Your message dated Tue, 05 Jul 2016 12:35:02 +0000
with message-id <[email protected]>
and subject line Bug#797492: fixed in opendkim 2.10.3-5
has caused the Debian Bug report #797492,
regarding opendkim: Better default configuration for Postfix (and possibly
other MTAs)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
797492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797492
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: opendkim
Version: 2.9.2-2
Severity: wishlist
Hello,
Thank you for maintaining this important package. As the "war on spam" grows,
more independent email systems will find OpenDKIM critical to ensuring their
emails get delivered.
I had to do quite a bit of configuring to get a standard installation of the
OpenDKIM package to work with a standard installation of Postfix. I'm reporting
this "wishlist" bug in hopes that you might consider these as ways to make the
integration more "plug-and-play." I realize that some of the onus might need to
be placed on the Postfix maintainers as well.
The primary problem had to do with the fact that Postfix runs in a chroot
environment by default. The standard location of the opendkim.sock Socket file
(/var/run/opendkim/opendkim.sock) is inaccessable by Postfix which has a chroot
at /var/spool/postfix. After considering a hard link and bind mount, I
concluded the only permanent way to let Postfix access OpenDKIM (without
resorting to networking) is to place the opendkim.sock file under the Postfix
chroot. This is the opendkim.conf setting I used:
Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock
Of course I had to manually create the directory ahead of time with the proper
ownership:
# mkdir -p /var/spool/postfix/var/run/opendkim
# chown opendkim:opendkim /var/spool/postfix/var/run/opendkim
The current OpenDKIM configuration includes an important setting for UMask
which helps make the file w
ritable by MTAs:
UMask 0002
Unfortunately, this alone does not allow Postfix to write to the socket as
Postfix runs as its own user (postfix) and is not in the opendkim group by
default. To make it part of the opendkim group I issued the command:
# adduser postfix opendkim
A UMask of 0000 would remove the previous step, but would make OpenDKIM less
secure.
The final issue I had was with storing my key file in the /etc/postfix
directory. This seemed like the most appropriate place. Unfortunately, Postfix
warns of non-postfix files in its directory (# postfix check). I had to create
a separate /etc/opendkim directory for my key file. I don't currently have
other OpenDKIM configuration files but several are possible. It seems to me
that giving users a standard location for OpenDKIM configuration/keys and
having opendkim.conf there would be a good approach. Otherwise, people end up
polluting /etc.
Thank you for considering my configuration. I am sharing this in hopes that my
experience might help in future adjustments to the way OpenDKIM is configured
-- to make it easier to use for all users. Thank you again for the work you do
maintaining this important package.
Tom Dworzanski
[email protected]
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.1.5-x86_64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages opendkim depends on:
ii adduser 3.113+nmu3
ii libbsd0 0.7.0-2
ii libc6 2.19-18
ii libdb5.3 5.3.28-9
ii libldap-2.4-2 2.4.40+dfsg-1
ii liblua5.1-0 5.1.5-7.1
ii libmemcached11 1.0.18-4
ii libmemcachedutil2 1.0.18-4
ii libmilter1.0.1 8.14.4-8
ii libopendbx1 1.4.6-8
ii libopendkim9 2.9.2-2
ii librbl1 2.9.2-2
ii libssl1.0.0 1.0.1k-3+deb8u1
ii libunbound2 1.4.22-3
ii libvbr2 2.9.2-2
ii lsb-base 4.1+Debian13+nmu1
opendkim recommends no packages.
Versions of packages opendkim suggests:
ii opendkim-tools 2.9.2-2
-- Configuration Files:
/etc/opendkim.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: opendkim
Source-Version: 2.10.3-5
We believe that the bug you reported is fixed in the latest version of
opendkim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated opendkim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 Jul 2016 08:04:24 -0400
Source: opendkim
Binary: opendkim opendkim-tools libopendkim10 libopendkim-dev libvbr2
libvbr-dev librbl1 librbl-dev
Architecture: source amd64
Version: 2.10.3-5
Distribution: unstable
Urgency: medium
Maintainer: Scott Kitterman <[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Description:
libopendkim-dev - Headers and development libraries for the OpenDKIM library
libopendkim10 - Library for signing and verifying DomainKeys Identified Mail
sign
librbl-dev - Headers/development libraries for the OpenDKIM RBL library
librbl1 - Library to support a DKIM based RBL system
libvbr-dev - Headers and development libraries for the OpenDKIM VBR library
libvbr2 - Library for RFC 5518 Vouch By Reference (VBR)
opendkim - Milter implementation of DomainKeys Identified Mail
opendkim-tools - Set of command line tools for OpenDKIM
Closes: 778871 792458 797492 804806
Changes:
opendkim (2.10.3-5) unstable; urgency=medium
.
