Join Log in
Score:0
Robert K S avatar Server

opendkim-testkey: key not secure (file permissions are good and TrustAnchorFile config setting is set)

cn flag
Robert K S

If I run sudo opendkim-testkey -d mydomain.com -s selector -vvv, I get

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'selector._domainkey.mydomain.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK

and I can't figure out how to fix "key not secure".

If I do dig selector._domainkey.mydomain.com TXT +dnssec then the ad flag is missing from the answer.

The setting TrustAnchorFile /usr/share/dns/root.key is enabled in /etc/opendkim.conf.

Running ls -ls in the directory /etc/opendkim/keys/mydomain.com shows

4 -rw------- 1 opendkim opendkim 1708 Mar  7 15:32 selector.private
4 -rw------- 1 opendkim opendkim  507 Mar  7 15:32 selector.txt

Running ls -ls in the directory /etc/opendkim/keys shows

4 drwxr-xr-x 2 opendkim opendkim 4096 Mar  7 15:32 mydomain.com

Running ls -ls in the directory /etc/opendkim shows

4 drwxr-x--- 3 opendkim opendkim 4096 Mar  7 15:32 keys
4 -rw-r--r-- 1 opendkim opendkim  106 Mar  7 15:31 key.table
4 -rw-r--r-- 1 opendkim opendkim   44 Mar  7 15:31 signing.table
4 -rw-r--r-- 1 opendkim opendkim   31 Mar  7 15:32 trusted.hosts

Running Ubuntu 22.04.2 LTS.

Related questions that do not solve the problem (and on which I do not have sufficient board cred to comment):

190
1 + 0
Score:1
avatar Server
us flag
glts

As explained in the other Q&A’s, this just means that that key is being retrieved without DNSSEC being used.

It doesn’t mean anything is broken or needs to be fixed.

If you like you can set up DNSSEC for your domain (or let your DNS provider do it for you), then you should see key secure.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.