Re: "error loading key" and "key data is not secure", only from time to time...

From: <>
Date: Tue, 15 Sep 2015 09:01:45 +0200

On 15 sept. 2015, at 07:25, A. Schulze <> wrote:

> Patrick Proniewski:
>> - majority of messages get signed anyway, leaving only 0.25% messages not signed
> depend on your setup. I guess these messages don't have a From header
> matching your signingdomain/signingtable ( DSN, Forwards, ... )

No, these messages look good, with From header and everything, the error is related to permissions:

Sep 14 22:00:22 ru opendkim[20323]: signlis: key data is not secure: /var/db/opendkim/ is in group 1003 which has multiple users (e.g., "opendkim")
Sep 14 22:00:22 ru opendkim[20323]: 57BCC139A81: error loading key 'signlis'
Sep 14 22:00:22 ru smtp/cleanup[89884]: 57BCC139A81: milter-reject: END-OF-MESSAGE from localhost[]: 4.7.1 Service unavailable - try again later; from=<> to=<> proto=ESMTP helo=<>

and it happens only "some times", eg. for 0.25% of messages. Odd.

I'll dig deeper, just in case.

>> - I've got another server, same exact settings, but running opendkim-2.9.2_6: no errors at all
> RELEASE_NOTES mention a code change in version 2.8.1. so also: no idea
>> While I"m here: during my testings to find out what was wrong, I've used truss on the running opendkim process, and I was quite surprised to discover it stats /etc/nsswitch at a fast rate (more that 100 times per seconds). Is that expected?
> that's definitely a question for the opendkim-dev list...

I'll try there, then.

Thank you!
Received on Tue Sep 15 2015 - 07:02:00 PST

This archive was generated by hypermail 2.3.0 : Tue Sep 15 2015 - 07:09:00 PST