Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
673 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
--- opendkim-2.4.2/contrib/init/redhat/opendkim.in 2011-08-05 21:09:35.000000000 -0700 | ||
+++ opendkim-2.4.2p/contrib/init/redhat/opendkim.in 2011-09-22 10:59:20.765451439 -0700 | ||
@@ -2,7 +2,7 @@ | ||
# | ||
# opendkim Start and stop OpenDKIM. | ||
|
||
-# chkconfig: 2345 41 61 | ||
+# chkconfig: - 41 59 | ||
# description: OpenDKIM implements the DomainKeys Identified Mail (DKIM) | ||
# service and a milter-based filter application that can plug | ||
# in to any milter-aware MTA. | ||
@@ -11,33 +11,73 @@ | ||
|
||
### BEGIN INIT INFO | ||
# Provides: opendkim | ||
-# Required-Start: opendkim | ||
-# Required-Stop: opendkim | ||
# Short-Description: Start and stop OpenDKIM | ||
# Description: OpenDKIM implements the DomainKeys Identified Mail | ||
# (DKIM) service and a milter-based filter application | ||
# that can plug in to any milter-aware MTA. | ||
### END INIT INFO | ||
|
||
-# OpenDKIM startup script v1.3 for RHEL/CentOS/Fedora | ||
-# by Steve Jenkins (SteveJenkins.com) - 02-15-2011 | ||
-# Based on a script by Andrew Colin Kissa (TopDog) for dkim-milter - 28-05-2009 | ||
+# OpenDKIM startup script v1.7 for RHEL/CentOS/Fedora | ||
+# by Steve Jenkins (SteveJenkins.com) - 09-22-2011 | ||
+# Based on a script by Andrew Colin Kissa (TopDog) for dkim-milter - 05-28-2009 | ||
# - Additional functionality to prevent multiple instances and a reload | ||
-# handler by Chris LaJoie - 11-01-2011 | ||
+# handler by Chris LaJoie - 01-11-2011 | ||
# - Added notification (along with with current PID) if "start" is issued when | ||
# OpenDKIM is already running - 02-15-2011 | ||
+# - Added support to generate default keys on start - 08-22-2011 | ||
+# - Added support for /etc/sysconfig/opendkim override of default init script | ||
+# setup parameters - 09-19-2011 | ||
+# - Changed default stop priority - 09-19-2011 | ||
+# - Updated success and warning outputs for default key generation - 09-20-2011 | ||
+# - Changed default key directory ownership and permissions - 09-22-2011 | ||
|
||
. /etc/rc.d/init.d/functions | ||
|
||
prefix=@prefix@ | ||
exec_prefix=@exec_prefix@ | ||
|
||
-DAEMON=@sbindir@/opendkim | ||
-CONF_FILE=@sysconfdir@/opendkim.conf | ||
-PID_FILE=@localstatedir@/run/opendkim/opendkim.pid | ||
RETVAL=0 | ||
+prog="opendkim" | ||
+ | ||
+DAEMON=@sbindir@/$prog | ||
+CONF_FILE=@sysconfdir@/$prog.conf | ||
+PID_FILE=@localstatedir@/run/$prog/$prog.pid | ||
+KEYGEN=@exec_prefix@/bin/opendkim-genkey | ||
+DKIM_KEYDIR=@sysconfdir@/$prog/keys | ||
+DKIM_SELECTOR=default | ||
+AUTOCREATE_DKIM_KEYS=yes | ||
+ | ||
+if [ -f /etc/sysconfig/opendkim ]; then | ||
+ . /etc/sysconfig/opendkim | ||
+fi | ||
+ | ||
+do_dkim_keygen() { | ||
+ if [ ! -s $DKIM_KEYDIR/$DKIM_SELECTOR.private ]; then | ||
+ echo -n $"Generating default DKIM keys: " | ||
+ if [ "x`hostname --domain`" = "x" ]; then | ||
+ echo_warning | ||
+ echo | ||
+ echo $"Cannot determine host's domain name, so skipping default key generation." | ||
+ else | ||
+ mkdir -p $DKIM_KEYDIR | ||
+ $KEYGEN -D $DKIM_KEYDIR -s $DKIM_SELECTOR -d `hostname --domain` | ||
+ chown root:$prog $DKIM_KEYDIR | ||
+ chown $prog:$prog $DKIM_KEYDIR/$DKIM_SELECTOR.{private,txt} | ||
+ chmod 600 $DKIM_KEYDIR/$DKIM_SELECTOR.private | ||
+ chmod 644 $DKIM_KEYDIR/$DKIM_SELECTOR.txt | ||
+ echo_success | ||
+ echo | ||
+ echo Default DKIM keys for `hostname --domain` created in $DKIM_KEYDIR. | ||
+ fi | ||
+ fi | ||
+} | ||
|
||
start() { | ||
+ # Create keys if necessary | ||
+ if [ "x${AUTOCREATE_DKIM_KEYS}" != xNO ]; then | ||
+ do_dkim_keygen | ||
+ fi | ||
+ | ||
echo -n $"Starting OpenDKIM Milter: " | ||
