From: root Date: Sun, 11 Nov 2018 10:48:33 +0000 (+0100) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=62435566ec60178d12c23948f5d08f25c39b5ac7;p=vserver committing changes in /etc after apt run Package changes: +libopendbx1-mysql 1.4.6-11 amd64 +libopendmarc2 1.3.2-3 amd64 +libspf2-2 1.2.10-7build2 amd64 +libswitch-perl 2.17-2 all +opendmarc 1.3.2-3 amd64 --- diff --git a/.etckeeper b/.etckeeper index 18df909f1..723e7e72a 100755 --- a/.etckeeper +++ b/.etckeeper @@ -576,6 +576,7 @@ maybe chmod 0644 'default/motd-news' maybe chmod 0644 'default/networkd-dispatcher' maybe chmod 0644 'default/nss' maybe chmod 0644 'default/opendkim' +maybe chmod 0644 'default/opendmarc' maybe chmod 0644 'default/redis-server' maybe chmod 0644 'default/rsync' maybe chmod 0644 'default/rsyslog' @@ -940,6 +941,7 @@ maybe chmod 0755 'init.d/keyboard-setup.sh' maybe chmod 0755 'init.d/kmod' maybe chmod 0755 'init.d/mysql' maybe chmod 0755 'init.d/opendkim' +maybe chmod 0755 'init.d/opendmarc' maybe chmod 0755 'init.d/plymouth' maybe chmod 0755 'init.d/plymouth-log' maybe chmod 0755 'init.d/postfix' @@ -1323,6 +1325,7 @@ maybe chmod 0640 'opendkim/keys/key1.private' maybe chmod 0600 'opendkim/keys/key1.txt' maybe chmod 0644 'opendkim/keytable' maybe chmod 0644 'opendkim/signingtable' +maybe chmod 0644 'opendmarc.conf' maybe chmod 0755 'opt' maybe chmod 0644 'pam.conf' maybe chmod 0755 'pam.d' diff --git a/default/opendmarc b/default/opendmarc new file mode 100644 index 000000000..ac891d81b --- /dev/null +++ b/default/opendmarc @@ -0,0 +1,22 @@ +# Command-line options specified here will override the contents of +# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options. +#DAEMON_OPTS="" +# Change to /var/spool/postfix/var/run/opendmarc to use a Unix socket with +# postfix in a chroot: +#RUNDIR=/var/spool/postfix/var/run/opendmarc +RUNDIR=/var/run/opendmarc +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +# default: +SOCKET=local:$RUNDIR/opendmarc.sock +# listen on all interfaces on port 54321: +#SOCKET=inet:54321 +# listen on loopback on port 12345: +#SOCKET=inet:12345@localhost +# listen on 192.0.2.1 on port 12345: +#SOCKET=inet:12345@192.0.2.1 +USER=opendmarc +GROUP=opendmarc +PIDFILE=$RUNDIR/$NAME.pid +EXTRAAFTER= diff --git a/group b/group index 4092d277e..cb8d05977 100644 --- a/group +++ b/group @@ -60,3 +60,4 @@ opendkim:x:119:postfix amavis:x:120:postfix debian-spamd:x:121: bind:x:122: +opendmarc:x:123: diff --git a/group- b/group- index 39fc0dbbe..4092d277e 100644 --- a/group- +++ b/group- @@ -59,3 +59,4 @@ dovenull:x:118: opendkim:x:119:postfix amavis:x:120:postfix debian-spamd:x:121: +bind:x:122: diff --git a/gshadow b/gshadow index 948f7c5f6..63a3b7ed1 100644 --- a/gshadow +++ b/gshadow @@ -60,3 +60,4 @@ opendkim:!::postfix amavis:!::postfix debian-spamd:!:: bind:!:: +opendmarc:!:: diff --git a/gshadow- b/gshadow- index dcc90f6cc..948f7c5f6 100644 --- a/gshadow- +++ b/gshadow- @@ -59,3 +59,4 @@ dovenull:!:: opendkim:!::postfix amavis:!::postfix debian-spamd:!:: +bind:!:: diff --git a/init.d/opendmarc b/init.d/opendmarc new file mode 100755 index 000000000..186a394d2 --- /dev/null +++ b/init.d/opendmarc @@ -0,0 +1,151 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: opendmarc +# Required-Start: $syslog $time $local_fs $remote_fs $named $network +# Required-Stop: $syslog $time $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the OpenDMARC service +# Description: Enable DMAR verification and reporting provided by OpenDMARC +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/opendmarc +NAME=opendmarc +DESC="OpenDMARC" +RUNDIR=/var/run/$NAME +USER=opendmarc +GROUP=opendmarc +SOCKET=local:$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid + +# How long to wait for the process to die on stop/restart +stoptimeout=5 + +test -x $DAEMON || exit 0 + +# Include LSB provided init functions +. /lib/lsb/init-functions + +# Include opendkim defaults if available +if [ -f /etc/default/opendmarc ] ; then + . /etc/default/opendmarc +fi + +if [ -f /etc/opendmarc.conf ]; then + CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendmarc.conf` +fi + +# This can be set via Socket option in config file, so it's not required +if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then + DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS" +fi + +DAEMON_OPTS="-c /etc/opendmarc.conf -u $USER -P $PIDFILE $DAEMON_OPTS" + +start() { + # Create the run directory if it doesn't exist + if [ ! -d "$RUNDIR" ]; then + install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2 + [ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR" + fi + # Clean up stale sockets + if [ -f "$PIDFILE" ]; then + pid=`cat $PIDFILE` + if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then + rm "$PIDFILE" + TMPSOCKET="" + if [ -n "$SOCKET" ]; then + TMPSOCKET="$SOCKET" + elif [ -n "$CONFIG_SOCKET" ]; then + TMPSOCKET="$CONFIG_SOCKET" + fi + if [ -n "$TMPSOCKET" ]; then + # UNIX sockets may be specified with or without the + # local: prefix; handle both + t=`echo $SOCKET | cut -d: -f1` + s=`echo $SOCKET | cut -d: -f2` + if [ -e "$s" -a -S "$s" ]; then + if [ "$t" = "$s" -o "$t" = "local" ]; then + rm "$s" + fi + fi + fi + fi + fi + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test -- $DAEMON_OPTS || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS || return 2 +} + +stop() { + start-stop-daemon --stop --retry "$stoptimeout" --exec "$DAEMON" + [ "$?" = 2 ] && return 2 +} + +reload() { + start-stop-daemon --stop --signal USR1 --exec "$DAEMON" +} + +status() { + local pidfile daemon name status + + pidfile= + OPTIND=1 + while getopts p: opt ; do + case "$opt" in + p) pidfile="$OPTARG";; + esac + done + shift $(($OPTIND - 1)) + + if [ -n "$pidfile" ]; then + pidfile="-p $pidfile" + fi + daemon="$1" + name="$2" + + status="0" + pidofproc $pidfile $daemon >/dev/null || status="$?" + if [ "$status" = 0 ]; then + log_success_msg "$name is running" + return 0 + else + log_failure_msg "$name is not running" + return $status + fi +} + +case "$1" in + start) + echo -n "Starting $DESC: " + start + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + stop + echo "$NAME." + ;; + restart) + echo -n "Restarting $DESC: " + stop + start + echo "$NAME." + ;; + reload|force-reload) + echo -n "Restarting $DESC: " + reload + echo "$NAME." + ;; + status) + status $DAEMON $NAME + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/opendmarc.conf b/opendmarc.conf new file mode 100644 index 000000000..421858c2e --- /dev/null +++ b/opendmarc.conf @@ -0,0 +1,114 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample. + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## PidFile path +## default (none) +## +## Specifies the path to a file that should be created at process start +## containing the process ID. +# +PidFile /var/run/opendmarc/opendmarc.pid + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +PublicSuffixList /usr/share/publicsuffix + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +# RejectFailures false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +Socket local:/var/run/opendmarc/opendmarc.sock + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +Syslog true + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +UMask 0002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +UserID opendmarc diff --git a/passwd b/passwd index 971120195..9a8f1f05a 100644 --- a/passwd +++ b/passwd @@ -34,3 +34,4 @@ opendkim:x:113:119::/var/run/opendkim:/usr/sbin/nologin amavis:x:114:120:AMaViS system user,,,:/var/lib/amavis:/bin/sh debian-spamd:x:115:121::/var/lib/spamassassin:/bin/sh bind:x:116:122::/var/cache/bind:/usr/sbin/nologin +opendmarc:x:117:123::/var/run/opendmarc:/usr/sbin/nologin diff --git a/passwd- b/passwd- index 971120195..9a8f1f05a 100644 --- a/passwd- +++ b/passwd- @@ -34,3 +34,4 @@ opendkim:x:113:119::/var/run/opendkim:/usr/sbin/nologin amavis:x:114:120:AMaViS system user,,,:/var/lib/amavis:/bin/sh debian-spamd:x:115:121::/var/lib/spamassassin:/bin/sh bind:x:116:122::/var/cache/bind:/usr/sbin/nologin +opendmarc:x:117:123::/var/run/opendmarc:/usr/sbin/nologin diff --git a/rc0.d/K01opendmarc b/rc0.d/K01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc0.d/K01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc1.d/K01opendmarc b/rc1.d/K01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc1.d/K01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc2.d/S01opendmarc b/rc2.d/S01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc2.d/S01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc3.d/S01opendmarc b/rc3.d/S01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc3.d/S01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc4.d/S01opendmarc b/rc4.d/S01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc4.d/S01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc5.d/S01opendmarc b/rc5.d/S01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc5.d/S01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/rc6.d/K01opendmarc b/rc6.d/K01opendmarc new file mode 120000 index 000000000..d15f47216 --- /dev/null +++ b/rc6.d/K01opendmarc @@ -0,0 +1 @@ +../init.d/opendmarc \ No newline at end of file diff --git a/shadow b/shadow index c0b0180ee..05d4a54d8 100644 --- a/shadow +++ b/shadow @@ -34,3 +34,4 @@ opendkim:*:17840:0:99999:7::: amavis:*:17840:0:99999:7::: debian-spamd:*:17840:0:99999:7::: bind:*:17844:0:99999:7::: +opendmarc:*:17846:0:99999:7::: diff --git a/shadow- b/shadow- index c0b0180ee..05d4a54d8 100644 --- a/shadow- +++ b/shadow- @@ -34,3 +34,4 @@ opendkim:*:17840:0:99999:7::: amavis:*:17840:0:99999:7::: debian-spamd:*:17840:0:99999:7::: bind:*:17844:0:99999:7::: +opendmarc:*:17846:0:99999:7:::