Re: Strange OpenDKIM error

From: Souji Thenria <mail_at_souji-thenria.net>
Date: Wed, 10 Jul 2024 23:05:10 UTC
On Wed Jul 10, 2024 at 9:34 PM BST, D'Arcy Cain wrote:
> Not sure what changed here but suddenly OpenDKIM won't read my key 
> files.  The error is:
>
>    key data is not secure: opendkim is in group 0 which has multiple 
> users (e.g., "darcy")
>
> Of course I am in the wheel group or else I couldn't become root.  What 
> I don't understand is, why does it think that opendkim is in group 0.
>
>    # id opendkim
>    uid=104(opendkim) gid=104(opendkim) groups=104(opendkim)
>
> I upgraded from 14.0 to 14.1 but that was about a week ago.  I upgraded 
> to newly built packages around the same time.  This only started today 
> at 13:42:26.
>
> I have turned off DKIM signing for now but obviously I can't leave it 
> that way.  Too many places reject unsigned emails.  Can anyone help me 
> debug this issue?
>
> Cheers.

Hey,

Taking a look into the source code, it looks like OpenDKIM fails at a
section titled:
/* group write needs to be super-user or me only */

Further down are two checks with the comments:
/* check if anyone else has this file's gid */
/* check if this group contains anyone else */

Based on this, maybe the group of your key file is wheel, and since you
are also in this group, it fails. So, if you change the group of the
file to opendkim, it might work.

Regards,
Souji

-- 
Souji Thenria
Website: www.souji-thenria.net