Hello, I’m currently trying to set up an email server with the help of emailwiz, but I’m encountering issues with OpenDKIM not being able to access key files.
Permissions of the key folder (in /etc/postfix/dkim/
):
drw-r----- 2 opendkim opendkim 4096 Jul 30 19:45 magmaus3.eu.org
Key permissions:
-rw-r----- 1 opendkim opendkim 1679 Jul 30 19:45 mail.private
-rw-r----- 1 opendkim opendkim 505 Jul 30 19:45 mail.txt
And when trying to open the files as opendkim, I get Permission denied
errors.
What are the rights of the directories? (dkim and postfix directory)
I see only r for group, not other, so I’m expecting /etc/postfix to be 750 as well for group postfix. (is opendkim user member of that group?) You need 751 (x for other on dir) to be able to get to directories in that directory.
Previous permissions:
Permissions for the
/etc/postfix
:drwxr-xr-x 6 postfix postfix 4096 Jul 30 19:45 postfix
And the contents:
drwxr-x--- 3 opendkim opendkim 4096 Jul 30 19:24 dkim -rw-r--r-- 1 postfix postfix 96 Jul 30 19:16 dynamicmaps.cf drwxr-xr-x 2 postfix postfix 4096 Jan 22 2023 dynamicmaps.cf.d -rw-r--r-- 1 postfix postfix 114 Jul 30 19:45 header_checks -rw-r--r-- 1 postfix postfix 33 Jul 30 19:45 login_maps.pcre -rw-r--r-- 1 postfix postfix 2977 Jul 31 13:57 main.cf -rw-r--r-- 1 postfix postfix 27124 Jul 30 19:16 main.cf.proto lrwxrwxrwx 1 postfix postfix 31 Jul 30 19:17 makedefs.out -> /usr/share/postfix/makedefs.out -rw-r--r-- 1 postfix postfix 7096 Jul 30 19:45 master.cf -rw-r--r-- 1 postfix postfix 6247 Jul 30 19:16 master.cf.proto -rw-r--r-- 1 postfix postfix 10268 Jan 22 2023 postfix-files drwxr-xr-x 2 postfix postfix 4096 Jul 30 19:17 postfix-files.d -rwxr-xr-x 1 postfix postfix 11651 Jan 22 2023 postfix-script -rwxr-xr-x 1 postfix postfix 29872 Jan 22 2023 post-install drwxr-xr-x 2 postfix postfix 4096 Jan 22 2023 sasl
And for
/etc/postfix/dkim
folder:-rwxr-x--- 1 opendkim opendkim 100 Jul 30 19:24 keytable drw-rw---- 2 opendkim opendkim 4096 Jul 30 19:45 magmaus3.eu.org -rwxr-x--- 1 opendkim opendkim 50 Jul 30 19:24 signingtable -rwxr-x--- 1 opendkim opendkim 22 Jul 30 19:24 trustedhosts
I don’t think that works, the opendkim user doesn’t have access to the postfix folder.
I have it in opendkim and postfix groups, and it can read files (but it can’t write them)
Maybe you can compare to what mailcow or docker-mailserver provide to their users.