This post is about:
# smtpd -dv -Tlookup
I wrote about how to debug rcctl
and find why an error occurs in OpenBSD last year:
rcctl: How to debug on OpenBSD 6.4
The -d
option is still useful to me as well.
But it’s sometimes insufficient.
I have managed my mail server using OpenSMTPD.
On the day when several months had passed since then, smtpd
daemon in my mail server began to fail:
# rcctl restart smtpd
smtpd(failed)
It was when I did some operations which seemed to indifferent from smtpd
.
I checked smtpd.conf
but nothing was cleared.
But I thought it was time not to judge a book by its cover.
So I debugged rcctl
:
# rcctl -d restart smtpd
The result was:
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing rc_check
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing rc_check
smtpd
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_rm_runfile
(failed)
Is there any information important? I couldn’t find any.
Well, where there’s a will, there’s a way.
There is smtpd.8
which provides the way!
# smtpd -dv -Tlookup
The result was:
debug: init ssl-tree
info: loading pki information for mail.mana.casa
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.mana.casa
warn: /etc/letsencrypt/live/mail.harvest.mana.casa/privkey.pem: insecure permissions: must be at most rwxr-----
smtpd: load_pki_keys: failed to load key file
I found the reason in the last 2 lines:
permissions: must be at most rwxr—– smtpd: load_pki_keys: failed to load key file
The permissions of the key file were wrong, because they were changed accidentally to insecure rwxr-xr-x
(755) when I ran certbot renew
!
This GitHub issue was helpful.
I changed the permissions:
# chmod go-x <my-key>
# chmod go-r <my-key>
Then I got a good output 🙂
# rcctl restart smtpd
smtpd(ok)
Thank you for your reading. Happy computing.