I have been searching for hours trying to find a solution to the
**Internal error (Next hop is down))** error, i have checked postfix and searched google without any results.
PLEASE someone can you help i need to resolve this error message, all email sent through DKIMProxy is deferred and never sent.
I have checked to see if port 10027 and 10028 are running and 10028 logs in fine and sends, but port 10027 produces the **Internal error (Next hop is down))** error.
I have gone through the documentation and followed all instructions and redone this three times but still results in this error.
Mail sent on the generic ports are fine which i conclude to be a DKIMProxy misconfiguration.
I am running Mac OSX Server 10.5.8, POSTFIX 2.4.3, DKIMProxy 1.2
Mail.log
Oct 13 12:19:05 epservosx postfix/smtpd: connect from 220-24x-5x-1xx.static.tpgi.com.au
Oct 13 12:19:05 epservosx postfix/smtpd: 4870D62A54B: client=220-24x-5x-1xx.static.tpgi.com.au, sasl_method=LOGIN, sasl_username=simon
Oct 13 12:19:05 epservosx postfix/cleanup: 4870D62A54B: message-id=<002501ca4ba3$22677b40$673671c0$@com.au>
Oct 13 12:19:05 epservosx postfix/qmgr: 4870D62A54B: from=<simon@domain.com.au>, size=4389, nrcpt=1 (queue active)
Oct 13 12:19:05 epservosx postfix/smtp: 4870D62A54B: to=<muphin@gmail.com>, relay=127.0.0.1:10027, delay=0.1, delays=0.05/0.01/0.04/0, dsn=4.0.0, status=deferred (host 127.0.0.1 refused to talk to me: 421 Internal error (Next hop is down))
Oct 13 12:19:07 epservosx postfix/smtpd: disconnect from 220-24x-5x-1xx.static.tpgi.com.au
/etc/postfix/master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=dksign::10027
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# ====================================================================
cyrus unix - n n - - pipe
user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
Can you post your DKIMproxy configuration, so I can verify that DKIMproxy is configured to listen on port 10027 and send (i.e. "relay") to port 10028?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Heres is the dkimproxy_out.conf file as requested.
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10027
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10028
# specify what domains DKIMproxy can sign for (commaseparated, no spaces)
domain domain.com.au
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=simple)
# specify location of the private key
keyfile /usr/local/dkfilter/private.key
# specify the selector (i.e. the name of the key record put in DNS)
selector default
user _amavisd
group _amavisd
pidfile /var/run/dkimproxy_out.pid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Everything *looks* alright. But the "next hop is down" message means when DKIMproxy tries to connect to 127.0.0.1:10028 it got a "connection refused" result.
I don't suppose OSX has some sort of host-based firewall that would prevent DKIMproxy from making that connection, but allowing others to make the connection?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ok i gave up on DKIMproxy, moved to amavis-new, seems to be signing fine.
for people with my same problem i used to upgrade amavis-new
and followed for adding DKIM signing
p3consulting said:
>you can't default to create a socket with INET6 and just die if it fails…
>you have to try INET if INET6 fails !
Interesting. Then is INET6 module broken on OSX? (DKIMproxy only uses INET6 if INET6 module is installed, and the INET6 module claims to support both IPv4 and IPv6.)
Jason
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes it seems that IO::Socket::INET6 fails to discover correctly the complexity of situations that may occur…
several interfaces each ones with different IPv versions… IPv6 layer present but actual hardware using IPv4…
… not sure this a specific problem to Mac OS X…
but to go further, we could need to trace the "configure" method of IO::Socket::INET6 to discover why the decision to fall back to IPv4 is not taken…
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been searching for hours trying to find a solution to the
**Internal error (Next hop is down))** error, i have checked postfix and searched google without any results.
PLEASE someone can you help i need to resolve this error message, all email sent through DKIMProxy is deferred and never sent.
I have checked to see if port 10027 and 10028 are running and 10028 logs in fine and sends, but port 10027 produces the **Internal error (Next hop is down))** error.
