opendkim /etc/opendkim/keys/mydomain.com/mail.private does it have any effect on the permissions and owner?

[Hamsterman]

Thanks for the info! In the base image, the permissions of /etc/opendkim/keys should be drwxr-xr-x, as per #15 (comment). Is it possible that you've modified the contents of the container? If you start from a fresh container and only volume-mount to /etc/opendkim/keys/mydomain.com, I would expect it to work (otherwise there's something else going on that I don't understand).

I have just tried this. Basically I just removed the shared folder. The problem was still the same.

[Hamsterman]

and if you do chmod g=,o= /etc/opendkim/keys/mydomain.com/mail.private and chown opendkim:opendkim /etc/opendkim/keys/mydomain.com/mail.private does it have any effect on the permissions and owner?

No change. Same error.

[wader]

Ok so chmod and chown succeeded but the permission or owner did not change? and opendkim still says Operation not permitted. or complains about read and writable private key?

Im kind of bind here helping so lots of verbosity what your are trying is great.

My guess is that docker volume mounts in windows dont really care about permissions and just make up dummy ones (everyone read/write etc). Those permisisons opendkim does not like. If so then the keys directory can't be on a windows bind mount as it looks now unless it's possible to make windows mask away some of the permissions to make opendkim happy.

How do you run docker on windows btw? vm or wsl?

[Hamsterman]

My guess is that docker volume mounts in windows dont really care about permissions and just make up dummy ones (everyone read/write etc). Those permisisons opendkim does not like. If so then the keys directory can't be on a windows bind mount as it looks now unless it's possible to make windows mask away some of the permissions to make opendkim happy.

I think that is what happens too.

And I run docker in a Hyper-V virtual machine

[wader]

Still a bit confused about when you get Operation not permitted and when opendkim complains about writeability. Do you when what causes the difference? seems chmod or chown has some effect.

[Hamsterman]

Let's work around a scenario that when you do a -v for the keys on docker Windows the rights to the files are changed by the mounting of the share.

But my question is - what happens on linux if you mount the keys folder. On linux you would still expect to have read/write permissions to the files thus having opendkim complain.

In general you do not want the container to "own" folders that you mount. The reason you mount the folder is to reuse it over and over again after you remove the container and create it again.

[Hamsterman]

I suspect that the Docker Desktop for Windows have a strange way of handling shares.
I have reported a general issue here:
Mounting a Windows share to a container

[wader]

Ok good! subscribing to the issue

[Hamsterman]

To test further I have installed RancherOS but it seems that there still problems.

opendkim[42]: xxxx._domainkey.xxxxx.xxx: key data is not secure: /etc/opendkim/keys is writeable and owned by uid 1100 which is not the executing uid (102) or the superuser

uid 1100 is the rancher default user. I have not performed any manual changes to the rights. To me it seems that image is not setting the rights correctly

[Hamsterman]

Oh and by the way I can't see any users with uid 102 (less /etc/passwd)

[hemberger]

This error still seems like it's a consequence of the way that volume mounts are being used, as described in #14 (comment). The run script makes sure that the subdirectories in /etc/opendkim/keys have the correct permissions, but (for better or for worse) it does not modify /etc/opendkim/keys itself.

Here's my setup:

    smtp:
        image: wader/postfix-relay
        environment:
            - POSTFIX_myhostname=hostname.local
            - OPENDKIM_DOMAINS=<DOMAIN>=key1
        volumes:
            - ./opendkim:/etc/opendkim/keys/<DOMAIN>

Where the directory being mounted ./opendkim has these permissions in the host filesystem:

user@host ~ $ ls -lnd ./opendkim
drwxr-xr-x 2 102 104 4096 Sep  1  2018 ./opendkim

user@host ~ $ ls -ln opendkim
total 8
-rw------- 1  102  104 887 Mar 26  2018 key1.private
-rw-rw-r-- 1 1000 1000 328 Sep  1  2018 README.md

And inside the container, the permissions are:

user@host ~ $ docker-compose exec smtp bash
root@container:/# ls -ld /etc/opendkim/keys
drwxr-xr-x 3 root root 4096 May 11 21:30 /etc/opendkim/keys
root@container:/# ls -ld /etc/opendkim/keys/<DOMAIN>
drwxr-xr-x 2 opendkim opendkim 4096 Sep  1  2018 /etc/opendkim/keys/<DOMAIN>

I don't get any permission errors with these settings. If you're not modifying /etc/opendkim/keys, then you shouldn't get any errors either (or at least this particular error). Does that help at all?

