On Mon, Jun 27, 2022 at 12:00:20AM +0200, Maurizio Caloro <mauri...@caloro.ch> wrote:
> > setup also opendkim and will appear now the error "key data is not secure: / > is writeable and owned by uid 110 which is not the executing uid (115)" > it's seem that i have permission issue? > > # opendkim -V > opendkim: OpenDKIM Filter v2.11.0 > Compiled with OpenSSL 1.1.1n 15 Mar 2022 > > systemctl > nmail opendkim: nmail._domainkey.caloro.ch: key data is not secure: / is > writeable and owned by uid 110 which is not the executing uid (115) or the > superuser > nmail opendkim: CC0E640: not authenticated > nmail opendkim: CC0E640: DKIM verification successful > nmail opendkim: CC0E640: s=nmail d=caloro.ch SSL > nmail opendkim: nmail._domainkey.caloro.ch: key data is not secure: / is > writeable and owned by uid 110 which is not the executing uid (115) or the > superuser > nmail opendkim: 09D30: DKIM-Signature field added (s=nmail, d=caloro.ch) > > iam also reading that this "opendkim-testkey: key not secure" would mean > that DNSSEC > # opendkim-testkey -d caloro.ch -s nmail -vvvv > opendkim-testkey: using default configfile /etc/opendkim.conf > opendkim-testkey: key loaded from /etc/opendkim/key/dkim.key > opendkim-testkey: checking key 'nmail._domainkey.caloro.ch' > opendkim-testkey: key not secure > opendkim-testkey: PEM_read_bio_PrivateKey() failed error:0909006C:PEM > routines:get_name:no start line > > cat /etc/passwd /etc/group | grep 115 110 > postfix:x:115: > postfix:x:109:115::/var/spool/postfix:/bin/false > opendkim:x:115:121::/var/run/opendkim:/bin/false > messagebus:x:110: > messagebus:x:105:110::/var/run/dbus:/bin/false > bind:x:110:117::/var/cache/bind:/bin/false The above command/output is confusing. "grep 115 110" isn't right. I think you meant: egrep -w '110|115' /etc/passwd /etc/group # but /etc/group is not relevant Anyway, it looks like uid 110 is the user bind and uid 115 is the user opendkim. The error message seems to be referring to the directory / as having the wrong ownership. / would not be owned by the user bind. Is it referring to a chroot'ed directory? Or am I misinterpreting the what the error message is saying? Is there an opendkim forum where you could ask about opendkim's error messages? It seems unlikely that anything owned by the user bind would be involved. Unless somehow a "chown bind /" command has been executed by mistake. > File and owner Security also are correct > > /etc/bind# ls -la /etc/opendkim/key/ > -rw------- 1 opendkim opendkim 51 Jun 26 22:50 dkim.key > -rw------- 1 opendkim opendkim 1675 Jun 26 22:50 nmail.private > -rw------- 1 opendkim opendkim 506 Jun 26 22:50 nmail.txt > > thanks for any help > regards cheers, raf
