Re: Strange OpenDKIM error
- In reply to: Souji Thenria: "Re: Strange OpenDKIM error"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 11 Jul 2024 12:19:20 UTC
On 2024-07-10 19:05, Souji Thenria wrote: > On Wed Jul 10, 2024 at 9:34 PM BST, D'Arcy Cain wrote: >> Not sure what changed here but suddenly OpenDKIM won't read my key >> files. The error is: >> >> key data is not secure: opendkim is in group 0 which has multiple >> users (e.g., "darcy") > Taking a look into the source code, it looks like OpenDKIM fails at a > section titled: > /* group write needs to be super-user or me only */ > > Further down are two checks with the comments: > /* check if anyone else has this file's gid */ > /* check if this group contains anyone else */ > > Based on this, maybe the group of your key file is wheel, and since you > are also in this group, it fails. So, if you change the group of the > file to opendkim, it might work. Close. There are actually four places where that message might come from (three if you notice the comma difference) in the code. What is was checking was the parent folder for opendkim. I had it under /var/postfix. I moved it directly under /var and that fixed the issue. Having four checks that give virtually the same error message is confusing to say the least. They should each be modified to show exactly what was tested. IMHO. Cheers. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net