if [ -f $PID_FILE ]; then | ||
PID=`cat $PID_FILE` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,245 @@ | ||
--- opendkim-2.4.2/INSTALL 2011-07-12 22:53:43.000000000 -0700 | ||
+++ opendkim-2.4.2-patches/INSTALL 2011-08-22 21:15:28.535480182 -0700 | ||
@@ -6,11 +6,11 @@ | ||
In order to install the opendkim as a milter to an MTA you will need to | ||
perform the following steps: | ||
|
||
-* Compile the opendkim program itself. | ||
+* Install the RPMs for libopendkim and opendkim. | ||
|
||
-* Configure the opendkim for signing and/or verification. | ||
+* Configure opendkim for signing and/or verification. | ||
|
||
-* Install the opendkim and configure your MTA to use it. | ||
+* Configure your MTA to use opendkim. | ||
|
||
Note that there is a difference between "OpenDKIM" and "opendkim". | ||
"OpenDKIM" is a package containing a library, a filter and some tools to | ||
@@ -23,167 +23,100 @@ | ||
|
||
The opendkim filter program incorporates the libopendkim library and works | ||
with recent versions of sendmail and Postfix or any other MTA that supports | ||
-"milter". For more information about milter, see <http://www.milter.org>. | ||
+"milter". For more information about milter, see <http://www.milter.org/>. | ||
|
||
Sendmail is available at <http://www.sendmail.org> and Postfix is available | ||
-at <http://www.postfix.org>. | ||
+at <http://www.postfix.org/>. | ||
|
||
|
||
-OPTIONAL PACKAGES | ||
-================= | ||
+REQUIREMENTS | ||
+============ | ||
|
||
-OpenDKIM supports a few optional packages that can be included in the build | ||
-to provide additional services. A few of these become mandatory when | ||
-enabling certain features below. Specifying only the "--with-xxx" parameter | ||
-to the "configure" command (described below) enables the package and makes a | ||
-guess at where it might be installed on your system. If the configure script | ||
-doesn't find it, you will need to specify the location with | ||
-"--with-xxx=location". | ||
+The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later | ||
+for required milter protocol enhancements. For more information on milters: | ||
|
||
---with-db BerkeleyDB include file and library. If enabled without | ||
- a specific path, the /usr/local/BerkeleyDB, /usr/local and | ||
- /usr directories will be searched for both the required | ||
- includes and the required libraries. Required for the | ||
- following features: query_cache, stats | ||
+Postfix users, see: http://www.postfix.org/MILTER_README.html | ||
|
||
---with-db-incdir | ||
---with-db-libdir | ||
---with-db-lib | ||
- These provide a finer control over the location of BerkeleyDB | ||
- include, library path and libary name where the default | ||
- locations of --with-db are not enough. | ||
+Sendmail users, see: http://www.sendmail.com/sm/partners/milter_partners/ | ||
|
||
---with-domainkeys | ||
- Sendmail's "libdk" include file and library for verifying | ||
- messages signed with the older DomainKeys specification. | ||
|
||
---with-libgcrypt | ||
- Location of GNU's libgcrypt includes and library. | ||
- If not specified, "--with-openssl" is assumed. | ||
+CONFIGURING OPENDKIM | ||
+==================== | ||
|
||
---with-lua Lua interpreter library. Enables fine-grained policy control | ||
- via Lua script hooks, and also enables building of the | ||
- "miltertest" test tool. | ||
+For a step-by-step How-To on installing and configuring OpenDKIM with Postfix | ||
+or Sendmail on RedHat systems, see: | ||
|
||
---with-milter Sendmail's "milter" include file and library. Required | ||
- unless compilation fo the filter is disabled (see below). | ||
- Enabled by default. | ||
