maybe chmod 0644 'default/motd-news'
maybe chmod 0644 'default/networkd-dispatcher'
maybe chmod 0644 'default/nss'
+maybe chmod 0644 'default/opendkim'
maybe chmod 0644 'default/redis-server'
maybe chmod 0644 'default/rsync'
maybe chmod 0644 'default/rsyslog'
maybe chmod 0644 'dhcp/dhclient.conf'
maybe chmod 0755 'dictionaries-common'
maybe chmod 0644 'dictionaries-common/ispell-default'
+maybe chown 'opendkim' 'dkimkeys'
+maybe chgrp 'opendkim' 'dkimkeys'
+maybe chmod 0700 'dkimkeys'
+maybe chmod 0644 'dkimkeys/README.PrivateKeys'
maybe chmod 0755 'dovecot'
maybe chmod 0770 'dovecot/dovecot-sql.conf'
maybe chmod 0644 'dovecot/dovecot.conf'
maybe chmod 0755 'init.d/keyboard-setup.sh'
maybe chmod 0755 'init.d/kmod'
maybe chmod 0755 'init.d/mysql'
+maybe chmod 0755 'init.d/opendkim'
maybe chmod 0755 'init.d/plymouth'
maybe chmod 0755 'init.d/plymouth-log'
maybe chmod 0755 'init.d/postfix'
maybe chmod 0444 'machine-id'
maybe chmod 0644 'magic'
maybe chmod 0644 'magic.mime'
+maybe chmod 0755 'mail'
+maybe chmod 0755 'mail/m4'
+maybe chmod 0644 'mail/m4/opendkim.m4'
maybe chmod 0644 'mailcap'
maybe chmod 0644 'mailcap.order'
maybe chmod 0644 'mailname'
maybe chmod 0644 'newt/palette.original'
maybe chmod 0644 'newt/palette.ubuntu'
maybe chmod 0644 'nsswitch.conf'
+maybe chmod 0644 'opendkim.conf'
maybe chmod 0755 'opt'
maybe chmod 0644 'pam.conf'
maybe chmod 0755 'pam.d'
--- /dev/null
+# Command-line options specified here will override the contents of
+# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
+#DAEMON_OPTS=""
+# Change to /var/spool/postfix/var/run/opendkim to use a Unix socket with
+# postfix in a chroot:
+#RUNDIR=/var/spool/postfix/var/run/opendkim
+RUNDIR=/var/run/opendkim
+#
+# Uncomment to specify an alternate socket
+# Note that setting this will override any Socket value in opendkim.conf
+# default:
+SOCKET=local:$RUNDIR/opendkim.sock
+# listen on all interfaces on port 54321:
+#SOCKET=inet:54321
+# listen on loopback on port 12345:
+#SOCKET=inet:12345@localhost
+# listen on 192.0.2.1 on port 12345:
+#SOCKET=inet:12345@192.0.2.1
+USER=opendkim
+GROUP=opendkim
+PIDFILE=$RUNDIR/$NAME.pid
+EXTRAAFTER=
--- /dev/null
+This directory is for storing private keys associated with DKIM signing with
+opendkim.
+
+Here is advice from upstream
+
+(4) Store the private key in a safe place. We generally use a path like
+ /var/db/dkim/SELECTOR.key.pem (where "SELECTOR" is the name you chose).
+ The /var/db/dkim directory and the associated .pem file should be owned by
+ the user that will be executing the filter (preferably not the
+ superuser) and be mode 0700 and 0600 respectively.
