Re: "error loading key" and "key data is not secure", only from time to time...
On 15 sept. 2015, at 07:25, A. Schulze <sca_at_andreasschulze.de> wrote:
> Patrick Proniewski:
>
>> - majority of messages get signed anyway, leaving only 0.25% messages not signed
> depend on your setup. I guess these messages don't have a From header
> matching your signingdomain/signingtable ( DSN, Forwards, ... )
No, these messages look good, with From header and everything, the error is related to permissions:
Sep 14 22:00:22 ru opendkim[20323]: signlis: key data is not secure: /var/db/opendkim/listes.univ-lyon2.fr/201509-ed823624.private is in group 1003 which has multiple users (e.g., "opendkim")
Sep 14 22:00:22 ru opendkim[20323]: 57BCC139A81: error loading key 'signlis'
Sep 14 22:00:22 ru smtp/cleanup[89884]: 57BCC139A81: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<FOO_at_listes.univ-lyon2.fr> to=<BAR_at_sciencespo-lyon.fr> proto=ESMTP helo=<HOST.univ-lyon2.fr>
and it happens only "some times", eg. for 0.25% of messages. Odd.
I'll dig deeper, just in case.
>> - I've got another server, same exact settings, but running opendkim-2.9.2_6: no errors at all
> RELEASE_NOTES mention a code change in version 2.8.1. so also: no idea
>
>> While I"m here: during my testings to find out what was wrong, I've used truss on the running opendkim process, and I was quite surprised to discover it stats /etc/nsswitch at a fast rate (more that 100 times per seconds). Is that expected?
> that's definitely a question for the opendkim-dev list...
I'll try there, then.
Thank you!
Received on Tue Sep 15 2015 - 07:02:00 PST
This archive was generated by hypermail 2.3.0
: Tue Sep 15 2015 - 07:09:00 PST