From 0145d6bdad78b992ad004b7c3f865b308e30a7b2 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Nov 2018 21:04:47 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 5 +++ opendkim.conf | 92 +++++--------------------------------- opendkim.conf.save | 80 +++++++++++++++++++++++++++++++++ opendkim/keys/key1.private | 27 +++++++++++ opendkim/keys/key1.txt | 3 ++ 5 files changed, 127 insertions(+), 80 deletions(-) create mode 100644 opendkim.conf.save create mode 100644 opendkim/keys/key1.private create mode 100644 opendkim/keys/key1.txt diff --git a/.etckeeper b/.etckeeper index 405eadfb6..c1ff757e4 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1045,7 +1045,12 @@ maybe chmod 0755 'newt' maybe chmod 0644 'newt/palette.original' maybe chmod 0644 'newt/palette.ubuntu' maybe chmod 0644 'nsswitch.conf' +maybe chmod 0755 'opendkim' maybe chmod 0644 'opendkim.conf' +maybe chmod 0644 'opendkim.conf.save' +maybe chmod 0755 'opendkim/keys' +maybe chmod 0600 'opendkim/keys/key1.private' +maybe chmod 0600 'opendkim/keys/key1.txt' maybe chmod 0755 'opt' maybe chmod 0644 'pam.conf' maybe chmod 0755 'pam.d' diff --git a/opendkim.conf b/opendkim.conf index afc808ccd..dc92be534 100644 --- a/opendkim.conf +++ b/opendkim.conf @@ -1,80 +1,12 @@ -# This is a basic configuration that can easily be adapted to suit a standard -# installation. For more advanced options, see opendkim.conf(5) and/or -# /usr/share/doc/opendkim/examples/opendkim.conf.sample. - -# Log to syslog -Syslog yes -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) -UMask 007 - -# Sign for example.com with key in /etc/dkimkeys/dkim.key using -# selector '2007' (e.g. 2007._domainkey.example.com) -#Domain example.com -#KeyFile /etc/dkimkeys/dkim.key -#Selector 2007 - -# Commonly-used options; the commented-out versions show the defaults. -#Canonicalization simple -#Mode sv -#SubDomains no - -# Socket smtp://localhost -# -# ## Socket socketspec -# ## -# ## Names the socket where this filter should listen for milter connections -# ## from the MTA. Required. Should be in one of these forms: -# ## -# ## inet:port@address to listen on a specific interface -# ## inet:port to listen on all interfaces -# ## local:/path/to/socket to listen on a UNIX domain socket -# -#Socket inet:8892@localhost -Socket local:/var/run/opendkim/opendkim.sock - -## PidFile filename -### default (none) -### -### Name of the file where the filter should write its pid before beginning -### normal operations. -# -PidFile /var/run/opendkim/opendkim.pid - - -# Always oversign From (sign using actual From and a null From to prevent -# malicious signatures header fields (From and/or others) between the signer -# and the verifier. From is oversigned by default in the Debian pacakge -# because it is often the identity key used by reputation systems and thus -# somewhat security sensitive. -OversignHeaders From - -## ResolverConfiguration filename -## default (none) -## -## Specifies a configuration file to be passed to the Unbound library that -## performs DNS queries applying the DNSSEC protocol. See the Unbound -## documentation at http://unbound.net for the expected content of this file. -## The results of using this and the TrustAnchorFile setting at the same -## time are undefined. -## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested -## unbound package - -# ResolverConfiguration /etc/unbound/unbound.conf - -## TrustAnchorFile filename -## default (none) -## -## Specifies a file from which trust anchor data should be read when doing -## DNS queries and applying the DNSSEC protocol. See the Unbound documentation -## at http://unbound.net for the expected format of this file. - -TrustAnchorFile /usr/share/dns/root.key - -## Userid userid -### default (none) -### -### Change to user "userid" before starting normal operation? May include -### a group ID as well, separated from the userid by a colon. -# -UserID opendkim +Syslog yes +LogResults yes +LogWhy yes +SyslogSuccess yes +UMask 002 +Canonicalization relaxed/relaxed + +# Nur signieren, nicht verifizieren (Verifizierung übernimmt Amavis) +Mode s + +KeyTable /etc/opendkim/keytable +SigningTable refile:/etc/opendkim/signingtable diff --git a/opendkim.conf.save b/opendkim.conf.save new file mode 100644 index 000000000..afc808ccd --- /dev/null +++ b/opendkim.conf.save @@ -0,0 +1,80 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 007 + +# Sign for example.com with key in /etc/dkimkeys/dkim.