Blog of Raivo Laanemets

OpenDKIM: solving "d2i_PrivateKey_bio failed" error

On

OpenDKIM outputs the following error for some configurations:

dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed

One of such configurations can be created by following a guide at here. This was the first guide I followed when implementing DKIM for infdot.com domain on Debian Wheezy.

Googling shows that lots of people have the same issue (they all tried to use the same guide?) with nobody having exact solution (file permissions etc. can be screwed up too). The reason why it does not work lies in the /etc/opendkim.conf file entry:

KeyFile /etc/mail/dkim.key

Comes out that OpenDKIM version 2 expects the actual key to be here, not some key mapping file (there are other configuration entries for that). I did some crazy strace magic before discovering it. You can find the generated key in /etc/mail/dkim-keys/$MYDOMAIN (following the guide until that step). Part of the problem is also in crappy error reporting in OpenDKIP (you need a fucking patch to access the actual OpenSSL key read error).

This remains me again an occurring rule in development (observed through many projects in the last decade):

Everything related to security and crypto must be fucking confusing and obscure, otherwise it's not serious enough.

Anyway, a much better guide for OpenDKIP on Debian seems to be this one.


Comments

Ben at 2018-06-23
Thanks this totally helped me out. Spent half a day trying to figure out that bloody error. I love sysadmin. No doubt if I'd been reading the opendkim mailing list since the day it came out I would have heard about how they changed the meaning of the config file... How stupid of me.

Email is not displayed anywhere.
URLs (max 3) starting with http:// or https:// can be used. Use @Name to mention someone.