I'm having a heckuva time trying to track down why my mail server is
failing to DKIM-sign outgoing mails. I suspect it is related to this
error in my rspamd log file:
2025-10-10 19:13:40 #31176(normal) <9770aa>; task;
dkim_module_load_key_format: cannot load dkim key
/etc/mail/dkim/example.com.key: cannot stat key file:
'/etc/mail/dkim/example.com.key' Permission denied
Permissions on my cert files seem okay:
$ ls -al /etc/mail/dkim
total 24
drwxrwx--- 2 _dkimsign _dkimsign 512 Sep 1 15:35 .
drwxr-xr-x 4 root wheel 512 Oct 10 01:30 ..
-rw-r--r-- 1 _rspamd _rspamd 1675 Sep 1 15:26 example.com.key
-rw-r--r-- 1 _rspamd _rspamd 451 Sep 1 15:27 example.com.pub
rspamd-filter is configured thus in smtpd.conf:
filter "rspamd" proc-exec "filter-rspamd"
[....]
listen on egress port 25 tls pki example.com auth-optional filter "rspamd"
listen on egress port 587 tls-require pki example.com auth filter "rspamd"
And /etc/rspamd/local.d/dkim_signing.conf contains the following:
allow_username_mismatch = true;
domain {
example.com {
path = "/etc/mail/dkim/example.com.key";
selector = "20250901";
}
}
Can anyone kindly tell me where else can I look to sort this problem?
Many thanks in advance.
Environment: OpenBSD 7.8-beta, rspamd-3.12.1p1, redis-6.2.19,
opensmtpd-filter-rspamd-0.1.8p0
