Bug#968234: sendmail starttls moans about unsafe key "Permission denied"

To: submit@bugs.debian.org
Subject: Bug#968234: sendmail starttls moans about unsafe key "Permission denied"
From: Harald Dunkel <harald.dunkel@aixigo.com>
Date: Tue, 11 Aug 2020 14:06:31 +0200
Message-id: <[🔎] 7d2a33c1-0126-04cb-98a9-69918e7ccbc5@aixigo.com>
Reply-to: Harald Dunkel <harald.dunkel@aixigo.com>, 968234@bugs.debian.org

Package: sendmail
Version: 8.15.2-14~deb10u1

sendmail complains about an unsafe key file during starttls:

# grep STARTTLS=client /var/log/mail.log | grep Permission
Aug 11 13:10:33 srvvm01 sendmail[51615]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:10:34 srvvm01 sendmail[51642]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:17:55 srvvm01 sendmail[53046]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:18:40 srvvm01 sendmail[53236]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:20:01 srvvm01 sm-msp-queue[53595]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:27:26 srvvm01 sendmail[54902]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:27:26 srvvm01 sendmail[54912]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:31:45 srvvm01 sendmail[56332]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:34:23 srvvm01 sendmail[57094]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:40:01 srvvm01 sm-msp-queue[58067]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 13:57:45 srvvm01 sendmail[60870]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 14:00:01 srvvm01 sendmail[61323]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied
Aug 11 14:00:01 srvvm01 sm-msp-queue[61339]: STARTTLS=client: file /etc/mail/private/mailhost.key.pem unsafe: Permission denied

The access bits appear to be fine, though:

# ls -ald / /etc /etc/mail /etc/mail/private /etc/mail/private/mailhost.key.pem
drwxr-xr-x  29 root  root   4096 Aug 11 09:10 /
drwxr-xr-x 124 root  root  12288 Aug 11 12:50 /etc
drwxr-sr-x  10 smmta smmsp  4096 Aug 11 12:52 /etc/mail
drwx------   2 root  smmsp  4096 Aug 11 12:44 /etc/mail/private
-r--------   1 root  smmsp  1679 Jul  7 11:10 /etc/mail/private/mailhost.key.pem


Regards
Harri

Reply to:

Follow-Ups:
- Bug#968234: sendmail starttls moans about unsafe key "Permission denied"
  - From: Michael Grant <mgrant@grant.org>

Prev by Date: ots_0.5.0-5_amd64.changes ACCEPTED into experimental, experimental
Next by Date: Bug#968234: sendmail starttls moans about unsafe key "Permission denied"
Previous by thread: ots_0.5.0-5_amd64.changes ACCEPTED into experimental, experimental
Next by thread: Bug#968234: sendmail starttls moans about unsafe key "Permission denied"
Index(es):
- Date
- Thread