Hi,
I’m in the process of migrating a postfix server from CentOS to FreeBSD 10.1. I just installed the opendkim binary package using pkg, and copied my configuration files and keys from the old centos box. Both machines are running the same version of opendkim (2.9.2).
When I try to send mail the following error is reported in maillog:
Nov 29 14:21:19 mx opendkim[9848]: default._domainkey.<domain>: key data is not secure: opendkim is in group 6 which has multiple users (e.g., "pop”)
According to the message the opendkim is a member of group 6 (mail), which is definitely not the case:
$ id opendkim
uid=127(opendkim) gid=127(opendkim) groups=127(opendkim)
The service is running as opendkim user:
$ ps aux | grep opendkim
opendkim 9848 0.0 0.8 41152 7780 - Is 2:21PM 0:00.02 /usr/local/sbin/opendkim -l -u 127 -P /var/run/milteropendkim/pid -x /var/mail/vmail/opendkim.conf
When I search for this error the only result that I get is about users that have their keys group/world readable, which is not the case:
# ls -hl
total 32
-rw-r----- 1 opendkim opendkim 469B Nov 29 11:55 KeyTable
-rw-r----- 1 opendkim opendkim 1.3K Nov 29 12:22 SigningTable
-rw-r----- 1 opendkim opendkim 369B Oct 28 11:37 TrustedHosts
dr-x------ 4 opendkim opendkim 512B Oct 27 16:53 keys
The keys directory and it’s children have the same permissions (files -x).
The error message seems to imply that the opendkim user is in the group with id 6 (mail), which is not the case. However, the postfix user is in that group. I’m not sure what is going on here.
--
- Tiemo
Received on Sun Nov 30 2014 - 07:17:45 PST