[exim] exam can't read my private key file

Top Page
Delete this message
Reply to this message
Author: Iain Houston
Date:  
To: exim-users
Subject: [exim] exam can't read my private key file
Hi,

I looked in the FAQs and Googled the problem I'm having - without avail.
I'd be very grateful for any help in resolving it.

Best regards - Iain Houston.

Problem:

exim reports: 1SBE1H-0000FZ-4l unable to open private key file for reading: /etc/ssl/private/dkim.private.key

yet I believe the file is readable, and other files in that directory are being used by Apache.

I am failing to get my emails DKIM-signed afer having moved from sendmail to exim.

My setup is as follows:

Using: Exim version 4.76 #1 built 30-May-2011 22:10:00 on Ubuntu 11.10 (GNU/Linux 2.6.32-32-server x86_64)

I generated the private key as follows:
openssl genrsa -out dkim.private.key 1024

During testing everyone can read the key file and Debian-exim is a member of ssl-cert - for what it's worth

/etc/ssl/private is:
...
-rw-r--r-- 1 Debian-exim ssl-cert 887 2012-03-23 23:19 dkim.private.key
-rw-r--r-- 1 Debian-exim ssl-cert 272 2012-03-23 23:19 dkim.public.key
...

/etc/exim4/exim4.conf.localmacros is:
DKIM_DOMAIN = jazz2.eu
DKIM_SELECTOR = x
DKIM_PRIVATE_KEY = /etc/ssl/private/dkim.private.key
DKIM_CANON = relaxed

newline characters are immediately after the text on each line ... I was suspecting a macro parsing error after I noticed exim not recognising the last line until I added a null last line

update-exim4.conf picks these macros up OK and generates a /var/lib/exim4/config.autogenerated with the macros embedded

however, emails sent after restarting exim report that the private key file cannot be read