Date: Sunday, October 11, 2020 @ 16:41:18
Author: freswa
Revision: 723497
archrelease: copy trunk to community-x86_64
Added:
opendmarc/repos/community-x86_64/CVE-2020-12460.patch
(from rev 723496, opendmarc/trunk/CVE-2020-12460.patch)
opendmarc/repos/community-x86_64/PKGBUILD
(from rev 723496, opendmarc/trunk/PKGBUILD)
opendmarc/repos/community-x86_64/opendmarc.conf
(from rev 723496, opendmarc/trunk/opendmarc.conf)
opendmarc/repos/community-x86_64/opendmarc.service
(from rev 723496, opendmarc/trunk/opendmarc.service)
opendmarc/repos/community-x86_64/opendmarc.sysusers
(from rev 723496, opendmarc/trunk/opendmarc.sysusers)
Deleted:
opendmarc/repos/community-x86_64/PKGBUILD
opendmarc/repos/community-x86_64/opendmarc.conf
opendmarc/repos/community-x86_64/opendmarc.service
opendmarc/repos/community-x86_64/opendmarc.sysusers
----------------------+
CVE-2020-12460.patch | 41 ++
PKGBUILD | 141 ++++-----
opendmarc.conf | 740 ++++++++++++++++++++++++-------------------------
opendmarc.service | 26 -
opendmarc.sysusers | 4
5 files changed, 498 insertions(+), 454 deletions(-)
Copied: opendmarc/repos/community-x86_64/CVE-2020-12460.patch (from rev 723496,
opendmarc/trunk/CVE-2020-12460.patch)
===================================================================
--- CVE-2020-12460.patch (rev 0)
+++ CVE-2020-12460.patch 2020-10-11 16:41:18 UTC (rev 723497)
@@ -0,0 +1,41 @@
+From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001
+From: "Murray S. Kucherawy" <m...@blackops.org>
+Date: Wed, 5 Aug 2020 21:56:01 +0000
+Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the
+ buffer passed to opendmarc_xml().
+
+---
+ libopendmarc/opendmarc_xml.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c
+index 26bb9dc..b3ac55a 100644
+--- a/libopendmarc/opendmarc_xml.c
++++ b/libopendmarc/opendmarc_xml.c
+@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen)
+ if (*cp != '<')
+ continue;
+ ++cp;
+- for(sp = cp; *sp != '\0'; ++sp)
++ for (sp = cp; *sp != '\0'; ++sp)
+ {
+ if (*sp == '?')
+ break;
+@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t
err_len)
+ if (fname == NULL)
+ {
+ xerror = errno;
+- (void) snprintf(err_buf, err_len, "%s: %s", fname, "File name
was NULL");
++ (void) snprintf(err_buf, err_len, "%s", "File name was NULL");
+ errno = EINVAL;
+ return NULL;
+ }
+@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t
err_len)
+ return NULL;
+ }
+
+- bufp = calloc(statb.st_size, 1);
++ bufp = calloc(statb.st_size + 1, 1);
+ if (bufp == NULL)
+ {
+ xerror = errno;
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-10-11 16:41:15 UTC (rev 723496)
+++ PKGBUILD 2020-10-11 16:41:18 UTC (rev 723497)
@@ -1,69 +0,0 @@
-# Maintainer: Thore Bödecker <fox...@archlinux.org>
-# Contributor: Sergej Pupykin <arch+...@sergej.pp.ru>
-# Contributor: Arthur Țițeică arthur.titeica/gmail/com
-# Contributor: Hao Zhang <theivorytower [at] gmail [dot] com>
-
-pkgname=opendmarc
-pkgver=1.3.3
-pkgrel=1
-pkgdesc="Free open source software implementation of the DMARC specification"
-arch=('x86_64')
-url="https://github.com/trusteddomainproject/OpenDMARC";
-license=('custom')
-depends=('smtp-server' 'libspf2' 'libbsd' 'libidn')
-makedepends=('libmilter')
-optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL
backend of choice'
- 'python: run opendmarc scripts at /usr/share/doc/opendmarc'
- 'perl: run opendmarc scripts at /usr/share/doc/opendmarc'
- 'perl-switch: generate DMARC reports'
- 'perl-dbd-mysql: generate DMARC reports'
- 'perl-libwww: generate DMARC reports')
-backup=('etc/opendmarc/opendmarc.conf')
-source=("https://github.com/trusteddomainproject/OpenDMARC/archive/rel-opendmarc-${pkgver//./-}.tar.gz";
- 'opendmarc.service'
- 'opendmarc.conf'
- 'opendmarc.sysusers')
-sha512sums=('bb4bf8e3ad2d1732b07e55316819d4fd708e529b54a336d7d00763e13bfc62580bb1b30f132fa786dbca15e526e8dd5e146c7be454e1c42714a9f57126fc5e12'
-
'738de0cd286dd30713f32034f9ecf9009b6f64038c573c9f8aedaf10df8293bb9eec9d19492a03a2ebf2d2960289bdf48be9b1eb25395dbe9a490f7e3b25cb34'