+
+In Debian, we use /etc/dkimkeys by default and the directory permissions and
+ownership are set correctly. Ensure that the private key is owned by the
+opendkim user and the permissions are 0600.
vmail:x:1000:
dovecot:x:117:
dovenull:x:118:
+opendkim:x:119:
postdrop:x:116:
vmail:x:1000:
dovecot:x:117:
+dovenull:x:118:
vmail:!::
dovecot:!::
dovenull:!::
+opendkim:!::
postdrop:!::
vmail:!::
dovecot:!::
+dovenull:!::
--- /dev/null
+#! /bin/sh
+#
+### BEGIN INIT INFO
+# Provides: opendkim
+# Required-Start: $syslog $time $local_fs $remote_fs $named $network
+# Required-Stop: $syslog $time $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start the OpenDKIM service
+# Description: Enable DKIM signing and verification provided by OpenDKIM
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/opendkim
+NAME=opendkim
+DESC="OpenDKIM"
+
+# How long to wait for the process to die on stop/restart
+stoptimeout=5
+
+test -x $DAEMON || exit 0
+
+# Include LSB provided init functions
+. /lib/lsb/init-functions
+
+
+
+# Include opendkim defaults if available
+if [ -f /etc/default/opendkim ] ; then
+ . /etc/default/opendkim
+fi
+
+pathfind() {
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$*" ]; then
+ IFS="$OLDIFS"
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+ return 1
+}
+
+USER=$USER
+GROUP=$GROUP
+PIDFILE=$RUNDIR/$NAME.pid
+
+if [ -f /etc/opendkim.conf ]; then
+ CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendkim.conf`
+fi
+
+# This can be set via Socket option in config file, so it's not required
+if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then
+ DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS"
+fi
+
+DAEMON_OPTS="-x /etc/opendkim.conf -u $USER -P $PIDFILE $DAEMON_OPTS"
+
+start() {
+ # Create the run directory if it doesn't exist
+ if [ ! -d "$RUNDIR" ]; then
+ install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || exit 2
+ if pathfind restorecon; then restorecon "$RUNDIR"
+ fi
+ fi
+ # Clean up stale sockets
+ if [ -f "$PIDFILE" ]; then
+ pid=`cat $PIDFILE`
+ if ! ps -C "$NAME" -s "$pid" >/dev/null; then
+ rm "$PIDFILE"
+ TMPSOCKET=""
+ if [ -n "$SOCKET" ]; then
+ TMPSOCKET="$SOCKET"
+ elif [ -n "$CONFIG_SOCKET" ]; then
+ TMPSOCKET="$CONFIG_SOCKET"
+ fi
+ if [ -n "$TMPSOCKET" ]; then
+ # UNIX sockets may be specified with or without the
+ # local: prefix; handle both
+ t=`echo $SOCKET | cut -d: -f1`
+ s=`echo $SOCKET | cut -d: -f2`
+ if [ -e "$s" -a -S "$s" ]; then
+ if [ "$t" = "$s" -o "$t" = "local" ]; then
+ rm "$s"
+ fi
+ fi
+ fi
+ fi
+ fi
+ start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test -- $DAEMON_OPTS || exit 1
+ start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS || exit 2
+ # Detect exit status 78 (configuration error)
+ ret=$?
+ if [ $ret -eq 78 ]; then
+ echo "See /usr/share/doc/opendkim/README.Debian for help"
+ echo "Starting for DKIM verification only"
+ DAEMON_OPTS="-b v $DAEMON_OPTS"
+ start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS
+ exit 0
+ elif [ $ret -ne 0 ]; then
+ exit $ret
+ fi
+}
+
+stop() {
+ start-stop-daemon --stop --retry "$stoptimeout" --exec "$DAEMON"
+ [ "$?" = 2 ] && exit 2
+}
+
+reload() {
+ start-stop-daemon --stop --signal USR1 --exec "$DAEMON"
+}
+
+status() {
+ local pidfile daemon name status
+
+ pidfile=
+ OPTIND=1
+ while getopts p: opt ; do
+ case "$opt" in
+ p) pidfile="$OPTARG";;
+ esac
+ done
+ shift $(($OPTIND - 1))
+
+ if [ -n "$pidfile" ]; then
+ pidfile="-p $pidfile"
+ fi
+ daemon="$1"
+ name="$2"
+
+ status="0"
+ pidofproc $pidfile $daemon >/dev/null || status="$?"
