We use cookies to track usage and preferences.

Error DKIM Exim 4.94

Reported by: WapStyle
Created: 8 months 7 days ago
Last reply: 12 days ago
Views: 1545
  • Exim 4.94 throws an error (paniclog):
    2021-03-30 14:29:44 1lRAgx-0000MI-QJ Tainted filename '/opt/tinycp/domains/domen.ru/dkim.private.key'
    2021-03-30 14:29:44 1lRAgx-0000MI-QJ unable to open file for reading: /opt/tinycp/domains/domen.ru/dkim.private.key

    I wrote an error message in Discord, but the matter did not move.

    I found a problem, in the Exim config you need to replace the line with DKIM:

    dkim_private_key = /opt/tinycp/domains/${if eq {$sender_address_domain}{} {${domain:$reply_address}}{$sender_address_domain} }/dkim.private.key

    to another that the Exim support suggested in response to the error

    dkim_private_key = ${lookup {${sender_address_domain}} dsearch,ret=full {/opt/tinycp/domains} {$value/dkim.private.key} {false}}

    The error was expressed in the fact that the recipient of the letter did not see the DKIM signature after updating the Exim version I hope to fix it, otherwise after a reboot, the configuration returns to the old one and you have to manually return everything

    I was the only one faced with the fact that all outgoing letters are not signed with a DKIM signature and in fact are considered spam due to an erroneous config generated by TinyCP Dear developer, correct the error, otherwise after reboot you will have to change the exim4 config

    i think that i am facing this problem too and i could solve it
    maybe its the time to migrate to another Control Panel which can be more doumented

    WapStyle

    Hello from India,Your solution to the problem is working with me. Thanks for your contribution. As we go together with gradual improvement, TinyCP will work for us with low cost and a fantastic API library.

    i got it run with following steps: *** replace "your-domain.xyz" with your real domain...

    1. transform pkey to rsa key with via console:

    extract private key for public string to set DNS txt dkim._domainkey value
    file /opt/tinycp/domains/your-domain.xyz/dkim.private.key
    publik key extrahieren (for PKCS#8 to RSA) und rsa key erstellen
    openssl pkey -in /opt/tinycp/domains/your-domain.xyz/dkim.private.key -pubout -outform PEM 
    openssl rsa -in /opt/tinycp/domains/your-domain.xyz/dkim.private.key -out /opt/tinycp/domains/your-domain.xyz/dkim.private.rsa.key

    2. replace dkim_private_key at remote_transport in exim4.conf:  

    comment out this like here: 
    #dkim_private_key = /opt/tinycp/domains/${if eq {$sender_address_domain}{} {${domain:$reply_address}}{$sender_address_domain} }/dkim.private.key   

    and insert this:

    dkim_private_key = ${lookup{$sender_address_domain}dsearch{/opt/tinycp/domains/}{/opt/tinycp/domains/$value/dkim.private.rsa.key}}

    either is prevents untaind permission error an uses rsa instead of pem.

    3. finally set permission and of rsa key to user and group debian-exim for directory "/opt/tinycp/domains/your-domain.xyz" and dkim.private.rsa.key => replace "your-domain.xyz" with your domain! commands:

    chown Debian-exim:Debian-exim /opt/tinycp/domains/your-domain.xyz/dkim.private.rsa.key 
    chmod 640 /opt/tinycp/domains/your-domain.xyz/dkim.private.rsa.key 
    chown Debian-exim:Debian-exim /opt/tinycp/domains/your-domain.xyz 
    chmod 750 /opt/tinycp/domains/your-domain.xyz

    It took 2 days to find out ;-)

    Join our Discord server
    Write a reply Edit a reply