# OpenDKIM: incompatible SSL versions



## davkiller (Aug 2, 2013)

Hello,

I have installed OpenDKIM and OpenSSL.


```
opendkim-2.8.3      DKIM library and milter implementation
openssl-1.0.1_8     SSL and crypto library
```
But I don't understand this error when starting the script:


```
# /usr/local/etc/rc.d/milter-opendkim start
Starting milteropendkim.
opendkim: incompatible SSL versions (library = 0x00090811f, filter = 01000105f)
/usr/local/etc/rc.d/milter-opendkim: WARNING: failed to start milteropendkim
```

I have reinstalled two times but I always get this error. I have FreeBSD 9.0-RELEASE-p3, I have one only OpernSSL on my system. I did `portsnap fetch extract` after I reinstalled OpenDKIM, but nothing!

Please, can I have help for a good idea?


----------



## davkiller (Aug 3, 2013)

My mail server mail is Sendmail. The first time I used opendkim-genkey for the public key. The last time I used OpenSSL. All tutorials about OpenDKIM are with Postfix. I don't know if it is the same?

I read http://forums.freebsd.org/showthread.php?t=27201 and http://www.ipsure.com/blog/2012/dkim-milter-is-no-longer-available-how-to-use-opendkim-instead/, but I always end up at the same point.


----------



## kpa (Aug 3, 2013)

There are two versions of OpenSSL in FreeBSD, the one in the base system is 0.98 something and the port version is 1.0.1. Looks like the versions are being mixed for some odd reason. I did poke around the Makefile of mail/opendkim and it seems to select the base system OpenSSL. The question is then, which port(s) did you build with the port version of OpenSSL?


----------



## davkiller (Aug 3, 2013)

Thank you very much for your help, actually the OpenSSL version that is installed with OpenDKIM 2.8.3 is OpenSSL 1.0.1_8. How now?


----------



## kpa (Aug 3, 2013)

This is not the case if I look at the dependency list of mail/opendkim (all options at their defaults):


```
firewall /usr/ports/mail/opendkim % make all-depends-list
/usr/ports/ports-mgmt/pkg
/usr/ports/devel/pkgconf
/usr/ports/dns/unbound
/usr/ports/lang/lua
/usr/ports/devel/gmake
/usr/ports/textproc/expat2
/usr/ports/dns/ldns
/usr/ports/devel/libtool
firewall /usr/ports/mail/opendkim %
```

Do you have anything in /etc/make.conf that is related to OpenSSL?


----------



## davkiller (Aug 3, 2013)

I have nothing in /etc/make.conf.

And 

```
/usr/ports/mail/opendkim]# make all-depends-list
/usr/ports/security/openssl
/usr/ports/devel/pkgconf
/usr/ports/dns/unbound
/usr/ports/lang/lua
/usr/ports/devel/makedepend
/usr/ports/lang/perl5.14
/usr/ports/devel/gmake
/usr/ports/textproc/expat2
/usr/ports/dns/ldns
/usr/ports/devel/xorg-macros
/usr/ports/x11/xproto
/usr/ports/devel/gettext
/usr/ports/devel/libtool
/usr/ports/converters/libiconv
```
*H*ow now, please*?*


----------



## kpa (Aug 3, 2013)

Is your ports tree up to date? Are you compiling with default options or have you changed any of the options?


----------



## davkiller (Aug 3, 2013)

Yes, the ports is up date. No, *I*'m compiling with default options.


----------



## davkiller (Aug 4, 2013)

I have edited /etc/make.conf with 
	
	



```
:WITH_OPENSSL_STABLE=yes
```
. Then I reinstalled mail/opendkim. Now my problem is different:

```
# /usr/local/etc/rc.d/milter-opendkim start
Starting milteropendkim.
opendkim: smfi_opensocket() failed
/usr/local/etc/rc.d/milter-opendkim: WARNING: failed to start milteropendkim
```
@kpa, thank you for putting me on the track of the solution :e


----------



## kpa (Aug 4, 2013)

I only now found out where the security/openssl dependency comes from. It's from dns/unbound that defaults to building the OpenSSL port. I had the ECDSA option (that makes unbound require the port version of OpenSSL) turned off because I don't need it in unbound.


----------

