At 08:50 19-05-2009, Greig Daines wrote:
We are running Postfix with dkim-filter and dk-filter (v 1.0.1).
The latest version of dk-filter is 1.0.2.
We send mail for multiple domains and each domain has a different
private key (each stored within it's own file). The files are generated
>from a database every 15 minutes.
Are you generating the private key every 15 minutes?
The following shell script runs every 15 mins to restart the filters
(and Postfix too, but I've removed that bit):
dkim-filter can read the configuration without having to do a full restart.
This seems to work and I can see dkim-filter and dk-milter running, but
messages sometimes fail and I see the following in my Postfix logs:
May 19 15:54:01 mta1 dk-filter: 9816817E8EA: dk_getsig():
resource unavailable: PEM_read_bio_PrivateKey() failed
May 19 15:54:01 mta1 dk-filter: 9816817E8EA SSL
error:0906D066:PEM routines:PEM_read_bio:bad end line
Verify the private key file.
From some quick searches I see that the error is coming from OpenSSL
rather than dk-filter itself and is something to do with reading the
private keys. I suspect it has something to do with the fact are
private keys are being updated (although this is nearly always with
exactly the same content as the key would rarely, if ever, change) and
the restarting of the services.
The error is OpenSSL related. It has to do with reading the private key.
I don't normally post to lists as I try hard to resolve these things by
myself, but I am kind of stuck now. My questions really are:
1. Any ideas why I am getting these errors and why sometimes it works
sometimes it doesn't?
Try not updating the private key like you do and see whether you
still get these errors.
2. Do I need to be restarting the filters every time the keys/files are
updated with new domains or will they pick them up automatically?
You have to restart dk-filter. For dkim-filter, you don't need a full restart.
3. Do the filters need to be restarted when Postfix is restarted?
Finally, sorry for the long email!
You are excused. :-)
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
dk-milter-discuss mailing list