OpenDKIM with chrooted Postfix on systemd Systems

opendkim-postfix-chrooted-systemd

If postfix runs in an chrooted environment:

    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    cleanup    unix  n       -       y       -       0       cleanup
    
... opendkim.sock must be placed into /var/spool/postfix. Postfix won't be able to access the socket otherwise.

By default Opendkim creates a socket at /var/run/opendkim/opendkim.sock. You can chance the socket path to /var/spool/postfix/var/run/opendkim/opendkim.sock by changing the /etc/default/opendkim file:

    # Change to /var/spool/postfix/var/run/opendkim to use a Unix socket with
    # postfix in a chroot:
    RUNDIR=/var/spool/postfix/var/run/opendkim
    #RUNDIR=/var/run/opendkim
    
Pitfall: Your changes won't be applied it you just reload your systemd-configuration files by "systemctl daemon-reload" or reload the opendkim service. After having changed /etc/default/opendkim you have to re-create the systemd file /etc/systemd/system/opendkim.service first:

    bash /lib/opendkim/opendkim.service.generate
    
Then reload systemd

    systemctl daemon-reload
    
... and finally restart OpenDKIM:

    systemctl restart opendkim
    
Now your OpenDKIM-Socket will be at /var/spool/postfix/var/run/opendkim/opendkim.sock

Postfix config is as follows:

    ###
    ### OpenDKIM
    ###

    milter_default_action = accept
    milter_protocol = 2
    non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
    
End. \o/