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#Domain example.com +#KeyFile /etc/dkimkeys/dkim.key +#Selector 2007 + +# Commonly-used options; the commented-out versions show the defaults. +#Canonicalization simple +#Mode sv +#SubDomains no + +# Socket smtp://localhost +# +# ## Socket socketspec +# ## +# ## Names the socket where this filter should listen for milter connections +# ## from the MTA. Required. Should be in one of these forms: +# ## +# ## inet:port@address to listen on a specific interface +# ## inet:port to listen on all interfaces +# ## local:/path/to/socket to listen on a UNIX domain socket +# +#Socket inet:8892@localhost +Socket local:/var/run/opendkim/opendkim.sock + +## PidFile filename +### default (none) +### +### Name of the file where the filter should write its pid before beginning +### normal operations. +# +PidFile /var/run/opendkim/opendkim.pid + + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +## ResolverConfiguration filename +## default (none) +## +## Specifies a configuration file to be passed to the Unbound library that +## performs DNS queries applying the DNSSEC protocol. See the Unbound +## documentation at http://unbound.net for the expected content of this file. +## The results of using this and the TrustAnchorFile setting at the same +## time are undefined. +## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested +## unbound package + +# ResolverConfiguration /etc/unbound/unbound.conf + +## TrustAnchorFile filename +## default (none) +## +## Specifies a file from which trust anchor data should be read when doing +## DNS queries and applying the DNSSEC protocol. See the Unbound documentation +## at http://unbound.net for the expected format of this file. + +TrustAnchorFile /usr/share/dns/root.key + +## Userid userid +### default (none) +### +### Change to user "userid" before starting normal operation? May include +### a group ID as well, separated from the userid by a colon. +# +UserID opendkim diff --git a/opendkim/keys/key1.private b/opendkim/keys/key1.private new file mode 100644 index 000000000..9447ab221 --- /dev/null +++ b/opendkim/keys/key1.private @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwixsvOcmLmhPFCZ81AaMTS37Ok342bs8Z38rE6+pjkmTg5Tg +rCw2iyoehEm/+eowUmnrtKwietIgKIl8FSVYox0SWEN0DXBGb4a2kqkbGot5Uibj +ttSjFlsFduS76PahGJT9oFJ67A609zuRpvAYqy0vnkzRtJUoXGvVT7MfZIHqoddn +IFJVEIwpvlA4pqTuyUoPSb/drVb36sEuXh/WRvGnc79xI4n6yeLp5VgsxAN90VYH +JTT83BnBitERobaD3baQerrM/RYOF65IJ5NK61poXJjGrdFFwQzmUPNJCVbrm6O0 +3Nh8Iml0FAk/ehEtpjpujPlMM7hYhj904mS1KwIDAQABAoIBAC0DkX3FdGODyPlZ +5sxcbEAkLb6Zftwy/NDdeUYKDhuvUORLKj6fzVE7xXFTi47LTMJ+TadH1IJ2nf/n +x307eC3wOmV91bSb16hZKZAcZe0kck6qN1YWO2yeU0j5w9pA+p2xRI7bMCXzTt6V +z7FMrdtZEVX4ZxEfFwk98miUlO1+jUIzxiS1f/Oambe0Em7pYv/K4s+nGXYq7YPO +aThEFTfBwjA52uJ8xYfwhJ2cydU1mpq4cxrMLRIKTi2BDWj2+hfy+m8aKFB5lXto +i67HjDC01ROJ5gHw8hAdwxdj/x8NFg6clptFHg2MofsAKhfgg7M7JPGsGgJ84ay+ +w9JwGgkCgYEA6b1i7w/SoSM4rWKT/Xu2qMEbPr1UsvGbfwtQbgVpKg43dnE4tilH +KSJ/ASjYBc9aktjwiXh4DgcvIHszW0+nSUwXsOjLtPDMHUIHMMA9JtPfJfUambix +swsRNgrUX0zhfGxOqqyUdZ94MRZ5OTXyes8hdlGWfcfnydep3VYKWLcCgYEA1Kpo +GGqeMKGToLcZSmZ24H3dQEmpNMnHTl12OiSO4c6OhHv/CVt9kvosPqJ+k9+OcymL +7avw/AExDtMA0xU95uTGAlR4+ChLhn7GOnrHAHvScbqyq6vTw/ZEsg6zN4f8GLu7 +MmULTahA2f0BDUISIr6VZyhg6FwpuV50sQWWyy0CgYBvQgmEl3h/4P8KcODWiHui +igCI9aAKaTzF1UHcjNDJBulZhH0lIDLSHqxrheCFq3SGb6LXHLOwobTJ9jq03Q5Y +slKYj8bfArt1tccsamTxRWpza97Uivhyq/LuUWtTTYoLKparYOhtsJGKdBMRq18X +G97mreE/T9dB2VjulRTpswKBgBu87j7hCSkGqh64QxA1NSQqxoTwFqXP+7L49ca3 +pftF2cjl82nhCQv2nXa98wyOiCH1NU8WsiPsc92fH+hoSN6o0DrVkcGsX813E5vl +D7e8bsJuu4cwrjpNEMC4sh94GSWQtuXn0AWdAHhuS4jTKVJm0U3XMmycOMT40PeV +5wkxAoGAeAeGUPNxAblQKM7X1cFCT6gk/21qXlj4MGNjP3nT7sT3jVKJHQX8mfvE +YiCFoA4QCaUCDU4IehYTc5jfrF3cCsOkQkIr897P3FqAXBOolkTORY+Hje+negxW +B1R0BMqC/+jbr6KGBllGEulPy3eiA33pxU9b3KSexa2OQjkGdTk= +-----END RSA PRIVATE KEY----- diff --git a/opendkim/keys/key1.txt b/opendkim/keys/key1.txt new file mode 100644 index 000000000..d9992e9b8 --- /dev/null +++ b/opendkim/keys/key1.txt @@ -0,0 +1,3 @@ +key1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwixsvOcmLmhPFCZ81AaMTS37Ok342bs8Z38rE6+pjkmTg5TgrCw2iyoehEm/+eowUmnrtKwietIgKIl8FSVYox0SWEN0DXBGb4a2kqkbGot5UibjttSjFlsFduS76PahGJT9oFJ67A609zuRpvAYqy0vnkzRtJUoXGvVT7MfZIHqoddnIFJVEIwpvlA4pqTuyUoPSb/drVb36s" + "EuXh/WRvGnc79xI4n6yeLp5VgsxAN90VYHJTT83BnBitERobaD3baQerrM/RYOF65IJ5NK61poXJjGrdFFwQzmUPNJCVbrm6O03Nh8Iml0FAk/ehEtpjpujPlMM7hYhj904mS1KwIDAQAB" ) ; ----- DKIM key key1 for localhost -- 2.43.0