+http://packages.stevejenkins.com/opendkim/ | ||
|
||
---with-odbx Location of the OpenDBX installation on your system. | ||
- Optional; enables use of a number of SQL and ODBC databases | ||
- for configuration information. Version 1.3.7 or later is | ||
- required. | ||
+For general installation and configuration instructions for all supported | ||
+operating systems, refer to the official documentation at: | ||
|
||
---with-openldap Location of the OpenLDAP installation on your system. | ||
+http://opendkim.org/docs.html | ||
|
||
---with-openssl Location of the OpenSSL installation on your system. | ||
- Either this or libgcrypt required, and this one is assumed | ||
- if libgcrypt is not enabled. If no specific location is | ||
- provided, several common install locations will be searched for | ||
- the required includes and libraries. | ||
+After installing opendkim, you must do the following: | ||
|
||
---with-sasl Location of the Cyrus SASL include file definitions. This is | ||
- used for authenticating against LDAP servers. | ||
+* Configure your MTA (Postfix, Sendmail, etc.) to use OpenDKIM. | ||
|
||
---with-tre Location of the TRE installation on your system. This | ||
- is required if you are using the "diffheaders" feature. | ||
- If no specific location is provided, the /usr/local and | ||
- /usr directories will be searched for the required includes | ||
- and libraries. | ||
+Postfix users will need to add/edit the smtpd_milters, non_smtpd_milters, and | ||
+milter_default_action parameters in their main.cf file. Generally, adding the | ||
+following lines to main.cf will be enough to get opendkim working with Postfix: | ||
|
||
---with-unbound Location of the Unbound DNSSEC capable asynchronous resolver | ||
- library and include file. | ||
- | ||
+smtpd_milters = inet:127.0.0.1:8891 | ||
+non_smtpd_milters = inet:127.0.0.1:8891 | ||
+milter_default_action = accept | ||
|
||
+If you are using a version of Postfix prior to 2.6, you may also need to set | ||
+the milter_protocol parameter in main.cf to "2" with: | ||
|
||
-FEATURES | ||
-======== | ||
+milter_protocol = 2 | ||
|
||
-There are several compile-time features you may select. Some of these | ||
-are present but unsupported while others are fully-supported. Read the | ||
-FEATURES file for a description of the unsupported features. | ||
+Sendmail users will need to add the following line to the .mc configuration | ||
+file that was used to build your current sendmail.cf file: | ||
|
||
-The supported features are as follows. The can be turned on at compile | ||
-time by adding "--enable-xxx" to the "configure" command line (described | ||
-below), where "xxx" is the name of the feature. | ||
+INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost') | ||
|
||
-arlib Use the provided asynchronous resolver library. | ||
+Then you will need to build and install a new sendmail.cf from the .mc file. | ||
+Remember to make backups of your sendmail.cf and .mc files before attempting | ||
+any changes. | ||
|
||
-debug Produce debug-enabled libraries and executables. | ||
+* Configure opendkim for signing and/or verification. | ||
|
||
-filter Compile the opendkim filter. Requires libmilter (see | ||
- "--with-milter" above). This is on by default; if you | ||
- don't want the filter, specify "--disable-filter". | ||
+By default, opendkim is configured for DKIM signature verification of incoming | ||
+mail only. Before you can sign outgoing mail with a DKIM signature, you must: | ||
|
||
-maxverify Allow limitation of the number of signatures verified per | ||
- message. | ||
+- generate a set of private and public keys | ||
+- configure opendkim for signing | ||
+- publish your public key via DNS | ||