-
'2753ad4477b499947ca07bb385ad0e10f327efa61a9059884091ead8e8e2bd65793436053d5a9c734e4c0676b7823982083ea7b35fae967eeacaeafb6226ff20'
-
'fbd5e81ded35281e3a63b4858a368033fa27696dee22a5dcf52e3e04b0762476e1ffa6edb489cf76612f3b4ffaee0fce586ab97d1da9805a089bbaf3487c907b')
-
-prepare() {
- cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
-# sed -i '' configure.ac
- mkdir docs
- touch docs/Makefile.in
-}
-
-build() {
- cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
-# export LDFLAGS="${LDFLAGS//,--as-needed}"
- test -x configure || autoreconf -v -i
- ./configure --prefix=/usr \
- --bindir=/usr/bin \
- --sbindir=/usr/bin \
- --sysconfdir="/etc/${pkgname}" \
- --with-spf \
- --with-spf2-include=/usr/include/spf2 \
- --with-spf2-lib=/usr/lib/
- make
-}
-
-check() {
- cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
- make -k check
-}
-
-package() {
- cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
- make DESTDIR="${pkgdir}/" install
- # config
- install -D -m640 -o 335 -g 12 "${srcdir}/opendmarc.conf"
"${pkgdir}/etc/${pkgname}/opendmarc.conf"
- # License
- install -D -m644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
- rm "${pkgdir}/usr/share/doc/${pkgname}/LICENSE"
- # systemd service
- install -D -m644 "${srcdir}/${pkgname}.service"
"${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
- # sysusers.d snippet
- install -D -m644 "${srcdir}/${pkgname}.sysusers"
"${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
-}
Copied: opendmarc/repos/community-x86_64/PKGBUILD (from rev 723496,
opendmarc/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-10-11 16:41:18 UTC (rev 723497)
@@ -0,0 +1,72 @@
+# Maintainer: Thore Bödecker <fox...@archlinux.org>
+# Contributor: Sergej Pupykin <arch+...@sergej.pp.ru>
+# Contributor: Arthur Țițeică arthur.titeica/gmail/com
+# Contributor: Hao Zhang <theivorytower [at] gmail [dot] com>
+
+pkgname=opendmarc
+pkgver=1.3.3
+pkgrel=2
+pkgdesc="Free open source software implementation of the DMARC specification"
+arch=('x86_64')
+url="https://github.com/trusteddomainproject/OpenDMARC";
+license=('custom')
+depends=('smtp-server' 'libspf2' 'libbsd' 'libidn')
+makedepends=('libmilter')
+optdepends=('opendbx: acts as a middleware layer between OpenDMARC and a SQL
backend of choice'
+ 'python: run opendmarc scripts at /usr/share/doc/opendmarc'
+ 'perl: run opendmarc scripts at /usr/share/doc/opendmarc'
+ 'perl-switch: generate DMARC reports'
+ 'perl-dbd-mysql: generate DMARC reports'
+ 'perl-libwww: generate DMARC reports')
+backup=('etc/opendmarc/opendmarc.conf')
+source=("https://github.com/trusteddomainproject/OpenDMARC/archive/rel-opendmarc-${pkgver//./-}.tar.gz";
+ 'CVE-2020-12460.patch'
+ 'opendmarc.service'
+ 'opendmarc.conf'
+ 'opendmarc.sysusers')
+sha512sums=('bb4bf8e3ad2d1732b07e55316819d4fd708e529b54a336d7d00763e13bfc62580bb1b30f132fa786dbca15e526e8dd5e146c7be454e1c42714a9f57126fc5e12'
+
'98582c2b0a08d77b27856331f28214b7b5fa3972c572189ed21963030e98858285a5a69851f173d08380bf409d985980e7c61de5d571af11062f0d394fc8b5f5'
+
'738de0cd286dd30713f32034f9ecf9009b6f64038c573c9f8aedaf10df8293bb9eec9d19492a03a2ebf2d2960289bdf48be9b1eb25395dbe9a490f7e3b25cb34'
+
'2753ad4477b499947ca07bb385ad0e10f327efa61a9059884091ead8e8e2bd65793436053d5a9c734e4c0676b7823982083ea7b35fae967eeacaeafb6226ff20'
+
'fbd5e81ded35281e3a63b4858a368033fa27696dee22a5dcf52e3e04b0762476e1ffa6edb489cf76612f3b4ffaee0fce586ab97d1da9805a089bbaf3487c907b')
+
+prepare() {
+ cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
+# sed -i '' configure.ac
+ mkdir docs
+ touch docs/Makefile.in
+ patch -Np1 < "${srcdir}"/CVE-2020-12460.patch
+}
+
+build() {
+ cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
+# export LDFLAGS="${LDFLAGS//,--as-needed}"
+ test -x configure || autoreconf -v -i
+ ./configure --prefix=/usr \
+ --bindir=/usr/bin \
+ --sbindir=/usr/bin \
+ --sysconfdir="/etc/${pkgname}" \
+ --with-spf \
+ --with-spf2-include=/usr/include/spf2 \
