Hi, Chris!
One thing I notice right away is that there are at least a couple of steps other than file locations that don't match the steps in my tutorial.
1) The owner and group of the keyfiles should be opendkim-milt.opendkim-milt, and you have "opendkim.opendkim" Make sure the user and group names are consistent across the entire install.
2) I also notice from your ls that your default keyfile is world and group readable. The tutorial states that it should have only user rw permissions (chmod 600).
I can't guarantee those will fix it, but try those two modifications and let us know if you get different results.
Best regards,
Steve
-----Original Message-----
From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Chris
Sent: Monday, January 10, 2011 7:24 PM
To: opendkim-users_at_lists.opendkim.org
Subject: key data is not secure
Hi, I'm trying to set up OpenDKIM on my mail server with Postfix and
I'm getting a "key data is not secure" error in my maillog. I followed
Steve Jenkins' guide:
http://stevejenkins.com/blog/2010/09/how-to-get-dkim
The server setup he's using is identical to what I'm running (CentOS
5.5 + Postfix). I used OpenDKIM 2.2.2, compiled from source. I changed
the locations of certain files from the ones used in his guide, but
other than that, I followed it closely.
Here's what I'm seeing in my maillog when I attempt to send mail that
should get signed:
Jan 10 19:27:47 etriplinux opendkim[27024]:
default._domainkey.etriptrader.com: key data is not secure
Jan 10 19:27:47 etriplinux opendkim[27024]: (unknown-jobid): error
loading key `default._domainkey.etriptrader.com'
Jan 10 19:27:47 etriplinux postfix/cleanup[28371]: 6373C251D14:
milter-reject: END-OF-MESSAGE from
office.etriptrader.com[75.160.176.230]: 4.7.1 Service unavailable -
try again later; from=<chris_at_etriptrader.com> to=<ctlajoie_at_gmail.com>
proto=ESMTP helo=<[192.168.1.200]>
The last two lines are likely a result of the first, so that's where
I'm focusing my attention. I checked the permissions on that private
key file in /etc/dkim/keys/etriptrader.com, and here's the output from
ls -l:
-rw-r--r-- 1 opendkim opendkim 887 Jan 10 14:30 default
looks fine to me, but I don't know what I'd be looking for, other than
making sure the opendkim user owns it.
Here's the contents of my /etc/dkim/keyTable file:
default._domainkey.etriptrader.com
etriptrader.com:default:/etc/dkim/keys/etriptrader.com/default
And here's the contents of my signTable file:
chris_at_etriptrader.com default._domainkey.etriptrader.com
Anyone have any ideas why its not working?
Chris
Received on Tue Jan 11 2011 - 04:47:01 PST