On Sat, 2014-10-11 at 19:47 +0100, Jeremy Harris wrote:
> On 11/10/14 17:18, Mark Elkins wrote:
> > dkim_private_key = /etc/exim/dkim.private.key
> >
> > I think an error message of "dkim_private_key not found - please specify
> > the full pathname" would have been more helpful than "signing fai
On 11/10/14 17:18, Mark Elkins wrote:
> dkim_private_key = /etc/exim/dkim.private.key
>
> I think an error message of "dkim_private_key not found - please specify
> the full pathname" would have been more helpful than "signing failed".
As the docs say:
http://www.exim.org/exim-html-current/doc
You are right. I guess I homed in on mikepultz.com as it seemed the more
generic (or less Debian).
I have send a posting on mikepultz.com asking if they could make the
examples a little more clear.
My point remains - the ambiguity of the error message. Other errors -
like when I made the file unre
On Sat, 2014-10-11 at 18:18 +0200, Mark Elkins wrote:
> I followed various guides on DKIM and Exim..
>
> http://www.iodigitalsec.com/exim-dkim-and-debian-configuration/
> http://www.systemajik.com/blog/implementing-dkim-with-exim/
> http://mikepultz.com/2010/02/using-dkim-in-exim/
[...]
> On furth
I followed various guides on DKIM and Exim..
http://www.iodigitalsec.com/exim-dkim-and-debian-configuration/
http://www.systemajik.com/blog/implementing-dkim-with-exim/
http://mikepultz.com/2010/02/using-dkim-in-exim/
Kept getting: DKIM: signing failed (RC -101)
The cause (or final fix) was to
(I meant 400, sorry)
On Aug 26, 2012 1:07 PM, "Ramana Kumar" wrote:
> Using genrsa appears to have fixed the problem. Thanks. The permissions on
> the key file were (and remain) 600 exim:exim.
> On Aug 26, 2012 12:01 PM, "Graeme Fowler" wrote:
>
>> On Fri, 2012-08-24 at 20:55 +0100, Ramana Kumar
Oh sorry you asked about the permissions on the directory. I think they are
755 root:root.
On Aug 26, 2012 1:07 PM, "Ramana Kumar" wrote:
> Using genrsa appears to have fixed the problem. Thanks. The permissions on
> the key file were (and remain) 600 exim:exim.
> On Aug 26, 2012 12:01 PM, "Graem
Using genrsa appears to have fixed the problem. Thanks. The permissions on
the key file were (and remain) 600 exim:exim.
On Aug 26, 2012 12:01 PM, "Graeme Fowler" wrote:
> On Fri, 2012-08-24 at 20:55 +0100, Ramana Kumar wrote:
> > But I guess I should just try using genrsa and see if that fixes t
On Fri, 2012-08-24 at 20:55 +0100, Ramana Kumar wrote:
> But I guess I should just try using genrsa and see if that fixes the
> problem... I'll write back if it doesn't.
You still haven't mentioned if you checked the directory permissions on
the directory containing the key. If the Exim runtime us
I remember something like this happening when I first tried to begin DKIM
signing years ago. I got an obscure numbered error too, although I'm not
sure if it was "-101".
Anyhow, the problem turned out that I was trying to reuse a Yahoo
DomainKeys key that I had already published in DNS. Since th
The argument -algorithm RSA makes it use RSA (not DSA). The openssl man
page says genrsa is superceded by genpkey.
But I guess I should just try using genrsa and see if that fixes the
problem... I'll write back if it doesn't.
On Fri, Aug 24, 2012 at 8:48 PM, Tom Kistner wrote:
> genpkey seems t
genpkey seems to be a generic function. I've never used that. Use -genrsa
instead to force rsa. Maybe your openssl defaults to DSA for genpkey.
2012/8/24 Ramana Kumar
> Sorry, I should have posted this earlier.
> This is the command I used to generate the private key:
>
> openssl genpkey -algori
Sorry, I should have posted this earlier.
This is the command I used to generate the private key:
openssl genpkey -algorithm RSA -out dkim.private.key
So, no, I didn't use -des3 or -nodes, and I don't think my private key is
encrypted.
But maybe exim doesn't like the output of genpkey?
On Fri, A
The line you posted shows how you extracted the public portion from the
private key.
Maybe your private key is encrypted.
When you generated the private key, was -des3 or -nodes specified on the
commandline, and did openssl ask you for a passphrase?
2012/8/22 Ramana Kumar
> But what could be w
But what could be wrong?
I generated it like this:
openssl rsa -in dkim.private.key -pubout -out dkim.public.key
As I understand it the problem is not with whether the public and private
keys match, but with the private key itself. Does openssl (as above) not
generate them in a format exim can re
On Wed, 2012-08-22 at 18:00 +0200, Wolfgang Breyha wrote:
> So, yes, there is something wrong with your private key.
Most likely the permissions on the containing directory preclude the
exim runtime user from reading the key.
Graeme
--
## List details at https://lists.exim.org/mailman/listinfo
Ramana Kumar wrote, on 22.08.2012 10:23:
> What does RC -101mean? I think it means Exim couldn't read my private key
> or something is wrong with my private key.
Reading the source says
#define PDKIM_ERR_RSA_PRIVKEY -101
returned by:
/* Perform private key operation */
if (rsa_pa
Dear Exim Users,
I have the following setup in exim.conf:
remote_smtp:
driver = smtp
dkim_domain = xrchz.net
dkim_selector = exim
dkim_private_key = /etc/ssl/private/dkim.private.key
ramana@xrchz ~ % ls -lh /etc/ssl/private
total 4.0K
-r 1 exim exim 916 Aug 21 14:10 dkim.private.
18 matches
Mail list logo