#13 opendkim-testkey: key OK but error loading key 'default._domainkey.nieuwsbrief.it'
opendkim-testkey -d nieuwsbrief.it -s default -k /etc/opendkim/keys/nieuwsbrief.it/default.private -vvv
Result:
opendkim-testkey: /etc/opendkim/keys/nieuwsbrief.it/default.private: WARNING: unsafe permissions
opendkim-testkey: key loaded from /etc/opendkim/keys/nieuwsbrief.it/default.private
opendkim-testkey: checking key 'default._domainkey.nieuwsbrief.it'
opendkim-testkey: key not secure
opendkim-testkey: key OK
Now i sent a mail. The logs say:
Jun 5 16:55:31 nieuwsbrief postfix/pickup[1439]: 86FA410452C: uid=0 from=root@nieuwsbrief.it
Jun 5 16:55:31 nieuwsbrief postfix/cleanup[1459]: 86FA410452C: message-id=1370442628.31166@nieuwsbrief.it
Jun 5 16:55:31 nieuwsbrief opendkim[1273]: default._domainkey.nieuwsbrief.it: key data is not secure
Jun 5 16:55:31 nieuwsbrief opendkim[1273]: 86FA410452C: error loading key 'default._domainkey.nieuwsbrief.it'
Jun 5 16:55:31 nieuwsbrief postfix/cleanup[1459]: 86FA410452C: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=root@nieuwsbrief.it to=ronald@https-ict.nl
Im running
Postfix version 2.9.6
Ubuntu Linux 12.04.2 Linux 3.2.0-40-generic
It is a webserver with Apache and MySQL but nothing fancy (you could say default LAMP from a Ubuntu install).
error loading key would suggest a rights issue when googling but nothing works
OpenDKIM is running as user opendkim
Chown the key folder to opendkim and chmod to 644 ir even 777 did not help.
it is alomost like openDKIM does not have DNS but pinging and sending mail with openDKIM stopped works fine
It also worked for a while but when adding the third domain, it stopped working.
When it was working it sayd default._domainkey.nieuwsbrief.it: key data is not secure but i guess file rights of 777 does that. although chown to opendkim:opendkim and right 700 did not solve that (made the key unreadable even?!)
Playing with rights solved it....
But everything i tried i did before but somehow it helped.
I did create de KeyTable file and SigningTable files from scratch with nano
chown -R opendkim:opendkim /etc/opendkim/keys
chmod -R 700 /etc/opendkim/keys
/etc/init.d/opendkim restart
and success!:
Jun 5 17:47:26 nieuwsbrief postfix/pickup[2817]: 00CA7FF64D: uid=0 from=root@nieuwsbrief.it
Jun 5 17:47:26 nieuwsbrief postfix/cleanup[12072]: 00CA7FF64D: message-id=1370447245.12064@nieuwsbrief.it
Jun 5 17:47:26 nieuwsbrief postfix/qmgr[2818]: 00CA7FF64D: from=root@nieuwsbrief.it, size=392, nrcpt=1 (queue active)
Jun 5 17:47:56 nieuwsbrief postfix/smtp[12074]: 00CA7FF64D: to=ronald@https-ict.nl, relay=mail.https-ict.nl[213.154.249.204]:25, delay=31, delays=0.2/0.02/31/0.01, dsn=2.0.0, status=sent (250 2.0.0 51af5dac-0000237a Message accepted for delivery)
Jun 5 17:47:56 nieuwsbrief postfix/qmgr[2818]: 00CA7FF64D: removed
Solved.. But error reporting might be a bit more :-)
As of v2.8.1, the reason for "key data is not secure" is logged. The error you pasted must be from an earlier version.