OpenDKIM – permission issues

magmaus3@szmer.info to Selfhosted@lemmy.world – 17 points –

Hello, I'm currently trying to set up an email server with the help of emailwiz, but I'm encountering issues with OpenDKIM not being able to access key files.

Permissions of the key folder (in /etc/postfix/dkim/):

drw-r----- 2 opendkim opendkim 4096 Jul 30 19:45 magmaus3.eu.org

Key permissions:

-rw-r----- 1 opendkim opendkim 1679 Jul 30 19:45 mail.private
-rw-r----- 1 opendkim opendkim  505 Jul 30 19:45 mail.txt

And when trying to open the files as opendkim, I get Permission denied errors.

4

What are the rights of the directories? (dkim and postfix directory)

I see only r for group, not other, so I'm expecting /etc/postfix to be 750 as well for group postfix. (is opendkim user member of that group?) You need 751 (x for other on dir) to be able to get to directories in that directory.

Previous permissions:

Permissions for the /etc/postfix:

drwxr-xr-x  6 postfix  postfix   4096 Jul 30 19:45 postfix

And the contents:

drwxr-x--- 3 opendkim opendkim  4096 Jul 30 19:24 dkim
-rw-r--r-- 1 postfix  postfix     96 Jul 30 19:16 dynamicmaps.cf
drwxr-xr-x 2 postfix  postfix   4096 Jan 22  2023 dynamicmaps.cf.d
-rw-r--r-- 1 postfix  postfix    114 Jul 30 19:45 header_checks
-rw-r--r-- 1 postfix  postfix     33 Jul 30 19:45 login_maps.pcre
-rw-r--r-- 1 postfix  postfix   2977 Jul 31 13:57 main.cf
-rw-r--r-- 1 postfix  postfix  27124 Jul 30 19:16 main.cf.proto
lrwxrwxrwx 1 postfix  postfix     31 Jul 30 19:17 makedefs.out -> /usr/share/postfix/makedefs.out
-rw-r--r-- 1 postfix  postfix   7096 Jul 30 19:45 master.cf
-rw-r--r-- 1 postfix  postfix   6247 Jul 30 19:16 master.cf.proto
-rw-r--r-- 1 postfix  postfix  10268 Jan 22  2023 postfix-files
drwxr-xr-x 2 postfix  postfix   4096 Jul 30 19:17 postfix-files.d
-rwxr-xr-x 1 postfix  postfix  11651 Jan 22  2023 postfix-script
-rwxr-xr-x 1 postfix  postfix  29872 Jan 22  2023 post-install
drwxr-xr-x 2 postfix  postfix   4096 Jan 22  2023 sasl

And for /etc/postfix/dkim folder:

-rwxr-x--- 1 opendkim opendkim  100 Jul 30 19:24 keytable
drw-rw---- 2 opendkim opendkim 4096 Jul 30 19:45 magmaus3.eu.org
-rwxr-x--- 1 opendkim opendkim   50 Jul 30 19:24 signingtable
-rwxr-x--- 1 opendkim opendkim   22 Jul 30 19:24 trustedhosts
3 more...
3 more...

Maybe you can compare to what mailcow or docker-mailserver provide to their users.