TheHolbi

The DKIM signature issue was resolved as follow: There were missing lines from the /etc/postfix/main.cf : #DKIM milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 and the correct /etc/opendkim.conf was : AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp After completed /etc/postfix/main.cf and restarted services, the DKIM signature was properly inserted to the outgoing emails.

Hi @Netino The output is the following: -o content_filter=smtp-amavis:127.0.0.1:10024 -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter= -o content_filter= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_client_restrictions=

I have just migrated a CWP installation from Centos 7 to AlmaLinux 9.4 by migrating the /home directory, the /var/vmail directory, and the databases. All the features have been configured, but I have two problems that I have not yet managed to solve. AlmaLinux 9.4 was installed with OpenSSL 3.0.7 1 Nov 2022 by CWP, and none of the programs, even a Laravel 11.x app under PHP 8.3.12, can send mail over port 465. Error message: Connection could not be established with host "ssl://mail.example.com:465": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed {"exception":"[object] (Symfony\\Component\\Mailer\\Exception\\TransportException(code: 0): Connection could not be established with host \"ssl://mail.example.com:465\": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /home/user/laravel/vendor/symfony/mailer/Transport/Smtp/Stream/SocketStream.php:154) I had to temporarily switch to using port 25 in the SMTP service. The other problem is that postfix does not put DKIM signatures on the mails, even though all elements of the system, OpenDKIM, etc. are installed and running. What should the config file of postfix and opendkim look like in CWP to get this service working properly?

Hello @Sandeep B. I started to move all my CWP based servers the CWP el9 with AlmaLinux 9.4.x Is there any update to the tutorial described above? The Apache or the NGINX version of HTTP2 recommended by you? Thank you for advance.

Thank you. I will back soon after tests.

Hi @Sandeep B. Did you find any solutions to this issue? Kindest regards: TheHolbi

Hi @Sandeep B. do you find any solutions to handle this issue?

Other data: The HTTP2 installation deletes the mod_security2.so file from the modules folder. And if mod_security is installed again, it will incompatible and won't load.

Hi @Sandeep B. The process in the tutorial was tested in an other CWPPro instance of my services. The mod_security was installed on the server before this test. The error appeared after running Goto Apache Settings >> Apache Re-Build >> Select Next : Next delete/replace all with this flags/lines under “Additional configuration” (the config was changed properly) -- then Click on Start Compiler in background. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Stopped Web server Apache. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state. Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Starting Web server Apache... Feb 06 12:55:27 vps.trianity.dev apachectl[30361]: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service: control process exited, code=exited status=1 Feb 06 12:55:27 vps.trianity.dev systemd[1]: Failed to start Web server Apache. Feb 06 12:55:27 vps.trianity.dev systemd[1]: Unit httpd.service entered failed state. Feb 06 12:55:27 vps.trianity.dev systemd[1]: httpd.service failed.

OK, thank you. Is there a special reason to use Nghttp2 version 1.42.0, and not the latest, available Nghttp2 v1.59.0 in the tutorial? It is true, the Nghttp2 v1.59.0 dropped the support old OpenSSL (< 1.1.1) but we uses 1.1.1u in the build and it can be good.

Hi @Sandeep B. Thank you for the tutorial. It works in a newly installed VPS powered by CWPPro. The only issue is: The installed mod_security (CWP admin panel) brakes the httpd.service with HTTP2 protocol and produced the following error lines: What do you suggest? How to handle it? Feb 5 15:17:40 vps apachectl: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup Feb 5 15:17:40 vps systemd: httpd.service: control process exited, code=exited status=1 Feb 5 15:17:40 vps systemd: Failed to start Web server Apache. Feb 5 15:17:40 vps systemd: Unit httpd.service entered failed state.