[exim] Tainted filename for DKIM

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Franz-Werner Gergen
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Tainted filename for DKIM
Hello,

I've upgraded some servers from exim 4.92.3 to 4.94. For my DKIM 
transport configuration
signed_delivery:
   driver = smtp
   dkim_domain        = ${lc:${sender_address_domain}}
   dkim_selector      = ${lookup dnsdb{>: 
defer_never,txt=cur._domainkey.${sender_address_domain}}}
   dkim_private_key   = ${if 
exists{/usr/local/dkim/${dkim_domain}.${dkim_selector}.priv.pem}{/usr/local/dkim/${dkim_domain}.${dkim_selector}.priv.pem}{false}}
   dkim_sign_headers  = 
From:Message-Id:Subject:To:Date:MIME-Version:Content-Type
   dkim_strict        = 0
   debug_print        = "T: sign_delivery from <$sender_address> for 
<$local_part@$domain>, selector $dkim_selector"
   data_timeout = 30m
   final_timeout = 30m
   tls_certificate=/etc/ssl/owncerts/pegasus-chain.pem
   tls_privatekey=/etc/ssl/owncerts/pegasus-key.pem
   tls_verify_certificates=/etc/ssl/certs


were panic messages generated
Tainted filename '/usr/local/dkim/is.mpg.de.20190121.priv.pem'
unable to open file for reading: /usr/local/dkim/is.mpg.de.20190121.priv.pem
and the DKIM signature was not generated. The
/usr/local/dkim/is.mpg.de.20190121.*.pem files are a 2048 bit RSA key
and can be read by the group mail. The dkim_domain and dkim_selector
should be used for dkim_private_key as described in the actual exim
documentation.

Any suggestions?

Thanks,
Franz
-- 
Franz-Werner Gergen
Max-Planck-Institut fuer Intelligente Systeme, IT Gruppe
Heisenbergstr. 3    70569 Stuttgart
Tel: 0711-689-1861  Fax: 0711-689-1088  Email: gergen@???