* Change build-dep for libopendbx-dev to linux-any kfreebsd-any since it is
not available on hurd
* Adjust debian rules to configure for kfreebsd/hurd based on available
build-depends
* Set shell to /bin/sh to work around captures_shell_variable_in_autofoo_
script issue for reproducibility
* Drop obsolete --wite-libxml configure option
* Add debian/opendkim-tools.install.hurd-i386 to account for opendkim-spam
not being built due to lack of libopendbx
* Reorder startup options to match the requirements listed in the help file
- Completes fix for (Closes: #792458)
* Stop installing historical dkim-milter changelog (RELEASE-NOTES.Sendmail
* Add .m4 file to ease sendmail integration and related README.Sendmail
(Closes: #804806)
* Make opendkim user and group variables in both the service and sysv init
files and then add the definition to /etc/default/opendkim to make it
easier to change which user and group opendkim runs under (Closes:
#778871)
* Add opendkim run directory to /etc/default/opendkim to make it easier to
change it to support, for example, use of a Unix socket for a chrooted
postfix (Closes: #797492)
* Since the variables that can be set from the environment directly a
systemd unit file, generate opendkim.service based on /etc/default/
opendkim
* Update /etc/default to include a few additional options as a result
* Install opendkim.service.generate in its own directory
Checksums-Sha1:
dc5461edd91d9753aa91c3b69f88c8f60e6313ef 2352 opendkim_2.10.3-5.dsc
d2529365f23bf31371cd96ae5f26b1b62e149165 22204 opendkim_2.10.3-5.debian.tar.xz
64956906ee8a2461cd607a3f28e976c89c3d5f0a 157106
libopendkim-dev_2.10.3-5_amd64.deb
b000a25a5e5c13dbe15b5fdbc5583b78bbaba4dd 232858
libopendkim10-dbgsym_2.10.3-5_amd64.deb
8d1c838a2200c1ee0ad875ef2b0580b6f5f98540 89816 libopendkim10_2.10.3-5_amd64.deb
54f17f85fd70da5d0ed34f58cf37fd754152def0 49648 librbl-dev_2.10.3-5_amd64.deb
017e40fe26728571f216c9f3f00da0a3e0196b86 12312
librbl1-dbgsym_2.10.3-5_amd64.deb
df799a7e35b282079f11f664eae89e25bd7f9c4f 44784 librbl1_2.10.3-5_amd64.deb
80cb049f2ab04d484ab568cfc16d995a24587960 51578 libvbr-dev_2.10.3-5_amd64.deb
8884b7fd4f9e76ad66deb07fd5748722fb3aa4df 15024
libvbr2-dbgsym_2.10.3-5_amd64.deb
e411ae930cc04e2de6ff87620164839ccf6c5fc5 46946 libvbr2_2.10.3-5_amd64.deb
b11025a30d999b6f5afa6b4ea2302b72b44a45da 232940
opendkim-dbgsym_2.10.3-5_amd64.deb
687ad10212a11ca403560df352e25f10b0c7fc99 347904
opendkim-tools-dbgsym_2.10.3-5_amd64.deb
1953e29ce2e2c1132ccdc869f14792616e9ee3f7 131242
opendkim-tools_2.10.3-5_amd64.deb
fbe6eabebb1bbb74c8dae99c31a12761fcc484d5 184562 opendkim_2.10.3-5_amd64.deb
Checksums-Sha256:
de3cb0acf3730d74330a918c5082b1794bc2f451abfb59414fe1faa302204e92 2352
opendkim_2.10.3-5.dsc
9f673a19602651202588dfbfd6610a3c0a839e1da8997f5dff752ef0873e2a68 22204
opendkim_2.10.3-5.debian.tar.xz
a9d3ee10e18e473221edb6670882c56a30dad0670bc161d33c6fa20627717298 157106
libopendkim-dev_2.10.3-5_amd64.deb
36ac87b5067ad9014b8e388cfd8012cd97e644434799fb6bf823c3f8d2d23ac5 232858
libopendkim10-dbgsym_2.10.3-5_amd64.deb
601c5ee6c3543fd0c8bc043086320dbc60292dfc58580e93a8a65f080a12bb31 89816
