key data is not secure

From: Chris <ctlajoie_at_gmail.com>
Date: Mon, 10 Jan 2011 20:23:49 -0700

Hi, I'm trying to set up OpenDKIM on my mail server with Postfix and
I'm getting a "key data is not secure" error in my maillog. I followed
Steve Jenkins' guide:
http://stevejenkins.com/blog/2010/09/how-to-get-dkim
The server setup he's using is identical to what I'm running (CentOS
5.5 + Postfix). I used OpenDKIM 2.2.2, compiled from source. I changed
the locations of certain files from the ones used in his guide, but
other than that, I followed it closely.

Here's what I'm seeing in my maillog when I attempt to send mail that
should get signed:

Jan 10 19:27:47 etriplinux opendkim[27024]:
default._domainkey.etriptrader.com: key data is not secure
Jan 10 19:27:47 etriplinux opendkim[27024]: (unknown-jobid): error
loading key `default._domainkey.etriptrader.com'
Jan 10 19:27:47 etriplinux postfix/cleanup[28371]: 6373C251D14:
milter-reject: END-OF-MESSAGE from
office.etriptrader.com[75.160.176.230]: 4.7.1 Service unavailable -
try again later; from=<chris_at_etriptrader.com> to=<ctlajoie_at_gmail.com>
proto=ESMTP helo=<[192.168.1.200]>

The last two lines are likely a result of the first, so that's where
I'm focusing my attention. I checked the permissions on that private
key file in /etc/dkim/keys/etriptrader.com, and here's the output from
ls -l:
-rw-r--r-- 1 opendkim opendkim 887 Jan 10 14:30 default

looks fine to me, but I don't know what I'd be looking for, other than
making sure the opendkim user owns it.

Here's the contents of my /etc/dkim/keyTable file:
default._domainkey.etriptrader.com
etriptrader.com:default:/etc/dkim/keys/etriptrader.com/default

And here's the contents of my signTable file:
chris_at_etriptrader.com default._domainkey.etriptrader.com

Anyone have any ideas why its not working?

Chris
Received on Tue Jan 11 2011 - 03:24:04 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:15 PST