From: mhoellein Date: Wed, 19 Jun 2019 13:01:31 +0000 (+0200) Subject: opendkim funktioniert X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=dadb9ecd64c42e1c22a965e22472f8c6843a553b;p=vserver opendkim funktioniert --- diff --git a/.etckeeper b/.etckeeper index 9354e80ae..a46db11b5 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1633,6 +1633,12 @@ maybe chmod 0644 'letsencrypt/csr/0430_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/0431_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/0432_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/0433_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0434_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0435_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0436_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0437_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0438_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/0439_csr-certbot.pem' maybe chmod 0700 'letsencrypt/keys' maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem' @@ -2068,6 +2074,12 @@ maybe chmod 0600 'letsencrypt/keys/0430_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0431_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0432_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0433_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0434_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0435_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0436_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0437_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0438_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/0439_key-certbot.pem' maybe chmod 0700 'letsencrypt/live' maybe chmod 0755 'letsencrypt/live/collabora.hoellein.online' maybe chmod 0644 'letsencrypt/live/collabora.hoellein.online/README' @@ -2215,14 +2227,19 @@ maybe chmod 0755 'nginx' maybe chmod 0755 'nginx/snippets' maybe chmod 0644 'nginx/snippets/loolwsd.conf' maybe chmod 0644 'nsswitch.conf' +maybe chgrp 'opendkim' 'opendkim' maybe chmod 0755 'opendkim' maybe chmod 0644 'opendkim.conf' maybe chmod 0644 'opendkim.conf.save' -maybe chmod 0700 'opendkim/keys' +maybe chgrp 'opendkim' 'opendkim/keys' +maybe chmod 0750 'opendkim/keys' +maybe chown 'opendkim' 'opendkim/keys/key1.private' maybe chgrp 'opendkim' 'opendkim/keys/key1.private' -maybe chmod 0640 'opendkim/keys/key1.private' +maybe chmod 0600 'opendkim/keys/key1.private' maybe chmod 0600 'opendkim/keys/key1.txt' +maybe chgrp 'opendkim' 'opendkim/keytable' maybe chmod 0644 'opendkim/keytable' +maybe chgrp 'opendkim' 'opendkim/signingtable' maybe chmod 0644 'opendkim/signingtable' maybe chmod 0755 'opendmarc' maybe chmod 0644 'opendmarc.conf' diff --git a/opendkim.conf b/opendkim.conf index fe6f96c4e..9586a8cbe 100644 --- a/opendkim.conf +++ b/opendkim.conf @@ -2,10 +2,11 @@ Syslog yes LogResults yes LogWhy yes SyslogSuccess yes +UserID opendkim UMask 002 Canonicalization relaxed/relaxed +Socket unix:/var/run/opendkim/opendkim.sock PidFile /var/run/opendkim/opendkim.pid -Socket local:/var/run/opendkim/opendkim.sock RequireSafeKeys false # Nur signieren, nicht verifizieren (Verifizierung übernimmt Amavis) diff --git a/opendmarc.conf b/opendmarc.conf index 84fb725d5..2aebdd44f 100644 --- a/opendmarc.conf +++ b/opendmarc.conf @@ -117,5 +117,5 @@ IgnoreHosts /etc/opendmarc/ignore.hosts HistoryFile /var/run/opendmarc/opendmarc.dat #for testing: SoftwareHeader true -#IgnoreAuthenticatedClients true +IgnoreAuthenticatedClients true MilterDebug 5 diff --git a/postfix/main.cf b/postfix/main.cf index 37a18d340..24effd709 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -68,10 +68,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp milter_default_action = accept milter_protocol = 2 smtpd_milters = unix:/var/lib/amavis/amavisd-milter.sock, - unix:/var/run/opendkim/opendkim.sock + unix:/var/run/opendkim/opendkim.sock, unix:/var/run/opendmarc/opendmarc.sock non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock +#unix:/var/run/opendkim/opendkim.sock, + ## ## Server Restrictions für Clients, Empfänger und Relaying ## (im Bezug auf S2S-Verbindungen. Mailclient-Verbindungen werden in master.cf im Submission-Bereich konfiguriert)