+ --with-spf2-lib=/usr/lib/
+ make
+}
+
+check() {
+ cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
+ make -k check
+}
+
+package() {
+ cd "${srcdir}/OpenDMARC-rel-opendmarc-${pkgver//./-}"
+ make DESTDIR="${pkgdir}/" install
+ # config
+ install -D -m640 -o 335 -g 12 "${srcdir}/opendmarc.conf"
"${pkgdir}/etc/${pkgname}/opendmarc.conf"
+ # License
+ install -D -m644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+ rm "${pkgdir}/usr/share/doc/${pkgname}/LICENSE"
+ # systemd service
+ install -D -m644 "${srcdir}/${pkgname}.service"
"${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+ # sysusers.d snippet
+ install -D -m644 "${srcdir}/${pkgname}.sysusers"
"${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+}
Deleted: opendmarc.conf
===================================================================
--- opendmarc.conf 2020-10-11 16:41:15 UTC (rev 723496)
+++ opendmarc.conf 2020-10-11 16:41:18 UTC (rev 723497)
@@ -1,370 +0,0 @@
-## opendmarc.conf -- configuration file for OpenDMARC filter
-##
-## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved.
-
-## DEPRECATED CONFIGURATION OPTIONS
-##
-## The following configuration options are no longer valid. They should be
-## removed from your existing configuration file to prevent potential issues.
-## Failure to do so may result in opendmarc being unable to start.
-##
-## Renamed in 1.3.0:
-## ForensicReports became FailureReports
-## ForensicReportsBcc became FailureReportsBcc
-## ForensicReportsOnNone became FailureReportsOnNone
-## ForensicReportsSentBy became FailureReportsSentBy
-
-## CONFIGURATION OPTIONS
-
-## AuthservID (string)
-## defaults to MTA name
-##
-## Sets the "authserv-id" to use when generating the Authentication-Results:
-## header field after verifying a message. If the string "HOSTNAME" is
-## provided, the name of the host running the filter (as returned by the
-## gethostname(3) function) will be used.
-#
-# AuthservID name
-AuthservID HOSTNAME
-
-## AuthservIDWithJobID { true | false }
-## default "false"
-##
-## If "true", requests that the authserv-id portion of the added
-## Authentication-Results header fields contain the job ID of the message
-## being evaluated.
-#
-# AuthservIDWithJobID false
-
-## AutoRestart { true | false }
-## default "false"
-##
-## Automatically re-start on failures. Use with caution; if the filter fails
-## instantly after it starts, this can cause a tight fork(2) loop.
-#
-# AutoRestart false
-
-## AutoRestartCount n
-## default 0
-##
-## Sets the maximum automatic restart count. After this number of automatic
-## restarts, the filter will give up and terminate. A value of 0 implies no
-## limit.
-#
-# AutoRestartCount 0
-
-## AutoRestartRate n/t[u]
-## default (no limit)
-##
-## Sets the maximum automatic restart rate. If the filter begins restarting
-## faster than the rate defined here, it will give up and terminate. This
-## is a string of the form n/t[u] where n is an integer limiting the count
-## of restarts in the given interval and t[u] defines the time interval
-## through which the rate is calculated; t is an integer and u defines the
-## units thus represented ("s" or "S" for seconds, the default; "m" or "M"
-## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a
-## value of "10/1h" limits the restarts to 10 in one hour. There is no
-## default, meaning restart rate is not limited.
-#
-# AutoRestartRate n/t[u]
-
-## Background { true | false }
-## default "true"
-##
-## Causes opendmarc to fork and exits immediately, leaving the service
-## running in the background.
-#
-# Background true
-
-## BaseDirectory (string)
-## default (none)
-##
-## If set, instructs the filter to change to the specified directory using
-## chdir(2) before doing anything else. This means any files referenced
-## elsewhere in the configuration file can be specified relative to this
-## directory. It's also useful for arranging that any crash dumps will be
-## saved to a specific location.
