In nethserver 8, after generating dkim signature, the message isn’t signed with the dkim.
The error is the following from rspmd
cannot load dkim key /var/lib/rspamd/dkim/default.key: cannot map key file: ‘/var/lib/rspamd/dkim/default.key’ Permission denied
The file present in /home/mail1/.local/share/containers/storage/volumes/rspmd-data/_data/dkim/default.key has permission 600
For temporary fix change permission to 640
Yes, I can confirm. I had to struggle with this too.
root@mdol-ns8:~# runagent -m mail1
runagent: [INFO] starting bash -l
runagent: [INFO] working directory: /home/mail1/.config/state
mail1@mdol-ns8:~/.config/state$ ls
CACHEDIR.TAG apitoken.cache discovery.env environment rspamd.env
agent.env dh.pem dovecot.env pcdb
mail1@mdol-ns8:~/.config/state$ podman exec -ti rspamd ash
/ # ls /var/lib/rspamd/dkim/default.
default.key default.txt
/ # ls -l /var/lib/rspamd/dkim/default.key
-rw------- 1 root rspamd 1675 Jun 15 13:00 /var/lib/rspamd/dkim/default.key
/ # chmod g+r /var/lib/rspamd/dkim/default.key
/ # ls -l /var/lib/rspamd/dkim/default.key
-rw-r----- 1 root rspamd 1675 Jun 15 13:00 /var/lib/rspamd/dkim/default.key
You also have to set permissions for rspamd.
The solution comes from @mrmarkuz
There’s an open bug
a fix is going to be verified and released, the bug concerns only new installation from mail:1.4.3, the fix will take care only for new installation, for installation done from 1.4.3 you could fix them by a CLI
runagent -m mail1 podman exec -ti rspamd chmod g+r /var/lib/rspamd/dkim/default.key
Released in Release 1.4.4 · NethServer/ns8-mail · GitHub
At minute 94, @stephdl and @lucag persuaded me to automatically apply the fix to existing installations that were created with version 1.4.3.
Version 1.4.3, released on June 14, has seen many more new installations than I expected.
wise decision @davidep