|
||
-oversign Enable optional header field over-signing. | ||
+A default set of keys based on your system's fully qualified domain name | ||
+(FQDN) and using the selector "default" will be generated in | ||
+/etc/opendkim/keys the first time you run: | ||
|
||
-popauth Enable POP-before-SMTP support. | ||
+service opendkim start | ||
|
||
-query_cache Cache DNS replies in a local database. Requires the | ||
- BerkeleyDB database. (See "--with-db" above.) | ||
+You can also generate your own keys using the opendkim-genkey command. | ||
|
||
-stats Produce a filter and tools used for statistics collection, | ||
- analysis and submission. | ||
+After generating your keys, you must edit opendkim.conf and verify that your | ||
+domain name is correct, change the Mode to "s" for signing or "sv" for signing | ||
+and verifying, and configure the KeyFile and Selector parameters. Additional | ||
+options are available for signing for multiple users and/or multiple domains. | ||
+For more information, consult the online documentation or do: | ||
|
||
-xtags Support for signature extension tags. | ||
+man opendkim.conf | ||
|
||
+You must also publish your public key(s) via DNS before remote mail servers | ||
+can verify your outdoing DKIM signature. Consult your DNS provider's | ||
+documentation on how to do this. | ||
|
||
-COMPILING | ||
+MORE INFO | ||
========= | ||
|
||
-The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later | ||
-for required milter protocol enhancements. | ||
- | ||
-To build this package you must first have installed or at least have available | ||
-the OpenSSL package and libmilter. The former is available from | ||
-<http://www.openssl.org> or in package form from your vendor. At a minimum | ||
-version 0.9.8 is required to meet DKIM requirements. The application library | ||
-libmilter is part of the sendmail Open Source distribution and can be built | ||
-and installed from there (ftp://ftp.sendmail.org). | ||
- | ||
-As Postfix currently does not provide milter library, you need to have | ||
-sendmail sources or development package installed. See | ||
-http://www.postfix.org/MILTER_README.html | ||
- | ||
-You can view the configuration options with the following command: | ||
- | ||
- ./configure --help | ||
- | ||
-The commands shown below assume a UNIX system with standard build tools | ||
-installed. | ||
- | ||
-Steps to compiling the library and the milter: | ||
+For a step-by-step How-To on installing and configuring OpenDKIM with Postfix | ||
+or Sendmail on RedHat systems, see: | ||
|
||
-(1) Download the source from OpenDKIM (http://www.opendkim.org). | ||
- | ||
-(2) Unpack the tarball: | ||
- tar -xzvf opendkim-<version>.tar.gz | ||
- | ||
- Note: Use <version> as the version number that you downloaded. | ||
- | ||
-(3) Change directories to the release directory (opendkim-<version>) that | ||
- was created in step 2. | ||
- cd opendkim-<version> | ||
- | ||
-(4) Run the "configure" script to configure the package for your operating | ||
- system. | ||
- ./configure | ||
- | ||
-(5) Compile the package. | ||
- make | ||
- | ||
-(6) Install the output of the build. You probably need to become the | ||
- superuser to run this step. | ||
- make install | ||
- | ||
- | ||
-CONFIGURING OPENDKIM | ||
-==================== | ||
+http://packages.stevejenkins.com/opendkim/ | ||
|
||
-The README document (in the opendkim directory) covers the installation and | ||
-configuration of opendkim. | ||
+For more information about the OpenDKIM Project, including official | ||
+documentation and support, visit: | ||
|
||
-$Id: INSTALL,v 1.22 2010/09/13 01:39:48 cm-msk Exp $ | ||
+http://opendkim.org/ |
Oops, something went wrong.