-#
-# BaseDirectory /var/run/opendmarc
-
-## ChangeRootDirectory (string)
-## default (none)
-##
-## Requests that the operating system change the effective root directory of
-## the process to the one specified here prior to beginning execution.
-## chroot(2) requires superuser access. A warning will be generated if
-## UserID is not also set.
-#
-# ChangeRootDirectory /var/chroot/opendmarc
-
-## CopyFailuresTo (string)
-## default (none)
-##
-## Requests addition of the specified email address to the envelope of
-## any message that fails the DMARC evaluation.
-#
-# CopyFailuresTo postmaster@localhost
-
-## DNSTimeout (integer)
-## default 5
-##
-## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait.
-## (NOT YET IMPLEMENTED)
-#
-# DNSTimeout 5
-
-## EnableCoredumps { true | false }
-## default "false"
-##
-## On systems that have such support, make an explicit request to the kernel
-## to dump cores when the filter crashes for some reason. Some modern UNIX
-## systems suppress core dumps during crashes for security reasons if the
-## user ID has changed during the lifetime of the process. Currently only
-## supported on Linux.
-#
-# EnableCoreDumps false
-
-## FailureReports { true | false }
-## default "false"
-##
-## Enables generation of failure reports when the DMARC test fails and the
-## purported sender of the message has requested such reports. Reports are
-## formatted per RFC6591.
-#
-# FailureReports false
-
-## FailureReportsBcc (string)
-## default (none)
-##
-## When failure reports are enabled and one is to be generated, always
-## send one to the address(es) specified here. If a failure report is
-## requested by the domain owner, the address(es) are added in a Bcc: field.
-## If no request is made, they address(es) are used in a To: field. There
-## is no default.
-#
-# FailureReportsBcc postmas...@example.coom
-
-## FailureReportsOnNone { true | false }
-## default "false"
-##
-## Supplements the "FailureReports" setting by generating reports for
-## domains that advertise "none" policies. By default, reports are only
-## generated (when enabled) for sending domains advertising a "quarantine"
-## or "reject" policy.
-#
-# FailureReportsOnNone false
-
-## FailureReportsSentBy string
-## default "USER@HOSTNAME"
-##
-## Specifies the email address to use in the From: field of failure
-## reports generated by the filter. The default is to use the userid of
-## the user running the filter and the local hostname to construct an
-## email address. "postmaster" is used in place of the userid if a name
-## could not be determined.
-#
-# FailureReportsSentBy USER@HOSTNAME
-
-## HistoryFile path
-## default (none)
-##
-## If set, specifies the location of a text file to which records are written
-## that can be used to generate DMARC aggregate reports. Records are groups
-## of rows containing information about a single received message, and
-## include all relevant information needed to generate a DMARC aggregate
-## report. It is expected that this will not be used in its raw form, but
-## rather periodically imported into a relational database from which the
-## aggregate reports can be extracted by a tool such as opendmarc-import(8).
-#
-# HistoryFile /var/run/opendmarc.dat
-
-## IgnoreAuthenticatedClients { true | false }
-## default "false"
-##
-## If set, causes mail from authenticated clients (i.e., those that used
-## SMTP AUTH) to be ignored by the filter.
-#
-IgnoreAuthenticatedClients true
-
-## IgnoreHosts path
-## default (internal)
-##
-## Specifies the path to a file that contains a list of hostnames, IP
-## addresses, and/or CIDR expressions identifying hosts whose SMTP
-## connections are to be ignored by the filter. If not specified, defaults
-## to "127.0.0.1" only.
-#
-# IgnoreHosts /etc/opendmarc/ignore.hosts
-
-## IgnoreMailFrom domain[,...]
-## default (none)
-##
-## Gives a list of domain names whose mail (based on the From: domain) is to
-## be ignored by the filter. The list should be comma-separated. Matching
-## against this list is case-insensitive. The default is an empty list,
-## meaning no mail is ignored.
-#
-# IgnoreMailFrom example.com
-
-## MilterDebug (integer)
-## default 0
-##
-## Sets the debug level to be requested from the milter library.
-#
-# MilterDebug 0
-
-## PidFile path
-## default (none)
-##
-## Specifies the path to a file that should be created at process start
-## containing the process ID.
-#
-# PidFile /var/run/opendmarc.pid
-
-## PublicSuffixList path
-## default (none)
-##
-## Specifies the path to a file that contains top-level domains (TLDs) that
-## will be used to compute the Organizational Domain for a given domain name,
-## as described in the DMARC specification. If not provided, the filter will
-## not be able to determine the Organizational Domain and only the presented
-## domain will be evaluated.
