On Wed, 29 May 2019 at 05:11, <li...@sbt.net.au> wrote: > i'm trying to setup DKIM & DMARC, set it few days ago, it seemed to be > working ok(?), well, I did'nt notice errors > > noticed today multiple "Permission denied" errors since last night, across > multiple domains > > grep " Permission denied" /var/log/maillog | wc > 1943 19430 200491 > > May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9: > /var/run/opendmarc.dat: fopen(): Permission denied > > # grep AAADD4E821C9 /var/log/maillog > May 29 13:41:41 geko postfix/smtpd[30596]: AAADD4E821C9: > client=mail01.hello.zendesk.com[142.0.163.127] > May 29 13:41:42 geko postfix/cleanup[30785]: AAADD4E821C9: > message-id=<32f4e19952284dd89d4be9c71563d796@2136619493> > May 29 13:41:42 geko opendmarc[27677]: AAADD4E821C9: SPF(mailfrom): > bounceb...@hello.zendesk.com pass > May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9: zendesk.com pass > May 29 13:41:43 geko opendmarc[27677]: AAADD4E821C9: > /var/run/opendmarc.dat: fopen(): Permission denied > May 29 13:41:43 geko postfix/cleanup[30785]: AAADD4E821C9: milter-reject: > END-OF-MESSAGE from mail01.hello.zendesk.com[142.0.163.127]: 4.7.1 Service > unavailable - try again later; from=<bounceb...@hello.zendesk.com> > to=<a...@aaaa.com> proto=ESMTP helo=<mail01.hello.zendesk.com> > > > and, I don't have any such: > > # ls /var/run/open* > /var/run/opendkim: > opendkim.pid > > /var/run/opendmarc: > opendmarc.pid > > in conf i have it as: > > # grep opendmarc.dat opendmarc.conf > # HistoryFile /var/spool/opendmarc/opendmarc.dat > HistoryFile /var/run/opendmarc.dat > > (the write up I was using suggested "/var/run/opendmarc.dat" > > > do I need to... re-create opendmarc.dat ..? > should it go in conf default path /var/spool/opendmarc ? > > what did I screw up this time ? > > meantime, removed dmarc from postfix main.cf
I think you need to use a suitable UMask setting in /etc/opendmarc.conf e.g. 0002 - see UMask in man opendmarc.conf. And I don't think /var/run is a logical place to put the history file. /var/log maybe?