[Hamsterman]

It look almost the same to me.

[rancher@rancher ~]$ ls -lnd /ContainerStorage/XXXX/
drwxr-xr-x 2 102 104 4096 May 13 15:00 /ContainerStorage/XXXXX/
[rancher@rancher ~]$ ls -ln /ContainerStorage/XXXXX/
total 8
-rw------- 1 102 104 1675 May 13 15:00 mail.private
-rw------- 1 102 0 510 May 13 15:00 mail.txt
[rancher@rancher ~]$

Inside the container:
root@7342b67cf5ba:/# ls -ld /etc/op
opendkim/ opendkim.conf opt/
root@7342b67cf5ba:/# ls -ld /etc/opendkim/keys/
drwxr-xr-x 5 1100 root 4096 May 13 15:00 /etc/opendkim/keys/
root@7342b67cf5ba:/# ls -ld /etc/opendkim/keys/XXXXX/
drwxr-xr-x 2 opendkim opendkim 4096 May 13 15:00 /etc/opendkim/keys/XXXXX/

[Hamsterman]

I have tested with CentOS 7 and there it works.

[wader]

Works are in postfix-relay works without any permission issues on CentOS?

[Hamsterman]

Works are in postfix-relay works without any permission issues on CentOS?

Yeah I didn't have to do anything to make it work

[wader]

Think i need more context to understand what is going on. Do volume mount /etc/opendkim/keys/? do you know if CentOS default do some kind of uid/gid mapping? it looks like the uid and gids in the ls output are different.

[Hamsterman]

Yeah I mounted the keys.

What Linux distros have you tested on ?

[wader]

I've used the image with ubuntu 16.04 and docker for mac. But only used keys stored in a "anonymous" volume for /etc/opendkim/keys crated by docker-compose

[Hamsterman]

Obviously there will be no issues when using an anonymous volume.
I think you should try with actual volumes so the keys can be reused.
Otherwise you might lose your keys.

[wader]

With docker-compose anonymous volume are persistent as it makes sure to move them over to a new container if needed (if the image is updated etc) so i haven't really needed to use host volumes myself.

Sorry i don't have much time to think about this at the moment. What i'm afraid of with changing persmisson and owners of whole directories is what @hemberger mentioned here #15 (comment)

[Hamsterman]

Based on this issue I think it's safe to say that volumes are not supported by this image at the moment. I think you should state that.

I am looking forward for a fix that make volumes work.

[wader]

Ok, just to be sure again this is only when using docker for windows and using a host volume?

I failed to reproduce on docker for mac and ubuntu 16.04:

docker run -d \
    --name smtp \
    -p 8025:25 \
    -e POSTFIX_myhostname=mydomain.com \
    -e OPENDKIM_DOMAINS=mydomain.com \
    -v "$PWD/keys:/etc/opendkim/keys" \
    mwader/postfix-relay

sleep 5

docker stop smtp

docker logs smtp

ls -ld keys
ls -ld keys/*
ls -l keys/*/*

chmod a+r keys/*/*

ls -l keys/*/*

docker start smtp

sleep 3

ls -l keys/*/*

docker logs smtp

#docker kill smtp
#docker rm smtp

Running it plus test sending an email:

