Amavisd-new behaviour

I am currently migrating my Debian based webserver to EndeavourOS. It is a server with web and mail capabilities - and I am stepping forward with success. Better doing bigger migration work once than doing a massive system upgrade at each Debian version jump… I am using dkim with amavisd-new. I have got an issue which is not only targeted to Arch but to other distros, too (I have seen in the web) - but no solution…

Private keys for dkim are owned by root with permissions 600 (due to security reasons). Amavis is running as user “amavis”. That is identical to Debian. Running Debian eveything is working fine, running Arch throws an error (cannot read private key dkim_a1w). I only got it working if I change ownership of private keys to amavis:amavis. It would be much secure private keys only can accessed as root - so this solution is not the preferred one. But I do not want to run amavis as root - this solution is not the preferred one, too. Debian shows it can work. Is it a configuration fault or is it a bug?

Best regards