-#
-# PublicSuffixList path
-
-## RecordAllMessages { true | false }
-## default "false"
-##
-## If set and "HistoryFile" is in use, all received messages are recorded
-## to the history file. If not set (the default), only messages for which
-## the From: domain published a DMARC record will be recorded in the
-## history file.
-#
-# RecordAllMessages false
-
-## RejectFailures { true | false }
-## default "false"
-##
-## If set, messages will be rejected if they fail the DMARC evaluation, or
-## temp-failed if evaluation could not be completed. By default, no message
-## will be rejected or temp-failed regardless of the outcome of the DMARC
-## evaluation of the message. Instead, an Authentication-Results header
-## field will be added.
-#
-# RejectFailures false
-
-## ReportCommand string
-## default "/usr/sbin/sendmail -t"
-##
-## Indicates the shell command to which failure reports should be passed for
-## delivery when "FailureReports" is enabled.
-#
-# ReportCommand /usr/sbin/sendmail -t
-
-## RequiredHeaders { true | false }
-## default "false"
-##
-## If set, the filter will ensure the header of the message conforms to the
-## basic header field count restrictions laid out in RFC5322, Section 3.6.
-## Messages failing this test are rejected without further processing. A
-## From: field from which no domain name could be extracted will also be
-## rejected.
-#
-# RequiredHeaders false
-
-## Socket socketspec
-## default (none)
-##
-## Specifies the socket that should be established by the filter to receive
-## connections from sendmail(8) in order to provide service. socketspec is
-## in one of two forms: local:path, which creates a UNIX domain socket at
-## the specified path, or inet:port[@host] or inet6:port[@host] which creates
-## a TCP socket on the specified port for the appropriate protocol family.
-## If the host is not given as either a hostname or an IP address, the
-## socket will be listening on all interfaces. This option is mandatory
-## either in the configuration file or on the command line. If an IP
-## address is used, it must be enclosed in square brackets.
-#
-# Socket inet:8893@localhost
-Socket unix:/var/spool/opendmarc/opendmarc.sock
-
-## SoftwareHeader { true | false }
-## default "false"
-##
-## Causes the filter to add a "DMARC-Filter" header field indicating the
-## presence of this filter in the path of the message from injection to
-## delivery. The product's name, version, and the job ID are included in
-## the header field's contents.
-#
-# SoftwareHeader false
-
-## SPFIgnoreResults { true | false }
-## default "false"
-##
-## Causes the filter to ignore any SPF results in the header of the
-## message. This is useful if you want the filter to perfrom SPF checks
-## itself, or because you don't trust the arriving header.
-#
-# SPFIgnoreResults false
-
-## SPFSelfValidate { true | false }
-## default false
-##
-## Enable internal spf checking with --with-spf
-## To use libspf2 instead: --with-spf --with-spf2-include=path
--with-spf2-lib=path
-##
-## Causes the filter to perform a fallback SPF check itself when
-## it can find no SPF results in the message header. If SPFIgnoreResults
-## is also set, it never looks for SPF results in headers and
-## always performs the SPF check itself when this is set.
-#
-SPFSelfValidate true
-
-## Syslog { true | false }
-## default "false"
-##
-## Log via calls to syslog(3) any interesting activity.
-#
-# Syslog false
-
-## SyslogFacility facility-name
-## default "mail"
-##
-## Log via calls to syslog(3) using the named facility. The facility names
-## are the same as the ones allowed in syslog.conf(5).
-#
-# SyslogFacility mail
-
-## TrustedAuthservIDs string
-## default HOSTNAME
-##
-## Specifies one or more "authserv-id" values to trust as relaying true
-## upstream DKIM and SPF results. The default is to use the name of
-## the MTA processing the message. To specify a list, separate each entry
-## with a comma. The key word "HOSTNAME" will be replaced by the name of
-## the host running the filter as reported by the gethostname(3) function.
-#
-# TrustedAuthservIDs HOSTNAME
-
-## UMask mask
-## default (none)
-##
-## Requests a specific permissions mask to be used for file creation. This
-## only really applies to creation of the socket when Socket specifies a
-## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
-## files are normally created by the mkstemp(3) function that enforces a
-## specific file mode on creation regardless of the process umask. See
-## umask(2) for more information.
-#
-# UMask 077
-UMask 002
-
-## UserID user[:group]
-## default (none)
-##
-## Attempts to become the specified userid before starting operations.
-## The process will be assigned all of the groups and primary group ID of
-## the named userid unless an alternate group is specified.
