Skip to main content

OpenBSD – Akismet key could not be verified

If you are using OpenBSD to host your wordpress installation, and using the Akismet plug-in to block spam, you may come across set-up problems with Akismet.

The errors that can occur could be either or both of these:

  • There was a problem connecting to the Akismet server
  • The key you entered could not be verified because a connection to could not be established

There may be a couple of issues here.

The first issue could well be you blocking outbound HTTP/HTTPS traffic to the akismet servers. This is fixed by a couple of PF rules added to your pf.conf and these are the rules I added to my PF config. YMMV:
<br /> <a href="" class="tweet-hashtag">#Allow</a> HTTP out to specific servers<br /> pass out on $ext_if proto { tcp udp } from ($ext_if) to \<br /> {,,,} port { www, https } keep state<br />
The IP addresses there are the ones that the hosts and resolve to. Adjust as required.

The second issue will be around name resolution. WordPress still complains with the “could not be verified” error now instead of the “problem connecting” error. However, all your tcpdumps show nothing is being blocked.

What is the likely cause? If you are using a default OpenBSD installation (secure by default!) then apache is probably running in a chroot “jail”. Name resolution by apache/php is done by reading your /etc/resolv.conf file on start-up.
However, the chrooted web-server can not access outside of /var/www which is the new “root” or / directory (for all intents and purposes). /etc is outside the chroot and php will not be able to do name/dns look-ups.

To confirm this is an issue, create a testakismet.php file in /var/www/htdocs, with the following code to test a http connection to akismet:
` < ?php $fp = fsockopen(“”, 80, $errno, $errstr, 30); if (!$fp) { echo “$errstr ($errno)\n”; } else { $out = “GET / HTTP/1.1\r\n”; $out .= “Host:\r\n”; $out .= “Connection: Close\r\n\r\n”;

The fix?

Simply do the following from your web-server shell.
Log-in as yourself, then su to root and fix this issue:
<br /> sudo su -<br /> mkdir -p /var/www/etc<br /> cp -p /etc/resolv.conf /var/www/etc/resolv.conf<br /> apachectl stop<br /> /usr/sbin/apachectl stop: httpd stopped<br /> apachectl start<br /> /usr/sbin/apachectl start: httpd started<br />

Access your http:///testakismet.php and look for a successful HTTP connection (albeit without a valid API key at this time):
<br /> HTTP/1.1 200 OK X-Powered-By: PHP/4.4.4 Content-type: text/html Content-Length: 16 Date: Mon, 25 Feb 2008 14:27:57 GMT Server: LiteSpeed Connection: close Invalid API key.<br />
At this time you can delete your testakismet.php file.

Log-in to your wordpress installation, http:///wp-admin/plugins.php?page=akismet-key-config and populate your akismet API key.

A win against spam, for sure…… and OpenBSD continues to keep your sever secure.