Date: Thu, 11 Jul 2024 00:05:10 +0100 From: "Souji Thenria" <mail@souji-thenria.net> To: "D'Arcy Cain" <darcy@druid.net>, <questions@freebsd.org> Subject: Re: Strange OpenDKIM error Message-ID: <D2M8HAWDYRXM.F95XKS9G2E4U@souji-thenria.net> In-Reply-To: <8af87a11-7835-4cbe-8949-0920b8824d70@druid.net> References: <8af87a11-7835-4cbe-8949-0920b8824d70@druid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--9b31c8bf45dae9d9c720be74bdc05bd0b8e265a550113e8279c2e8563429 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8; format=Flowed On Wed Jul 10, 2024 at 9:34 PM BST, D'Arcy Cain wrote: > Not sure what changed here but suddenly OpenDKIM won't read my key=20 > files. The error is: > > key data is not secure: opendkim is in group 0 which has multiple=20 > users (e.g., "darcy") > > Of course I am in the wheel group or else I couldn't become root. What= =20 > I don't understand is, why does it think that opendkim is in group 0. > > # id opendkim > uid=3D104(opendkim) gid=3D104(opendkim) groups=3D104(opendkim) > > I upgraded from 14.0 to 14.1 but that was about a week ago. I upgraded= =20 > to newly built packages around the same time. This only started today=20 > at 13:42:26. > > I have turned off DKIM signing for now but obviously I can't leave it=20 > that way. Too many places reject unsigned emails. Can anyone help me=20 > debug this issue? > > Cheers. Hey, Taking a look into the source code, it looks like OpenDKIM fails at a section titled: /* group write needs to be super-user or me only */ Further down are two checks with the comments: /* check if anyone else has this file's gid */ /* check if this group contains anyone else */ Based on this, maybe the group of your key file is wheel, and since you are also in this group, it fails. So, if you change the group of the file to opendkim, it might work. Regards, Souji --=20 Souji Thenria Website: www.souji-thenria.net --9b31c8bf45dae9d9c720be74bdc05bd0b8e265a550113e8279c2e8563429 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSG4/SRE6pqved9MLdAFYmA9YTsaAUCZo8TpwAKCRBAFYmA9YTs aBBpAQCN3HHbeRNhf0UzBbsahWw7zndzOQjEKDUdQhG5Fg2l7gD/SPYXyZZTL5XQ k4x4JVx+OXRPOU0CSl2CREeGNFatNQQ= =QPSA -----END PGP SIGNATURE----- --9b31c8bf45dae9d9c720be74bdc05bd0b8e265a550113e8279c2e8563429--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D2M8HAWDYRXM.F95XKS9G2E4U>