libopendkim10_2.10.3-5_amd64.deb
df9085ea15d01524c1e1bd4bdc45e30a844d5714d2f3095c57227845b19656f8 49648
librbl-dev_2.10.3-5_amd64.deb
4f66e388e7ac6acfc4fd02fe25fe6a02079e5b3888ed0d3f974dc12702bb1c6d 12312
librbl1-dbgsym_2.10.3-5_amd64.deb
65affa7564d1abbe64aeec0ab43067ba46121cf7e3acd7c15afe054099e2904c 44784
librbl1_2.10.3-5_amd64.deb
a55e7ffe43fbb40327e6ca72c3745dc56bc633371d54204159e6b0fde2a72f30 51578
libvbr-dev_2.10.3-5_amd64.deb
14d5fc1cfdeac9a077fd1c2e5afe91546eef6565763762b0ecc3f81a4e5c3b32 15024
libvbr2-dbgsym_2.10.3-5_amd64.deb
424978b4923381dc492e78b647ff993af75bd0f8e527a8f8def00d41b46e43f5 46946
libvbr2_2.10.3-5_amd64.deb
456c4df3c9f6b376ed07e7dc7bfca36e0858d1f55128c139eae2cf34f598db3a 232940
opendkim-dbgsym_2.10.3-5_amd64.deb
f40f597f3032fc87430431a6f6eeb200d9aedf9fe760e81eb1c5a5dbbd36fb6c 347904
opendkim-tools-dbgsym_2.10.3-5_amd64.deb
98517b00290606fe3783d7f65508edb3e1acc3bc3f67c3f16e96b899dd557bf8 131242
opendkim-tools_2.10.3-5_amd64.deb
e7cd9e465fb187066880926140e542695b64353b9f03ff7f38a710903945378a 184562
opendkim_2.10.3-5_amd64.deb
Files:
8498ac538987d643034c27d6d936fc72 2352 mail extra opendkim_2.10.3-5.dsc
bf037a7fb149842b9db43b27864b1559 22204 mail extra
opendkim_2.10.3-5.debian.tar.xz
045df1ed936bca1304d86250d52dc1a6 157106 libdevel extra
libopendkim-dev_2.10.3-5_amd64.deb
538d3fc05ba5f15e141064d7763fa6ab 232858 debug extra
libopendkim10-dbgsym_2.10.3-5_amd64.deb
90702206a3fabfae3239061ec5a690f6 89816 libs extra
libopendkim10_2.10.3-5_amd64.deb
1d96a88fdfb88d51666073e0d48d267e 49648 libdevel extra
librbl-dev_2.10.3-5_amd64.deb
f88aee48a5abac45b21f9881a88466f0 12312 debug extra
librbl1-dbgsym_2.10.3-5_amd64.deb
626eeb826b2d9ef42648b50c4ec069cd 44784 libs extra librbl1_2.10.3-5_amd64.deb
2e99ef581c295f22379f463e0cdeeb66 51578 libdevel extra
libvbr-dev_2.10.3-5_amd64.deb
3fe91add0e4bca5dcad4aee56b6b403b 15024 debug extra
libvbr2-dbgsym_2.10.3-5_amd64.deb
859f69832b29d00d880d3bde7fc29560 46946 libs extra libvbr2_2.10.3-5_amd64.deb
bc39c2f845bd9c3b8ec47dc5f58cc101 232940 debug extra
opendkim-dbgsym_2.10.3-5_amd64.deb
6836a1e5becfdadbc7500f686f8522ca 347904 debug extra
opendkim-tools-dbgsym_2.10.3-5_amd64.deb
c3c234135fae5df214d257bc1c3a8e0b 131242 mail extra
opendkim-tools_2.10.3-5_amd64.deb
bd4e6e6b3b482dcacde7387f55828ea1 184562 mail extra opendkim_2.10.3-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXe6Z/AAoJEHjX3vua1Zrxtw8P/2LYSWtXDRrELj/F9LE8ILvE
rLPd8t10SrJe3dKAvkcQ1XeBTK1hpR/qSyCbASR7mmrMR2SUpSiM72d65mIzGCra
bsUK5Ca2uE5JMXL+qtgmpHJp1lyW9r78Uw/TbfKOPn382JhZQ4vCWYGE7vF1VMwl
lHT9NfTHFUMtr3MdqiSdzrpx2uP202wVDjKqD+o7vznAHNpy94DJoGnZ4BmLptNL
OEgVSEzW+3a/23sYdoZQhyNgI3NMZfsEzqfNu9GKvZ1Fb18xykEyyPykuskGV1YP
acbhJ7hlyVY0PlIXsykBWAw7gN5UbqWU4Lmv7YToOfSy3fZ4dh0k/h3USEta/ooW
LpNJfBrsm61YQCnNWLCOhStounPiDhOdpb+GW3wVZHXDKujoNuC2hXJ27+i33I4q
8TCKG6xjo3qP3Wg4ynuqlAPA69/InlZ7hWaUclaeZljADcnrw3CFRIpshOqKNSzM
xx5FJVSBULJTf3qlXl25GtWj4JkWcJcv+F43cEJzriS0wyR9xcv55V7WEg1H8T5U
63VomIwR54pKqyskTbhV9w5tqijv3qdc+DWGaeH94O69y/7fDzh3sXM249iu1qif
LGfd1JHNOV51IPQ9iT97XuXR/lEkM2GxC0LORmrVWblG/kYybst0nzyXL5H1lL8J
6772QT6rneXc2NGEGeCR
=Ci7M
-----END PGP SIGNATURE-----
--- End Message ---