-#
-# UserID opendmarc
-# ATTENTION: user and group are enforced throug the systemd service file
Copied: opendmarc/repos/community-x86_64/opendmarc.conf (from rev 723496,
opendmarc/trunk/opendmarc.conf)
===================================================================
--- opendmarc.conf (rev 0)
+++ opendmarc.conf 2020-10-11 16:41:18 UTC (rev 723497)
@@ -0,0 +1,370 @@
+## opendmarc.conf -- configuration file for OpenDMARC filter
+##
+## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved.
+
+## DEPRECATED CONFIGURATION OPTIONS
+##
+## The following configuration options are no longer valid. They should be
+## removed from your existing configuration file to prevent potential issues.
+## Failure to do so may result in opendmarc being unable to start.
+##
+## Renamed in 1.3.0:
+## ForensicReports became FailureReports
+## ForensicReportsBcc became FailureReportsBcc
+## ForensicReportsOnNone became FailureReportsOnNone
+## ForensicReportsSentBy became FailureReportsSentBy
+
+## CONFIGURATION OPTIONS
+
+## AuthservID (string)
+## defaults to MTA name
+##
+## Sets the "authserv-id" to use when generating the Authentication-Results:
+## header field after verifying a message. If the string "HOSTNAME" is
+## provided, the name of the host running the filter (as returned by the
+## gethostname(3) function) will be used.
+#
+# AuthservID name
+AuthservID HOSTNAME
+
+## AuthservIDWithJobID { true | false }
+## default "false"
+##
+## If "true", requests that the authserv-id portion of the added
+## Authentication-Results header fields contain the job ID of the message
+## being evaluated.
+#
+# AuthservIDWithJobID false
+
+## AutoRestart { true | false }
+## default "false"
+##
+## Automatically re-start on failures. Use with caution; if the filter fails
+## instantly after it starts, this can cause a tight fork(2) loop.
+#
+# AutoRestart false
+
+## AutoRestartCount n
+## default 0
+##
+## Sets the maximum automatic restart count. After this number of automatic
+## restarts, the filter will give up and terminate. A value of 0 implies no
+## limit.
+#
+# AutoRestartCount 0
+
+## AutoRestartRate n/t[u]
+## default (no limit)
+##
+## Sets the maximum automatic restart rate. If the filter begins restarting
+## faster than the rate defined here, it will give up and terminate. This
+## is a string of the form n/t[u] where n is an integer limiting the count
+## of restarts in the given interval and t[u] defines the time interval
+## through which the rate is calculated; t is an integer and u defines the
+## units thus represented ("s" or "S" for seconds, the default; "m" or "M"
+## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a
+## value of "10/1h" limits the restarts to 10 in one hour. There is no
+## default, meaning restart rate is not limited.
+#
+# AutoRestartRate n/t[u]
+
+## Background { true | false }
+## default "true"
+##
+## Causes opendmarc to fork and exits immediately, leaving the service
+## running in the background.
+#
+# Background true
+
+## BaseDirectory (string)
+## default (none)
+##
+## If set, instructs the filter to change to the specified directory using
+## chdir(2) before doing anything else. This means any files referenced
+## elsewhere in the configuration file can be specified relative to this
+## directory. It's also useful for arranging that any crash dumps will be
+## saved to a specific location.
+#
+# BaseDirectory /var/run/opendmarc
+
+## ChangeRootDirectory (string)
+## default (none)
+##
+## Requests that the operating system change the effective root directory of
+## the process to the one specified here prior to beginning execution.
+## chroot(2) requires superuser access. A warning will be generated if
+## UserID is not also set.
+#
+# ChangeRootDirectory /var/chroot/opendmarc
+
+## CopyFailuresTo (string)
+## default (none)
+##
+## Requests addition of the specified email address to the envelope of
+## any message that fails the DMARC evaluation.
+#
+# CopyFailuresTo postmaster@localhost
+
+## DNSTimeout (integer)
+## default 5
+##
+## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait.
+## (NOT YET IMPLEMENTED)
+#
+# DNSTimeout 5
+
+## EnableCoredumps { true | false }
+## default "false"
+##
+## On systems that have such support, make an explicit request to the kernel
+## to dump cores when the filter crashes for some reason. Some modern UNIX
+## systems suppress core dumps during crashes for security reasons if the
+## user ID has changed during the lifetime of the process. Currently only
+## supported on Linux.
+#
+# EnableCoreDumps false
+
+## FailureReports { true | false }
+## default "false"
+##
+## Enables generation of failure reports when the DMARC test fails and the
+## purported sender of the message has requested such reports. Reports are
+## formatted per RFC6591.
+#
+# FailureReports false
+
+## FailureReportsBcc (string)
+## default (none)
+##
+## When failure reports are enabled and one is to be generated, always
+## send one to the address(es) specified here. If a failure report is
+## requested by the domain owner, the address(es) are added in a Bcc: field.
