Join Log in
Score:1
avatar Server

Exim Unable to Read DKIM Key

cn flag
frankplow

Exim is spitting out (what looks like) a privilege error:

# tail -n1 /var/log/exim/paniclog
2021-11-15 16:38:35.955 [682275] 1mme43-002rUN-QV unable to open file for reading: /etc/opendkim/keys/xxxxxxxxx.com/mail.private

despite the fact it looks as though Exim should be able to read the file

# namei -mo /etc/opendkim/keys/xxxxxxxxx.com/mail.private
f: /etc/opendkim/keys/xxxxxxxxx.com/mail.private
 drwxr-xr-x root     root /
 drwxr-xr-x root     root etc
 drwxr-x--- opendkim mail opendkim
 drwxr-x--- opendkim mail keys
 drwxr-x--- opendkim mail xxxxxxxxx.com
 -rw-r----- opendkim mail mail.private
$ groups exim
mail dovecot opendkim privkey exim

Thanks in advance.

98
0 + 0
in flag
Joel C
What Linux distribution are you using?
0
Reply
cn flag
frankplow
@JoelC Debian. I should mention also I've narrowed down the issue somewhat - giving the file world read permissions allows Exim to read the file. The core Exim process is running as the exim user though.
0
Reply
ChalkTalk avatar
it flag
ChalkTalk
I'm also experiencing this. In my case the private key is symlinked by letsencrypt and that leads to a file path for which one of the directories is 770. Although that directory should be accessible by one of exim's groups, it seems that exim still can't enter it. Maybe it drops group privileges when it runs? I set the permissions to 775 and now exim has no problems signing a DKIM header.
0
Reply
Score:0
avatar Server
cn flag
frankplow

Found a solution that works for me here, mutatis mutandis.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.