Re: Key data is not secure

From: Todd Lyons <>
Date: Thu, 28 Feb 2013 18:42:02 -0800

On Thu, Feb 28, 2013 at 3:54 PM, Todd Alexander <> wrote:
> After upgrading to 2.8.0 it appears that I am getting the "key data is not secure" error/warning for my private key when it worked with 2.7.x. I tried the permissions with both 400/600. Has anyone run into this?

OpenDKIM now makes a much more concerted effort to verify that the key
cannot be changed.

1) Check every directory along the way to the file, including / (ls -l
/). In my case every subdir was mode 755 root:root, but / was owned
by a non root user due to an errant script in the past.
2) Make both key files (private and public) owned by the user opendkim
runs as, mode 600 for the private key, mode 644 for the public key. I
make mine be owned by dkim:root, but it could be dkim:dkim and it
should still work.

The total budget at all receivers for solving senders' problems is $0.
 If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
Received on Fri Mar 01 2013 - 02:42:23 PST

This archive was generated by hypermail 2.3.0 : Fri Mar 01 2013 - 02:45:02 PST