+## If no request is made, they address(es) are used in a To: field. There
+## is no default.
+#
+# FailureReportsBcc postmas...@example.coom
+
+## FailureReportsOnNone { true | false }
+## default "false"
+##
+## Supplements the "FailureReports" setting by generating reports for
+## domains that advertise "none" policies. By default, reports are only
+## generated (when enabled) for sending domains advertising a "quarantine"
+## or "reject" policy.
+#
+# FailureReportsOnNone false
+
+## FailureReportsSentBy string
+## default "USER@HOSTNAME"
+##
+## Specifies the email address to use in the From: field of failure
+## reports generated by the filter. The default is to use the userid of
+## the user running the filter and the local hostname to construct an
+## email address. "postmaster" is used in place of the userid if a name
+## could not be determined.
+#
+# FailureReportsSentBy USER@HOSTNAME
+
+## HistoryFile path
+## default (none)
+##
+## If set, specifies the location of a text file to which records are written
+## that can be used to generate DMARC aggregate reports. Records are groups
+## of rows containing information about a single received message, and
+## include all relevant information needed to generate a DMARC aggregate
+## report. It is expected that this will not be used in its raw form, but
+## rather periodically imported into a relational database from which the
+## aggregate reports can be extracted by a tool such as opendmarc-import(8).
+#
+# HistoryFile /var/run/opendmarc.dat
+
+## IgnoreAuthenticatedClients { true | false }
+## default "false"
+##
+## If set, causes mail from authenticated clients (i.e., those that used
+## SMTP AUTH) to be ignored by the filter.
+#
+IgnoreAuthenticatedClients true
+
+## IgnoreHosts path
+## default (internal)
+##
+## Specifies the path to a file that contains a list of hostnames, IP
+## addresses, and/or CIDR expressions identifying hosts whose SMTP
+## connections are to be ignored by the filter. If not specified, defaults
+## to "127.0.0.1" only.
+#
+# IgnoreHosts /etc/opendmarc/ignore.hosts
+
+## IgnoreMailFrom domain[,...]
+## default (none)
+##
+## Gives a list of domain names whose mail (based on the From: domain) is to
+## be ignored by the filter. The list should be comma-separated. Matching
+## against this list is case-insensitive. The default is an empty list,
+## meaning no mail is ignored.
+#
+# IgnoreMailFrom example.com
+
+## MilterDebug (integer)
+## default 0
+##
+## Sets the debug level to be requested from the milter library.
+#
+# MilterDebug 0
+
+## PidFile path
+## default (none)
+##
+## Specifies the path to a file that should be created at process start
+## containing the process ID.
+#
+# PidFile /var/run/opendmarc.pid
+
+## PublicSuffixList path
+## default (none)
+##
+## Specifies the path to a file that contains top-level domains (TLDs) that
+## will be used to compute the Organizational Domain for a given domain name,
+## as described in the DMARC specification. If not provided, the filter will
+## not be able to determine the Organizational Domain and only the presented
+## domain will be evaluated.
+#
+# PublicSuffixList path
+
+## RecordAllMessages { true | false }
+## default "false"
+##
+## If set and "HistoryFile" is in use, all received messages are recorded
+## to the history file. If not set (the default), only messages for which
+## the From: domain published a DMARC record will be recorded in the
+## history file.
+#
+# RecordAllMessages false
+
+## RejectFailures { true | false }
+## default "false"
+##
+## If set, messages will be rejected if they fail the DMARC evaluation, or
+## temp-failed if evaluation could not be completed. By default, no message
+## will be rejected or temp-failed regardless of the outcome of the DMARC
+## evaluation of the message. Instead, an Authentication-Results header
+## field will be added.
+#
+# RejectFailures false
+
+## ReportCommand string
+## default "/usr/sbin/sendmail -t"
+##
+## Indicates the shell command to which failure reports should be passed for
+## delivery when "FailureReports" is enabled.
+#
+# ReportCommand /usr/sbin/sendmail -t
+
+## RequiredHeaders { true | false }
+## default "false"
+##
+## If set, the filter will ensure the header of the message conforms to the
+## basic header field count restrictions laid out in RFC5322, Section 3.6.
+## Messages failing this test are rejected without further processing. A
+## From: field from which no domain name could be extracted will also be
+## rejected.
+#
+# RequiredHeaders false
+
+## Socket socketspec
+## default (none)
+##
+## Specifies the socket that should be established by the filter to receive
+## connections from sendmail(8) in order to provide service. socketspec is
+## in one of two forms: local:path, which creates a UNIX domain socket at
+## the specified path, or inet:port[@host] or inet6:port[@host] which creates
+## a TCP socket on the specified port for the appropriate protocol family.
+## If the host is not given as either a hostname or an IP address, the
+## socket will be listening on all interfaces. This option is mandatory
+## either in the configuration file or on the command line. If an IP
+## address is used, it must be enclosed in square brackets.
+#
+# Socket inet:8893@localhost
+Socket unix:/var/spool/opendmarc/opendmarc.sock
+
+## SoftwareHeader { true | false }
+## default "false"
+##
+## Causes the filter to add a "DMARC-Filter" header field indicating the
+## presence of this filter in the path of the message from injection to
+## delivery. The product's name, version, and the job ID are included in
+## the header field's contents.
+#
+# SoftwareHeader false
+
+## SPFIgnoreResults { true | false }
+## default "false"
+##
+## Causes the filter to ignore any SPF results in the header of the
+## message. This is useful if you want the filter to perfrom SPF checks
+## itself, or because you don't trust the arriving header.
+#
+# SPFIgnoreResults false
+
+## SPFSelfValidate { true | false }
+## default false
+##
+## Enable internal spf checking with --with-spf
+## To use libspf2 instead: --with-spf --with-spf2-include=path
--with-spf2-lib=path
+##
+## Causes the filter to perform a fallback SPF check itself when
+## it can find no SPF results in the message header. If SPFIgnoreResults
+## is also set, it never looks for SPF results in headers and
+## always performs the SPF check itself when this is set.
+#
+SPFSelfValidate true
+
+## Syslog { true | false }
+## default "false"
+##
+## Log via calls to syslog(3) any interesting activity.
+#
+# Syslog false
+
+## SyslogFacility facility-name
+## default "mail"
+##
+## Log via calls to syslog(3) using the named facility. The facility names
+## are the same as the ones allowed in syslog.conf(5).
+#
+# SyslogFacility mail
+
+## TrustedAuthservIDs string
+## default HOSTNAME
+##
+## Specifies one or more "authserv-id" values to trust as relaying true
+## upstream DKIM and SPF results. The default is to use the name of
+## the MTA processing the message. To specify a list, separate each entry
+## with a comma. The key word "HOSTNAME" will be replaced by the name of
+## the host running the filter as reported by the gethostname(3) function.
+#
+# TrustedAuthservIDs HOSTNAME
+
+## UMask mask
+## default (none)
+##
+## Requests a specific permissions mask to be used for file creation. This
+## only really applies to creation of the socket when Socket specifies a
+## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
+## files are normally created by the mkstemp(3) function that enforces a
+## specific file mode on creation regardless of the process umask. See
+## umask(2) for more information.
+#
+# UMask 077
+UMask 002
+
+## UserID user[:group]
+## default (none)
+##
+## Attempts to become the specified userid before starting operations.
+## The process will be assigned all of the groups and primary group ID of
+## the named userid unless an alternate group is specified.
+#
+# UserID opendmarc
+# ATTENTION: user and group are enforced throug the systemd service file
Deleted: opendmarc.service
===================================================================
--- opendmarc.service 2020-10-11 16:41:15 UTC (rev 723496)
+++ opendmarc.service 2020-10-11 16:41:18 UTC (rev 723497)
@@ -1,13 +0,0 @@
-[Unit]
-Description=OpenDMARC
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=forking
-User=opendmarc
-Group=mail
-ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
Copied: opendmarc/repos/community-x86_64/opendmarc.service (from rev 723496,
opendmarc/trunk/opendmarc.service)
===================================================================
--- opendmarc.service (rev 0)
+++ opendmarc.service 2020-10-11 16:41:18 UTC (rev 723497)
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenDMARC
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+User=opendmarc
+Group=mail
+ExecStart=/usr/bin/opendmarc -c /etc/opendmarc/opendmarc.conf
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
Deleted: opendmarc.sysusers
===================================================================
--- opendmarc.sysusers 2020-10-11 16:41:15 UTC (rev 723496)
+++ opendmarc.sysusers 2020-10-11 16:41:18 UTC (rev 723497)
@@ -1,2 +0,0 @@
-u opendmarc 335 - /etc/opendmarc
-m opendmarc mail
Copied: opendmarc/repos/community-x86_64/opendmarc.sysusers (from rev 723496,
opendmarc/trunk/opendmarc.sysusers)
===================================================================
--- opendmarc.sysusers (rev 0)
+++ opendmarc.sysusers 2020-10-11 16:41:18 UTC (rev 723497)
@@ -0,0 +1,2 @@
+u opendmarc 335 - /etc/opendmarc
+m opendmarc mail