$ sh -x test.sh
+ docker run -d --name smtp -p 8025:25 -e POSTFIX_myhostname=mydomain.com -e OPENDKIM_DOMAINS=mydomain.com -v /Users/wader/src/test/postfix-relay-test/keys:/etc/opendkim/keys mwader/postfix-relay
e89cb0b70ca7594b5d61bcd4549a42933d48ec148d145eb45a67accfa2670625
+ sleep 5
+ docker stop smtp
smtp
+ docker logs smtp
DNS records:
mail._domainkey.mydomain.com.	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWeL+BZOtGby+qgaUvs9RJbi/W6dzKV2iKPlmxNjljjP4cCg+b6PirwN8p4DxvCsZ55rzU953mNUnXKnRnb91I8s6rFj66jbCNObDp7zEGtXVzQw/pUKUdJhXohj8Y2l30zBmXDYXf18jGsnd/WH83lCgZyXAIGHQce+RsQtfKOAqVFtUjtrQLdn0QKr+PX9r3Y2heJw4ug80"
	  "i2OPZP6dvv87I9UyUcUel1Bd6B8Y0boIit7Ly2oFTbNSOj13jqnVPeQhPsKgAtfnBR2lWem+ac8Qrv2UO4R25K0F2Ixp1P3FZ6nTbVBRFQoFjY1lU2i2vBRRt5GRTgAP2oNsErzwIDAQAB" )  ; ----- DKIM key mail for mydomain.com
Starting OpenDKIM: opendkim.
Starting Postfix Mail Transport Agent: postfix.
rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="152" x-info="https://www.rsyslog.com"] start
postfix/master[151]: daemon started -- version 3.4.8, configuration /etc/postfix
Stopping Postfix Mail Transport Agent: postfixpostfix/master[151]: terminating on signal 15
.
Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed.
opendkim.
+ ls -ld keys
drwxr-xr-x  3 wader  staff  96 May 27 17:11 keys
+ ls -ld keys/mydomain.com
drwxr-xr-x@ 4 wader  staff  128 May 27 17:11 keys/mydomain.com
+ ls -l keys/mydomain.com/mail.private keys/mydomain.com/mail.txt
-rw-------@ 1 wader  staff  1679 May 27 17:11 keys/mydomain.com/mail.private
-rw-r--r--  1 wader  staff   516 May 27 17:11 keys/mydomain.com/mail.txt
+ chmod a+r keys/mydomain.com/mail.private keys/mydomain.com/mail.txt
+ ls -l keys/mydomain.com/mail.private keys/mydomain.com/mail.txt
-rw-r--r--@ 1 wader  staff  1679 May 27 17:11 keys/mydomain.com/mail.private
-rw-r--r--  1 wader  staff   516 May 27 17:11 keys/mydomain.com/mail.txt
+ docker start smtp
smtp
+ sleep 3
+ ls -l keys/mydomain.com/mail.private keys/mydomain.com/mail.txt
-rw-------@ 1 wader  staff  1679 May 27 17:11 keys/mydomain.com/mail.private
-rw-r--r--  1 wader  staff   516 May 27 17:11 keys/mydomain.com/mail.txt
+ docker logs smtp
DNS records:
mail._domainkey.mydomain.com.	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWeL+BZOtGby+qgaUvs9RJbi/W6dzKV2iKPlmxNjljjP4cCg+b6PirwN8p4DxvCsZ55rzU953mNUnXKnRnb91I8s6rFj66jbCNObDp7zEGtXVzQw/pUKUdJhXohj8Y2l30zBmXDYXf18jGsnd/WH83lCgZyXAIGHQce+RsQtfKOAqVFtUjtrQLdn0QKr+PX9r3Y2heJw4ug80"
	  "i2OPZP6dvv87I9UyUcUel1Bd6B8Y0boIit7Ly2oFTbNSOj13jqnVPeQhPsKgAtfnBR2lWem+ac8Qrv2UO4R25K0F2Ixp1P3FZ6nTbVBRFQoFjY1lU2i2vBRRt5GRTgAP2oNsErzwIDAQAB" )  ; ----- DKIM key mail for mydomain.com
Starting OpenDKIM: opendkim.
Starting Postfix Mail Transport Agent: postfix.
rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="152" x-info="https://www.rsyslog.com"] start
postfix/master[151]: daemon started -- version 3.4.8, configuration /etc/postfix
Stopping Postfix Mail Transport Agent: postfixpostfix/master[151]: terminating on signal 15
.
Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed.
opendkim.
DNS records:
mail._domainkey.mydomain.com.	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWeL+BZOtGby+qgaUvs9RJbi/W6dzKV2iKPlmxNjljjP4cCg+b6PirwN8p4DxvCsZ55rzU953mNUnXKnRnb91I8s6rFj66jbCNObDp7zEGtXVzQw/pUKUdJhXohj8Y2l30zBmXDYXf18jGsnd/WH83lCgZyXAIGHQce+RsQtfKOAqVFtUjtrQLdn0QKr+PX9r3Y2heJw4ug80"
	  "i2OPZP6dvv87I9UyUcUel1Bd6B8Y0boIit7Ly2oFTbNSOj13jqnVPeQhPsKgAtfnBR2lWem+ac8Qrv2UO4R25K0F2Ixp1P3FZ6nTbVBRFQoFjY1lU2i2vBRRt5GRTgAP2oNsErzwIDAQAB" )  ; ----- DKIM key mail for mydomain.com
Starting OpenDKIM: opendkim.
Starting Postfix Mail Transport Agent: postfix.
rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="145" x-info="https://www.rsyslog.com"] start
postfix/master[144]: daemon started -- version 3.4.8, configuration /etc/postfix