+ if [ "$status" = 0 ]; then
+ log_success_msg "$name is running"
+ return 0
+ else
+ log_failure_msg "$name is not running"
+ exit $status
+ fi
+}
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ stop
+ echo "$NAME."
+ ;;
+ restart)
+ echo -n "Restarting $DESC: "
+ stop
+ start
+ echo "$NAME."
+ ;;
+ reload|force-reload)
+ echo -n "Restarting $DESC: "
+ reload
+ echo "$NAME."
+ ;;
+ status)
+ status $DAEMON $NAME
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+INPUT_MAIL_FILTER(`opendkim',
+ `S=local:/var/run/opendkim/opendkim.sock, F=, T=S:4m;R:4m;E:10m')dnl
--- /dev/null
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask 007
+
+# Sign for example.com with key in /etc/dkimkeys/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+#Domain example.com
+#KeyFile /etc/dkimkeys/dkim.key
+#Selector 2007
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization simple
+#Mode sv
+#SubDomains no
+
+# Socket smtp://localhost
+#
+# ## Socket socketspec
+# ##
+# ## Names the socket where this filter should listen for milter connections
+# ## from the MTA. Required. Should be in one of these forms:
+# ##
+# ## inet:port@address to listen on a specific interface
+# ## inet:port to listen on all interfaces
+# ## local:/path/to/socket to listen on a UNIX domain socket
+#
+#Socket inet:8892@localhost
+Socket local:/var/run/opendkim/opendkim.sock
+
+## PidFile filename
+### default (none)
+###
+### Name of the file where the filter should write its pid before beginning
+### normal operations.
+#
+PidFile /var/run/opendkim/opendkim.pid
+
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier. From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders From
+
+## ResolverConfiguration filename
+## default (none)
+##
+## Specifies a configuration file to be passed to the Unbound library that
+## performs DNS queries applying the DNSSEC protocol. See the Unbound
+## documentation at http://unbound.net for the expected content of this file.
+## The results of using this and the TrustAnchorFile setting at the same
+## time are undefined.
+## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
+## unbound package
+
+# ResolverConfiguration /etc/unbound/unbound.conf
+
+## TrustAnchorFile filename
+## default (none)
+##
+## Specifies a file from which trust anchor data should be read when doing
+## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
+## at http://unbound.net for the expected format of this file.
+
+TrustAnchorFile /usr/share/dns/root.key
+
+## Userid userid
+### default (none)
+###
+### Change to user "userid" before starting normal operation? May include
+### a group ID as well, separated from the userid by a colon.
+#
+UserID opendkim
vmail:x:1000:1000:vmail,,,:/var/vmail:/bin/bash
dovecot:x:111:117:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin
dovenull:x:112:118:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
+opendkim:x:113:119::/var/run/opendkim:/usr/sbin/nologin
postfix:x:110:115::/var/spool/postfix:/usr/sbin/nologin
vmail:x:1000:1000:vmail,,,:/var/vmail:/bin/bash
dovecot:x:111:117:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin
-dovenull:x:112:118::/nonexistent:/usr/sbin/nologin
+dovenull:x:112:118:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
+opendkim:x:113:119::/var/run/opendkim:/usr/sbin/nologin
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
--- /dev/null
+../init.d/opendkim
\ No newline at end of file
vmail:!:17840:0:99999:7:::
dovecot:*:17840:0:99999:7:::
dovenull:*:17840:0:99999:7:::
+opendkim:*:17840:0:99999:7:::
vmail:!:17840:0:99999:7:::
dovecot:*:17840:0:99999:7:::
dovenull:*:17840:0:99999:7:::
+opendkim:*:17840:0:99999:7:::
--- /dev/null
+/lib/systemd/system/opendkim.service
\ No newline at end of file
projects / vserver / commitdiff