0

An email is not being sent and being logged by Postfix with the following error

default._domainkey.example.ws: key data is not secure: /etc/opendkim/keys/example.ws/default.private  
is in group 124 which has multiple users (e.g., "postfix")
[...]
 milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later;

Testing the key returns as expected

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.example.ws'
opendkim-testkey: key not secure
opendkim-testkey: key OK

Directory /etc/opendkim/keys/example.ws/ shows the following files and permissions

drwxr-xr-x  2 opendkim opendkim 4096 Apr 28 09:03 .
drwxr--r-- 10 opendkim opendkim 4096 Apr 28 09:01 ..
-rw-r--r--  1 opendkim opendkim 1679 Apr 28 09:02 default.private
-rw-r--r--  1 opendkim opendkim  536 Apr 28 09:03 default.txt

These stay unmodified if the following is run

chown opendkim:opendkim /etc/opendkim/keys/example.ws/default.private

What should one do to resolve the multiple users issue?

2 Answers 2

2

The default.private is globally readable. Simply changing the permissions will get rid of the warning, but it does not change the fact that such key should be considered compromised and, therefore, changed.

chmod 640 /etc/opendkim/keys/example.ws/default.private
0

The error message is pretty clear. There are multiple users in the group, so the file permissions are not considered secure. Either make it not group readable, or change the group to a group with one member, or remove the other members from the group.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .