Re: "key data is not secure: opendkim is in group 6", but the opendkim user is not a member of that group

From: Tiemo Kieft <>
Date: Tue, 2 Dec 2014 08:51:19 +0100


> The safety check you're hitting attempts to determine if any user other than root and the user running the opendkim binary could conceivably alter the key file you're trying to use. Every directory from the root down is checked, as is the key file itself. If any of them could be written by a user other than those two, the error appears.

Aha, that explains it. I did chmod the opendkim config and the keys directory such
that only the opendkim user could write, but that’s not enough. I’m not in a position
to check if this change works, but I’m sure it solves the problem, so thanks!

> If changing the permissions for the offending directory isn't possible, you can suppress the check by setting "RequireSafeKeys" to False in your configuration file.

I temporarily disabled RequireSafeKeys to get it going, but that is obviously very
unsatisfactory, so I’m going to fix the problem as soon as possible.

- Tiemo
Received on Tue Dec 02 2014 - 07:52:22 PST

This archive was generated by hypermail 2.3.0 : Tue Dec 02 2014 - 08:00:01 PST