Tom Browder:
> On 3 September 2017 at 12:08, pgndev <[email protected]> wrote:
> ...
>
> Thanks for all the responses.
>
> Does everyone agree with pgndev's detailed cookbook recipe?
No, that advice is incorrect.
1) Specify the opendkim '-u' option with an account that is not
used by anything else. Not postfix. Not wwww. Not your personal
account.
2) Make opendkim files/directories owned by root and writable
only by root.
3) Start opendkim as root (DO NOT use systemd user/group settings),
Don't believe info from archwiki or other non-Postfix sites.
They give bad advice such as sharing groups with Postfix
or making opendkim files writable by the opendkim process.
Wietse