I have gone through the documentation and followed all instructions and redone this three times but still results in this error.
Mail sent on the generic ports are fine which i conclude to be a DKIMProxy misconfiguration.
I am running Mac OSX Server 10.5.8, POSTFIX 2.4.3, DKIMProxy 1.2
Mail.log
Oct 13 12:19:05 epservosx postfix/smtpd: connect from 220-24x-5x-1xx.static.tpgi.com.au
Oct 13 12:19:05 epservosx postfix/smtpd: 4870D62A54B: client=220-24x-5x-1xx.static.tpgi.com.au, sasl_method=LOGIN, sasl_username=simon
Oct 13 12:19:05 epservosx postfix/cleanup: 4870D62A54B: message-id=<002501ca4ba3$22677b40$673671c0$@com.au>
Oct 13 12:19:05 epservosx postfix/qmgr: 4870D62A54B: from=<simon@domain.com.au>, size=4389, nrcpt=1 (queue active)
Oct 13 12:19:05 epservosx postfix/smtp: 4870D62A54B: to=<muphin@gmail.com>, relay=127.0.0.1:10027, delay=0.1, delays=0.05/0.01/0.04/0, dsn=4.0.0, status=deferred (host 127.0.0.1 refused to talk to me: 421 Internal error (Next hop is down))
Oct 13 12:19:07 epservosx postfix/smtpd: disconnect from 220-24x-5x-1xx.static.tpgi.com.au
/etc/postfix/master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=dksign::10027
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# ====================================================================
cyrus unix - n n - - pipe
user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,192.168.2.1/24,220.2xx.5x.1xx
-o smtpd_enforce_tls=no
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
#
# Submission port 587
#
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign::10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#
# DKIM signing proxy
#
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n - n - 10 smtpd
-o smtpd_use_tls=no
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,192.168.2.1/24,220.24x.5x.1xx
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.2.1/24
Can you post your DKIMproxy configuration, so I can verify that DKIMproxy is configured to listen on port 10027 and send (i.e. "relay") to port 10028?
Heres is the dkimproxy_out.conf file as requested.
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10027
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10028
# specify what domains DKIMproxy can sign for (commaseparated, no spaces)
domain domain.com.au
# specify what signatures to add
signature dkim(c=relaxed)
signature domainkeys(c=simple)
# specify location of the private key
keyfile /usr/local/dkfilter/private.key
# specify the selector (i.e. the name of the key record put in DNS)
selector default
user _amavisd
group _amavisd
pidfile /var/run/dkimproxy_out.pid
Everything *looks* alright. But the "next hop is down" message means when DKIMproxy tries to connect to 127.0.0.1:10028 it got a "connection refused" result.
I don't suppose OSX has some sort of host-based firewall that would prevent DKIMproxy from making that connection, but allowing others to make the connection?
i have the firewall disabled :(
ok i gave up on DKIMproxy, moved to amavis-new, seems to be signing fine.
for people with my same problem i used to upgrade amavis-new
and followed for adding DKIM signing
: http://osx.topicdesk.com/content/view/138/41/
: http://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/
The problem is a design bug in /usr/local/dkfilter/lib/MSDW/SMTP/Client.pm
and is quite simple to solve :
you can't default to create a socket with INET6 and just die if it fails…
you have to try INET if INET6 fails !
p3consulting said:
>you can't default to create a socket with INET6 and just die if it fails…
>you have to try INET if INET6 fails !
Interesting. Then is INET6 module broken on OSX? (DKIMproxy only uses INET6 if INET6 module is installed, and the INET6 module claims to support both IPv4 and IPv6.)
Jason
Yes it seems that IO::Socket::INET6 fails to discover correctly the complexity of situations that may occur…
several interfaces each ones with different IPv versions… IPv6 layer present but actual hardware using IPv4…
… not sure this a specific problem to Mac OS X…
but to go further, we could need to trace the "configure" method of IO::Socket::INET6 to discover why the decision to fall back to IPv4 is not taken…