[BlueOnyx:25920] Re: DKIM

[Matthew Komar]

I've not touched any of this stuff, but I'd follow up on:

Jan 13 09:20:19 smtp opendkim[1680862]: default._domainkey.xxxonline.uk:
key data is not secure: /etc/opendkim/keys/xxxonline.uk/default.private is
in group 0 which has multiple users (e.g. "sync")

On Fri, Jan 13, 2023, 04:27 Richard Sidlin <richard at helpinternet.co.uk>
wrote:

> > >
> > > Hi Richard,
> > >
> > > Let's sum this up:
> > >
> > > Enable DKIM on the SMTP server. Confirm that the SMTP server has no
> > > Vsite with the same hostname as the one from the separate POP3/IMAP
> > > server that you want to protect with DKIM.
> > >
> > > Copy /etc/opendkim/keys/<domain-1> from your POP3/IMAP server to
> > the
> > > SMTP server.
> > >
> > > On the POP3/IMAP server open /etc/opendkim/KeyTable in an editor.
> > > There should be a line like this:
> > >
> > > default._domainkey.<domain-1>
> > > <domain-1>:default:/etc/opendkim/keys/<domain-1>/default.private
> > >
> > > Copy that line and paste it into /etc/opendkim/KeyTable on the SMTP
> > server.
> > >
> > > Back to the POP3/IMAP server: Open up /etc/opendkim/SigningTable in an
> > > editor. From there you may have to find and copy multiple lines. You
> > > they may look similar to this:
> > >
> > > *@<domain-1> default._domainkey.<domain-1> *@www.<domain-1>
> > > default._domainkey.<domain-1> *@mail.<domain-1>
> > > default._domainkey.<domain-1>
> > >
> > > Copy these lines to /etc/opendkim/SigningTable on the SMTP server and
> > > save the changes.
> > >
> > > Make sure the ownerships of these files are still correct by running
> this:
> > >
> > > chown -R opendkim:opendkim /etc/opendkim
> > >
> > > Then restart OpenDKIM and try it out:
> > >
> > > systemctl restart opendkim
> > >
> > > That should do the trick.
> > >
> > Maybe something missing. Getting this error:
> >
> > Jan 13 09:00:57 smtp sendmail[1678752]: 30D90oP21678752:
> > from=<timing at xxxonline.uk>, size=20218, class=0, nrcpts=1,
> > msgid=<003201d9272d$8956d0c0$9c047240$@xxxonline.uk>,
> > proto=ESMTPSA, daemon=MSA, relay=cpc123404-stev9-2-0-custxx.9-
> > 2.cable.virginm.net [xx.29.49.36] Jan 13 09:00:57 smtp
> opendkim[1678161]:
> > can't load key from /etc/opendkim/keys/xxxonline.uk/default.private: No
> > such file or directory Jan 13 09:00:57 smtp opendkim[1678161]:
> > 30D90oP21678752: error loading key 'default._domainkey.xxxonline.uk'
> > Jan 13 09:00:57 smtp sendmail[1678752]: 30D90oP21678752: Milter: data,
> > reject=451 4.3.2 Please try again later Jan 13 09:00:57 smtp
> > sendmail[1678752]: 30D90oP21678752: to=<rich.sidlin at gmail.com>,
> > delay=00:00:07, pri=50218, stat=Please try again later
> >
>
> Sorry, forget the last message, I forgot to copy the keys folder over.
> However, this is the error I'm now getting.
>
> Jan 13 09:20:19 smtp sendmail[1681008]: 30D9KIJ91681008: from=<
> timing at xxxonline.uk>, size=20209, class=0, nrcpts=1,
> msgid=<006e01d92730$4193d0a0$c4bb71e0$@xxxonline.uk>, proto=ESMTPSA,
> daemon=MSA, relay=cpc123404-stev9-2-0-custxx.9-2.cable.virginm.net
> [xx.29.49.36]
> Jan 13 09:20:19 smtp opendkim[1680862]: default._domainkey.xxxonline.uk:
> key data is not secure: /etc/opendkim/keys/xxxonline.uk/default.private
> is in group 0 which has multiple users (e.g. "sync")
> Jan 13 09:20:19 smtp opendkim[1680862]: 30D9KIJ91681008: error loading key
> 'default._domainkey.xxxonline.uk'
> Jan 13 09:20:19 smtp sendmail[1681008]: 30D9KIJ91681008: Milter: data,
> reject=451 4.3.2 Please try again later
> Jan 13 09:20:19 smtp sendmail[1681008]: 30D9KIJ91681008: to=<
> rich.sidlin at gmail.com>, delay=00:00:00, pri=50209, stat=Please try again
> later
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230113/67457135/attachment.html>