From nobody Thu Jul 11 12:19:20 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WKYgj1Yvwz5QX8J for ; Thu, 11 Jul 2024 12:19:29 +0000 (UTC) (envelope-from darcy@druid.net) Received: from mail.vex.net (mail.vex.net [98.158.132.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WKYgh5qLDz4l46 for ; Thu, 11 Jul 2024 12:19:28 +0000 (UTC) (envelope-from darcy@druid.net) Authentication-Results: mx1.freebsd.org; none Received: from [192.168.215.109] (unknown [98.158.128.15]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: darcy) by mail.vex.net (Postfix) with ESMTPSA id 5541F31F97; Thu, 11 Jul 2024 08:19:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=druid.net; s=VEXNET; t=1720700362; bh=8bfA7WVGKuRTHObYpl6XWRrOcJ9pmxeAYM4F4CfgW34=; h=Date:Subject:To:References:From:In-Reply-To; b=M321OKrRIQ90VHKnpN5BdbHdKYj2QVrYwc1M1O7Ro80dW67ebhadFt2kmf+eyWFCa 45jIDai2dKgOQE9fnqjUobql/R4Jt+6YSTPeBNFWv5cyCvz/pc93bzHIFqKTnisZ2i hrKZj4PbDW+Nam521vUfrFdC0dlKg7IA259UFsp0= Message-ID: <04279c8b-e399-4413-bb05-28ac6e4f6aa1@druid.net> Date: Thu, 11 Jul 2024 08:19:20 -0400 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Strange OpenDKIM error To: Souji Thenria , questions@freebsd.org References: <8af87a11-7835-4cbe-8949-0920b8824d70@druid.net> From: D'Arcy Cain Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19842, ipnet:98.158.132.0/24, country:CA] X-Rspamd-Queue-Id: 4WKYgh5qLDz4l46 On 2024-07-10 19:05, Souji Thenria wrote: > On Wed Jul 10, 2024 at 9:34 PM BST, D'Arcy Cain wrote: >> Not sure what changed here but suddenly OpenDKIM won't read my key >> files.  The error is: >> >>    key data is not secure: opendkim is in group 0 which has multiple >> users (e.g., "darcy") > Taking a look into the source code, it looks like OpenDKIM fails at a > section titled: > /* group write needs to be super-user or me only */ > > Further down are two checks with the comments: > /* check if anyone else has this file's gid */ > /* check if this group contains anyone else */ > > Based on this, maybe the group of your key file is wheel, and since you > are also in this group, it fails. So, if you change the group of the > file to opendkim, it might work. Close. There are actually four places where that message might come from (three if you notice the comma difference) in the code. What is was checking was the parent folder for opendkim. I had it under /var/postfix. I moved it directly under /var and that fixed the issue. Having four checks that give virtually the same error message is confusing to say the least. They should each be modified to show exactly what was tested. IMHO. Cheers. -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net