When setting up OpenDKIM with Postfix on Debian Stretch, many administrators encounter persistent issues with socket configuration. Despite modifying both /etc/opendkim.conf and /etc/default/opendkim, the service stubbornly defaults to /var/run/opendkim/opendkim.sock.
The key insight comes from examining the systemd service unit output:
Main PID: 25248 (opendkim)
├─25248 /usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
└─25249 /usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sockThis reveals that command-line arguments are overriding our configuration files.
The correct method involves three coordinated changes:
# /etc/opendkim.conf
Socket local:/var/spool/postfix/opendkim/opendkim.sock
# /etc/default/opendkim
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
RUNDIR=/var/spool/postfix/var/run/opendkim
USER=opendkim
GROUP=opendkim1. Create the socket directory with proper permissions:
sudo mkdir -p /var/spool/postfix/var/run/opendkim
sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim
sudo chmod 750 /var/spool/postfix/var/run/opendkim2. Ensure the service reads our configuration by modifying the systemd unit override:
sudo systemctl edit opendkim.service
[Service]
ExecStart=
ExecStart=/usr/sbin/opendkim -P /var/spool/postfix/var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/var/run/opendkim/opendkim.sockAfter applying these changes and restarting services:
sudo systemctl restart opendkim
sudo systemctl restart postfix
netstat -a | grep opendkim.sockShould now show the socket in the new location. For Postfix integration, ensure your /etc/postfix/main.cf contains:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = local:/var/spool/postfix/var/run/opendkim/opendkim.sock
non_smtpd_milters = local:/var/spool/postfix/var/run/opendkim/opendkim.sockFor those attempting the TCP socket approach (not recommended for local setups):
# /etc/default/opendkim
SOCKET="inet:8891@localhost"
# Verify connectivity
telnet localhost 8891
sudo ufw allow 8891/tcp # If using UFWWhen setting up OpenDKIM with Postfix on Debian Stretch, I encountered persistent issues where the service kept defaulting to /var/run/opendkim/opendkim.sock despite explicit configuration changes. Here's the complete solution that finally worked.
The Debian package's systemd service file directly hardcodes the socket path, overriding both /etc/opendkim.conf and /etc/default/opendkim settings. This explains why changes weren't taking effect.
Here's the step-by-step approach to properly configure the socket:
1. Edit the systemd service file
sudo systemctl edit --full opendkim.serviceReplace the ExecStart line with:
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/spool/postfix/opendkim/opendkim.sock2. Create the socket directory
sudo mkdir -p /var/spool/postfix/opendkim
sudo chown opendkim:opendkim /var/spool/postfix/opendkim3. Configure Postfix
Add to /etc/postfix/main.cf:
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:/opendkim/opendkim.sock
non_smtpd_milters = local:/opendkim/opendkim.sockFor those preferring TCP instead of Unix sockets:
# In /etc/default/opendkim
SOCKET="inet:8891@localhost"
# In /etc/postfix/main.cf
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891After making changes, always:
sudo systemctl daemon-reload
sudo systemctl restart opendkim postfix
sudo netstat -tulnp | grep opendkim- Debian's package maintains socket configuration in three places:
opendkim.conf,/etc/default/opendkim, and the systemd service file - The systemd service file takes highest precedence
- For chroot environments, ensure proper directory structure and permissions
Remember that SELinux/AppArmor might require additional configuration if you're using these security modules.