Join Log in
Score:0
avatar Ubuntu

Cannot generate an acceptable key for OpenDKIM

gb flag
gronk

I use "opendkim-genkey -b 2048 -t -s default -d mydomain.com", resulting in files "default.private" and "default.txt". Yes, default.private begins (correctly, SFAIK) with -----BEGIN RSA PRIVATE KEY----- and default.txt does not exceed 256 chars per segment (does not violate DNS coding requirements.) Also, opendkim-testkey returns nothing (without -v) and with "-v -v -v" it says "Key not secure" (but I'm not using DNSSEC) and also "Key OK", so the key is at least minimally correct according to opendkim per se.

I get the errors

Sep 26 22:41:49 mydomain opendkim[1793958]: 18R2fhko1843765: SSL error:0909006C:PEM routines:get_name:no start line

Sep 26 22:41:49 mydomain opendkim[1793958]: 18R2fhko1843765: dkim_eom(): resource unavailable: PEM_read_bio_PrivateKey() failed

Sep 26 22:41:49 mydomain sm-mta[1843765]: 18R2fhko1843765: milter=opendkim, reject=451 4.7.0 resource unavailable

Sep 26 22:41:49 mydomain sm-mta[1843765]: 18R2fhko1843765: Milter: data, reject=451 4.7.0 resource unavailable

Sep 26 22:41:49 mydomain sm-mta[1843765]: 18R2fhko1843765: to=<[email protected]>, delay=00:00:00, pri=30408, stat=resource unavailable

I've seen a lot of references to both errors "SSL error:0909006C:PEM routines:get_name:no start line" and "dkim_eom(): resource unavailable: PEM_read_bio_PrivateKey() failed", but nothing that helps. When I've seen "case closed", it was because of implementation errors such as bad permissions, bad file location specs or bad key/txt formatting, and the submitters usually said "sorry for the noise", but none of those are the case. I am doing EXACTLY as the documentation specifies, with the failures I logged above.

For those who'd like to know, I'm using Ubuntu 20.04 LTS and sendmail 8.15.2. The complaint originates from the opendkim milter vs. SSL routines, so the external context shouldn't matter.

I would ask on the opendkim mailing list, but "lists.opendkim.org" is down. I need to make OpenDKIM running, to obey Master Goo (besides it being best practice, o well.) I will be grateful if anyone else has run into this, specifically, and can give a working answer.

The output I'm using is precisely what "opendkim-genkey" outputs, there are no formatting errors as described elsewhere, and opendkim-testkey is happy, so please excuse that I haven't included that actual data.

p.s.: opendkim installed with "apt install opendkim":

opendkim -p /var/run/opendkim.sock -V opendkim:

OpenDKIM Filter v2.11.0 Compiled with OpenSSL 1.1.1f 31 Mar 2020  
SMFI_VERSION 0x1000001  
libmilter version 1.0.1  
Supported signing algorithms: rsa-sha1 rsa-sha256 ed25519-sha256  
Supported canonicalization algorithms: relaxed simple  
Active code options: QUERY_CACHE USE_DB USE_LDAP USE_LUA USE_ODBX USE_UNBOUND _FFR_ATPS _FFR_RBL _FFR_REPLACE_RULES _FFR_SENDER_MACRO _FFR_STATS _FFR_VBR  
libopendkim 2.11.0: atps query_cache
66
0 + 0
David avatar
cn flag
David
If that is meant to help with the question edit the question and put it there not in a comment.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.