$ nc 127.0.0.1 8025
220 mydomain.com ESMTP Postfix (Debian/GNU)
MAIL FROM: [email protected]
250 2.1.0 Ok
RCPT TO: [email protected]
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
asdsad
asdad
.
250 2.0.0 Ok: queued as 0AF0C26202D
^D

$ docker logs -f smtp
DNS records:
mail._domainkey.mydomain.com.	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWeL+BZOtGby+qgaUvs9RJbi/W6dzKV2iKPlmxNjljjP4cCg+b6PirwN8p4DxvCsZ55rzU953mNUnXKnRnb91I8s6rFj66jbCNObDp7zEGtXVzQw/pUKUdJhXohj8Y2l30zBmXDYXf18jGsnd/WH83lCgZyXAIGHQce+RsQtfKOAqVFtUjtrQLdn0QKr+PX9r3Y2heJw4ug80"
	  "i2OPZP6dvv87I9UyUcUel1Bd6B8Y0boIit7Ly2oFTbNSOj13jqnVPeQhPsKgAtfnBR2lWem+ac8Qrv2UO4R25K0F2Ixp1P3FZ6nTbVBRFQoFjY1lU2i2vBRRt5GRTgAP2oNsErzwIDAQAB" )  ; ----- DKIM key mail for mydomain.com
Starting OpenDKIM: opendkim.
Starting Postfix Mail Transport Agent: postfix.
rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="152" x-info="https://www.rsyslog.com"] start
postfix/master[151]: daemon started -- version 3.4.8, configuration /etc/postfix
Stopping Postfix Mail Transport Agent: postfixpostfix/master[151]: terminating on signal 15
.
Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed.
opendkim.
DNS records:
mail._domainkey.mydomain.com.	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWeL+BZOtGby+qgaUvs9RJbi/W6dzKV2iKPlmxNjljjP4cCg+b6PirwN8p4DxvCsZ55rzU953mNUnXKnRnb91I8s6rFj66jbCNObDp7zEGtXVzQw/pUKUdJhXohj8Y2l30zBmXDYXf18jGsnd/WH83lCgZyXAIGHQce+RsQtfKOAqVFtUjtrQLdn0QKr+PX9r3Y2heJw4ug80"
	  "i2OPZP6dvv87I9UyUcUel1Bd6B8Y0boIit7Ly2oFTbNSOj13jqnVPeQhPsKgAtfnBR2lWem+ac8Qrv2UO4R25K0F2Ixp1P3FZ6nTbVBRFQoFjY1lU2i2vBRRt5GRTgAP2oNsErzwIDAQAB" )  ; ----- DKIM key mail for mydomain.com
Starting OpenDKIM: opendkim.
Starting Postfix Mail Transport Agent: postfix.
rsyslogd:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="145" x-info="https://www.rsyslog.com"] start
postfix/master[144]: daemon started -- version 3.4.8, configuration /etc/postfix
postfix/smtpd[150]: connect from unknown[172.17.0.1]
postfix/smtpd[150]: 0AF0C26202D: client=unknown[172.17.0.1]
postfix/cleanup[153]: 0AF0C26202D: message-id=<>
opendkim[33]: 0AF0C26202D: can't determine message sender; accepting
postfix/qmgr[149]: 0AF0C26202D: from=<[email protected]>, size=216, nrcpt=1 (queue active)
postfix/smtpd[150]: disconnect from unknown[172.17.0.1] mail=1 rcpt=1 data=1 commands=3
postfix/smtp[154]: connect to mail.mydomain.com[65.254.254.51]:25: Connection timed out
^C

[Hamsterman]

No it's not only on Windows. I tried with RancherOS which then hosted the docker image. It didn't work there either. With Centos 7 it worked.

I really think you need to try to disable this check.

If I choose to mount a volume it's because that is what I want. I know that I should not touch the content of the volume by hand and I know the risks of it getting compromised.

[wader]

Hello again, have a look at #18

[wader]

Fixed by #18