Re: "error loading key" and "key data is not secure", only from time to time...
On 15 sept. 2015, at 09:01, patpro_at_patpro.net wrote:
> Sep 14 22:00:22 ru opendkim[20323]: signlis: key data is not secure: /var/db/opendkim/listes.univ-lyon2.fr/201509-ed823624.private is in group 1003 which has multiple users (e.g., "opendkim")
> Sep 14 22:00:22 ru opendkim[20323]: 57BCC139A81: error loading key 'signlis'
> Sep 14 22:00:22 ru smtp/cleanup[89884]: 57BCC139A81: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<FOO_at_listes.univ-lyon2.fr> to=<BAR_at_sciencespo-lyon.fr> proto=ESMTP helo=<HOST.univ-lyon2.fr>
>
> and it happens only "some times", eg. for 0.25% of messages. Odd.
No more errors, so far, since I changed permissions of *.private as you advised me to.
>>> While I"m here: during my testings to find out what was wrong, I've used truss on the running opendkim process, and I was quite surprised to discover it stats /etc/nsswitch at a fast rate (more that 100 times per seconds). Is that expected?
>> that's definitely a question for the opendkim-dev list...
>
> I'll try there, then.
no need. After fixing file permissions, opendkim stats /etc/nsswitch about once per second. This is far better. Overall the rates of context switches and system calls have plummeted.
thanks,
pat
Received on Tue Sep 15 2015 - 09:52:48 PST
This archive was generated by hypermail 2.3.0
: Tue Sep 15 2015 - 10:00:01 PST