Skip to content
Snippets Groups Projects
Verified Commit e764e658 authored by Quentin Duchemin's avatar Quentin Duchemin
Browse files

[Mail] Set RequireSafeKeys to false for OpenDKIM 

This is because OpenDKIM requires the private key to be writable only by the user opendkim and root.

But the postfix user is a member of the opendkim group, which triggers OpenDKIM (even if the key permissions are set to 0600).

We cannot remove postfix from opendkim group because it needs to access the Milter service running in /opendkim/opendkim.sock.

It would also be possible to chown opendkim:postfix /opendkim/opendkim.sock, but I don't know if it would solve the problem.

The fact is : the container runs as root, if it get compromised the private key will not be safe anyway.
parent 3d5a2667
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
pica-mail/pica-mail-mta/spam/opendkim.conf
+ 1
0
View file @ e764e658
......@@ -96,3 +96,4 @@ Background yes
DNSTimeout 5
SignatureAlgorithm rsa-sha256
OversignHeaders From
RequireSafeKeys false
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment