warning: connect to Milter service unix:/var/run/opendkim/opendkim.sock: No such file or directory

I currently run a postfix mailserver and have souped it up to use all the latest security features (see Hamzah Khan’s blog for a good tutorial). One thing that had been bothering me though was the appearance of the above milter connection failures in the logs – even though these seemed to fail gracefully it was a worrying sign that something was Just Not Right.

After a lot of trial and error, it seems that the culprit is my postfix chroot jail. I had originally attempted to compensate for this by defining “Socket /var/spool/postfix/var/run/opendkim/opendkim.sock” in /etc/opendkim.conf, but even so, postfix was throwing errors (and no, putting the socket in the standard location doesn’t work – I tried that!). It turns out that postfix sometimes attempts to connect to the socket from inside the jail, and sometimes from outside. The solution is to create a soft link in the standard location pointing to the real socket inside the jail.

Of course I could have reconfigured it to bind to a localhost port instead, but the soft link was less work.

Best 419 scam yet.


– As you are aware of the activities of terrorist attacked at our airport,during our daily routine on 100% inspection of incoming and our going flights, we arrested a man with a consignment that claiming to be yourpartner, after we scan thetrunk box, we discovered the trunk box contain liquid cash in [US] Note and other documents attached to the consignmentdid not carry the suspect name, but carry your name and address as the receivers of the trunk box and this is very SUSPICIOUS.Get back to me immediately to explain your intention; before I proceed to contact my superior and your embassyfor more investigation, hope you arenot sponsoring terrorism with this fund? be very sincere to me please.Yours in service,a Office of Thomas joe,Metropolitan police chief.Heathrow Airport UK.EMAIL mrallen92@hotmail.com

How to manage mailman list membership using LDAP or Active Directory

Run this perl script on your mailman server once an hour using cron. Replace MY_LDAP_SERVER etc. with your own configuration. Also, depending on your LDAP implementation you may need to use group or groupOfNames instead of posixGroup.

For each list you wish to manage, create an LDAP/AD group with the email attribute set to the full address of the mailing list. The script scans all groups under the BASE_DN for any with an email address ending in @MY.LIST.SERVER. It overwrites each list’s membership with that of the corresponding LDAP group (if such a group exists, otherwise it does nothing). Make sure there is only one group for each mailing list! Multiple domain names are not supported, but could be with only a little hacking.

#!/usr/bin/perl -w

use Net::LDAP;

# Connect to LDAP proxy and authenticate
$ldap = Net::LDAP->new('ldaps://MY_LDAP_SERVER') || die "Can't connect to server\n";
$mesg = $ldap->bind(
  password => 'MY_PASSWORD'
) || die "Connected to server, but couldn't bind\n";
# search for interesting AD groups
$mesg = $ldap->search(                 
  base   => "MY_BASE_DN",
  filter => "(&(objectClass=posixGroup))"
die "Search returned no interesting security groups\n" unless $mesg;
foreach $group ($mesg->entries) {
  $list_email = $group->get_value("mail");
  # For groups with emails of the form "*@MY.LIST.SERVER"                            
  # Try to chop off the name of our list server. If we fail, it wasn't meant to be.
  if($list_email && $list_email=~s/\@MY\.LIST\.SERVER$//) {
    # get the membership list   
    @member_list = $group->get_value("uniqueMember");
    die "Security group for list $list_email looks empty - PANIC!\n" unless @member_list;
    # make a list of emails to pass to mailman
    $member_emails = "";
    foreach $member_dn (@member_list) {
      $mesg2 = $ldap->search(
        base  => $member_dn,
        filter => "(&(cn=*))",
        scope => "base"
      die "Couldn't locate entry $member_dn - PANIC!\n" unless $mesg2;
      $member = $mesg2->entry(0);
      $member_emails .= $member->get_value("cn") . " get_value("mail") . ">\n";
    # now update the mailman list membership
    # be verbose!
    print "\nchanging $list_email\n";
    open( PIPE, "|/var/mailman/bin/sync_members -w=yes -g=yes -a=yes -f - $list_email" )
      || die "Couldn't fork process! $!\n";
    print PIPE $member_emails;
    close PIPE;