Comments (11)
I see. This may be a weird bug on our side that only surfaces during the update; I don't really know. I will close this for now; please let me know when it pops back up.
from docker-mailserver.
<filename>= mydomain.zone
i.e. the whole domain part is the following:
domain {
mydomain.zone {
path = "/tmp/docker-mailserver/rspamd/dkim/mydomain.zone.private";
selector = "dkim1";
}
}
from docker-mailserver.
override.d/dkim_signing.conf
is the same as above, just with two domains.
I cannot reproduce the error (with/without LOG_LEVEL=trace
). To me it seems like a one-time error. chmod 644
wasn't really necessary.
In a backup from before the upgrade to 14.0.0 the files were owned by 113:115. After the update they are owned by 111:114 (_rspamd:_rspamd). I guess this change of ownership was done after the script complained about wrong rights during first start of 14.0.0.
from docker-mailserver.
root@mail:/# ls -lha /tmp/docker-mailserver/rspamd/dkim
total 8.0K
drwxr-xr-x. 2 _rspamd _rspamd 56 Apr 20 2023 .
drwxr-xr-x. 3 redis _rspamd 46 Apr 4 12:25 ..
-rw-r-----. 1 _rspamd _rspamd 1.7K Apr 20 2023 mydomain.zone.private
-rw-r--r--. 1 _rspamd _rspamd 452 Apr 20 2023 mydomain.zone.txt
root@mail:/# ls -nh /tmp/docker-mailserver/rspamd/dkim/mydomain.zone.private
-rw-r-----. 1 111 114 1.7K Apr 20 2023 /tmp/docker-mailserver/rspamd/dkim/mydomain.zone.private
I suppose to agree with @some-user123 regarding one-time error, the warning is gone after I restarted the DMS with
docker-compose down && docker-compose up -d
from docker-mailserver.
Please note that this response was created using generative AI, leveraging previously available information from the repository. This information may be helpful. However, it is our strong recommendation that you carefully consider the information before blindly applying it.
This response is generated only once - you will not be able to interact with the glime-ai.
It seems like you are encountering a permissions issue with the Rspamd DKIM private key file after upgrading to version 14.0.0. This issue was previously addressed in PR #3669, but it appears to have resurfaced.
To help resolve this, please check the following:
-
File Ownership and Permissions: Ensure that the DKIM private key file has the correct ownership and permissions. The file should be owned by the
_rspamd
user and group, and should not be world-readable. You can set the correct permissions using the following commands:chown _rspamd:_rspamd /tmp/docker-mailserver/rspamd/dkim/<filename>.private chmod 600 /tmp/docker-mailserver/rspamd/dkim/<filename>.private
-
Configuration Changes: Verify if there have been any changes in the configuration files that might affect the permissions or ownership settings.
-
Logs: Check the logs for any additional error messages that might provide more context on the issue.
If the issue persists, please provide more details about your configuration and any relevant log output to help diagnose the problem further.
This comment was generated by Glime.
from docker-mailserver.
(Rspamd setup) Rspamd DKIM private key file '/tmp/docker-mailserver/rspamd/dkim/.private' does not appear to have correct permissions/ownership for Rspamd to use it
This seems to indicate the setup procedure may have parsed the configuration wrong. Please post the contents of /etc/rspamd/local.d/dkim_signing.conf
or /etc/rspamd/local.d/dkim_signing.conf
, or both if you have both.
from docker-mailserver.
@georglauterbach I only have this config (and it wasn't changed on DMS update):
root@mail:/# cat /etc/rspamd/override.d/dkim_signing.conf
# documentation: https://rspamd.com/doc/modules/dkim_signing.html
enabled = true;
sign_authenticated = true;
sign_local = true;
use_domain = "header";
use_redis = false; # don't change unless Redis also provides the DKIM keys
use_esld = true;
check_pubkey = true;
domain {
mydomain.zone {
path = "/tmp/docker-mailserver/rspamd/dkim/<filename>.private";
selector = "dkim1";
}
}
from docker-mailserver.
You seem to have anonymised <filename>
; this was not only not necessary (it is not security-related information), I actually need to know exactly this line for my investigation. Hence, please tell me what <filename>
really is.
from docker-mailserver.
Thanks! I will check the logic later and report back.
from docker-mailserver.
I'm experiencing the same issue (also no local.d
, but only override.d/dkim_signing.conf
.
For me it helped as a workaround to set permissions of *.private.txt
to 644
instead of 640
.
from docker-mailserver.
Our script should be parsing this file correctly. Can you use LOG_LEVEL=trace
and provide the Rspamd-related log? I am looking for a line that reads Checking DKIM file '<FILE>'
.
Please also check whether a hidden file exists in /tmp/docker-mailserver/rspamd/dkim
by running ls -lha /tmp/docker-mailserver/rspamd/dkim
.
Please also post the output of ls -lh /tmp/docker-mailserver/rspamd/dkim/mydomain.zone.private
.
@some-user123 please also provide your full override.d/dkim_signing.conf
and the output of ls -lh <PATH TO YOUR PRIVATE KEY FILE>
.
from docker-mailserver.
Related Issues (20)
- question: Why does `DEFAULT_RELAY_HOST` fail to authenticate? (DMS release prior to v14) HOT 3
- bug report: Postfix logs the error `fatal: bad string length 0 < 1: virtual_mailbox_base` HOT 4
- question: How to send email on port 465 without using a relay HOT 10
- Question: How to add reply-to header information HOT 1
- [TODO]: `SMTP_ONLY=1` feature should swap `virtual_mailbox_domains` with `virtual_alias_domains`
- bug report: `postfix-main.cf` is appending warnings to `/etc/postfix/main.cf` HOT 7
- [TODO]: Small tasks
- other: Proposal to change Getmail working directory HOT 8
- [TODO]: DMS v14 regression - Container restart support may fail due to unclean exit
- bug report: `postconf: fatal: open /etc/postfix/main.cf for reading: No such file or directory` HOT 2
- bug report: configured dovecot stats/metrics are always 0 HOT 6
- bug report: start-mailserver.sh says the alias will not be added twice HOT 4
- bug report: Rspamd DKIM private key file '/tmp/docker-mailserver/rspamd/dkim/$domain/$selector.private' is configured for usage, but does not appear to exist
- bug report: target/dovecot/auth-ldap.conf.ext missing in Dockerfile HOT 3
- other: Add `autoexpunge` to mailboxes HOT 6
- bug report: Dovecot compression not working HOT 11
- bug report: built-in documentation does not give an example for rspamd-dkim's keytype HOT 1
- How to allow anonymous email sending from my local network. HOT 1
- [TODO]: Link to the new docs location for next release
- bug report: rspamd -> clamav doesn't scan mails HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-mailserver.