hi, in the rspamd guy i noticed this error for every key: cannot load dkim key /var/lib/rspamd/dkim/XXX.de.private: cannot stat key file: '/var/lib/rspamd/dkimXXX.de.private' Permission denied owner of the file is root:root. permission ist 644 Owner of the folder /var/lib/rspamd/dkim is clamav:redis permission is 750 Owner of the folder /var/lib/rspamd is _rspamd:_rspamd When I change permission of the folder /var/lib/rspamd/dkim to 755 the error goes away and the sender email is dim signed. so, what are the right owner and permissions of the folders and files there?
On debian 11: Code: # ls -ld /var/lib/rspamd/{,dkim/} ls: cannot access '/var/lib/rspamd/dkim/': No such file or directory drwxr-x--- 2 _rspamd _rspamd 270336 Sep 30 14:33 /var/lib/rspamd/ That missing directory is not a path used by rspamd on an ISPConfig server; what do you have in your /etc/rspamd/local.d/dkim_signing.conf ?
ubuntu 20.04 Code: try_fallback = false; use_esld = false; path_map = "/etc/rspamd/local.d/dkim_domains.map"; selector_map = "/etc/rspamd/local.d/dkim_selectors.map"; in the dkim_domains.map are the pathes /var/lib/rspamd/dkim/... also this is the entry in ISPConfig /System/Config/Mail/DKIM Path
Curious, I'd expect ubuntu to be the same as Debian. In the debain rspamd package, the behavior you describe isn't enabled by default, but would be enabled by uncommenting lines in /etc/rspamd/modules.d/dkim_signing.conf (or more properly, creating the local.d/dkim_signing.conf with that), and even if you had done that, setting try_fallback = false explicitly disables it. Did you perhaps create a /etc/rspamd/override.d/dkim_signing.conf which is causing your troubles?
You could search through /etc/rspamd/ to see where it's setup; I don't have a Ubuntu server to reference offhand.
if it's any help, on a very recently installed 3.2.6 (autoinstaller) on ubuntu 20.04, with no changes made to any rspamd config.... the files are /etc/rspamd/* and /etc/rspamd/modules.d/dkim_signing.conf contains (amonst other settings) Code: try_fallback = true; .include(try=true,priority=5) "${DBDIR}/dynamic/dkim_signing.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/dkim_signing.conf" .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/dkim_signing.conf" /etc/rspamd/local.d is root:root and 755. files inside that folder are root:root and 644 except classifier-bayes.conf, redis.conf and worker-controller.inc which are root:_rspamd and 640 /etc/rspamd/local.d/dkim_signing.conf contains (in entirety): Code: try_fallback = false; use_esld = false; path_map = "/etc/rspamd/local.d/dkim_domains.map"; selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
That looks exactly like the debian setup, which is what I would expect. @chico11mbit, do you have /var/lib/rspamd/dkim/ set as the "DKIM Path" in your server config? That isn't the default value, but I belive would land the key files there. As for ownership/permissions, change /var/lib/rspamd/dkim/ to be _rspamd:_rspamd and mode 750; if rspamd is what reads it, neither clamavis nor redis would need access to the keys. In fact checking server/plugins-available/mail_plugin_dkim.inc.php, that's exactly what should happen, the only way it wouldn't seems to be if neither amavis nor rspamd were installed at the time the plugin first ran and created that directory (in which case it would be owned by root:root and mode 755). Not sure what happened to yours.
Yepp. /var/lib/rspamd/dkim/ is set as the "DKIM Path. How can I repair it? Which entry i have to make there? And when I change it, must I move files in the console to another directory? Also there are a lot of files *.hsmp, *.hs and *.map in /var/lib/rspamd/ Is this correct?
chown and chmod: Code: chown _rspamd:_rspamd /var/lib/rspamd/dkim/ chmod 750 /var/lib/rspamd/dkim/ I don't understand. No. Yes.
