DEV Community

nabbisen
nabbisen

Posted on • Updated on • Originally published at obsd.solutions

OpenSMTPD: How to debug - OpenBSD's smtpd failed to start

#opensmtpd #mailserver #debug #letsencrypt

This post is about:

# smtpd -dv -Tlookup
Enter fullscreen mode Exit fullscreen mode

I wrote about how to debug rcctl and find why an error occurs in OpenBSD last year:

rcctl: How to debug on OpenBSD 6.4

The -d option is still useful to me as well.
But it's sometimes insufficient.

I have managed my mail server using OpenSMTPD.
On the day when several months had passed since then, smtpd daemon in my mail server began to fail:

# rcctl restart smtpd
smtpd(failed)
Enter fullscreen mode Exit fullscreen mode

It was when I did some operations which seemed to indifferent from smtpd.
I checked smtpd.conf but nothing was cleared.
But I thought it was time not to judge a book by its cover.
So I debugged rcctl:

# rcctl -d restart smtpd
Enter fullscreen mode Exit fullscreen mode

The result was:

doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing rc_check
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing _rc_parse_conf /var/run/rc.d/smtpd
doing _rc_quirks
doing rc_check
smtpd
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_rm_runfile
(failed)
Enter fullscreen mode Exit fullscreen mode

Is there any information important?
I couldn't find any.

Well, where there's a will, there's a way.
There is smtpd.8 which provides the way!

# smtpd -dv -Tlookup
Enter fullscreen mode Exit fullscreen mode

The result was:

debug: init ssl-tree
info: loading pki information for mail.mana.casa
debug: init ca-tree
debug: init ssl-tree
info: loading pki keys for mail.mana.casa
warn:  /etc/letsencrypt/live/mail.harvest.mana.casa/privkey.pem: insecure permissions: must be at most rwxr----- 
smtpd: load_pki_keys: failed to load key file
Enter fullscreen mode Exit fullscreen mode

I found the reason in the last 2 lines:

permissions: must be at most rwxr-----
smtpd: load_pki_keys: failed to load key file

The permissions of the key file were wrong, because they were changed accidentally to insecure rwxr-xr-x (755) when I ran certbot renew!
This GitHub issue was helpful.

I changed the permissions:

# chmod go-x <my-key>
# chmod go-r <my-key>
Enter fullscreen mode Exit fullscreen mode

Then I got a good output 🙂

# rcctl restart smtpd
smtpd(ok)
Enter fullscreen mode Exit fullscreen mode

Thank you for your reading.
Happy computing.

Top comments (0)

Read next

nicooprat profile image

Restricting some syntax with ESLint

Nico Prat -

klappradla profile image

Meet Tickety-Tick

Max -

jeffersonnnn profile image

Solving Inheritance Compatibility Issues Between LayerZero's NonblockingLzApp and OpenZeppelin's Ownable

Jefferson -

okoye_ndidiamaka_5e3b7d30 profile image

Improve Your Developer Blog Traffic Using SEO Strategies That Work

Okoye Ndidiamaka -