diff options
Diffstat (limited to 'opendkim.spec')
| -rw-r--r-- | opendkim.spec | 192 |
1 files changed, 120 insertions, 72 deletions
diff --git a/opendkim.spec b/opendkim.spec index 93f9318..8c34320 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -4,8 +4,8 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim -Version: 2.10.1 -Release: 13%{?dist} +Version: 2.10.2 +Release: 1%{?dist} Group: System Environment/Daemons License: BSD and Sendmail URL: http://%{name}.org/ @@ -36,7 +36,7 @@ Requires(postun): initscripts BuildRequires: db4-devel %endif -Patch0: %{name}.init.patch +#Patch0: %{name}.init.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -71,7 +71,7 @@ required for developing applications against libopendkim. #%patch0 -p1 %else # Apply SysV patches -%patch0 -p1 +#%patch0 -p1 %endif %build @@ -115,77 +115,122 @@ required for developing applications against libopendkim. ## See %{_defaultdocdir}/%{name}/INSTALL for detailed instructions. +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in %{name} being unable to start. +## +## Removed in 2.10.0: +## AddAllSignatureResults +## ADSPAction +## ADSPNoSuchDomain +## BogusPolicy +## DisableADSP +## LDAPSoftStart +## LocalADSP +## NoDiscardableMailTo +## On-PolicyError +## SendADSPReports +## UnprotectedPolicy + ## CONFIGURATION OPTIONS -# Specifies the path to the process ID file. +## Specifies the path to the process ID file. PidFile %{_localstatedir}/run/%{name}/%{name}.pid -# Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. -# Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing -# messages. +## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. +## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing +## messages. Mode v -# Log activity to the system log. +## Log activity to the system log. Syslog yes -# Log additional entries indicating successful signing or verification of messages. +## Log additional entries indicating successful signing or verification of messages. SyslogSuccess yes -# If logging is enabled, include detailed logging about why or why not a message was -# signed or verified. This causes an increase in the amount of log data generated -# for each message, so set this to No (or comment it out) if it gets too noisy. +## If logging is enabled, include detailed logging about why or why not a message was +## signed or verified. This causes an increase in the amount of log data generated +## for each message, so set this to No (or comment it out) if it gets too noisy. LogWhy yes -# Attempt to become the specified user before starting operations. +## Attempt to become the specified user before starting operations. UserID %{name}:%{name} -# Create a socket through which your MTA can communicate. +## Create a socket through which your MTA can communicate. Socket inet:8891@localhost -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) +## Required to use local socket with MTAs that access the socket as a non- +## privileged user (e.g. Postfix) Umask 002 -# This specifies a text file in which to store DKIM transaction statistics. -# %{upname} must be manually compiled with --enable-stats to enable this feature. -#Statistics %{_localstatedir}/spool/%{name}/stats.dat +## This specifies a text file in which to store DKIM transaction statistics. +## %{upname} must be manually compiled with --enable-stats to enable this feature. +# Statistics %{_localstatedir}/spool/%{name}/stats.dat + +## Specifies whether or not the filter should generate report mail back +## to senders when verification fails and an address for such a purpose +## is provided. See opendkim.conf(5) for details. +SendReports yes + +## Specifies the sending address to be used on From: headers of outgoing +## failure reports. By default, the e-mail address of the user executing +## the filter is used (executing_user@hostname). +# ReportAddress "Example.com Postmaster" <postmaster@example.com> + +## Add a DKIM-Filter header field to messages passing through this filter +## to identify messages it has processed. +SoftwareHeader yes ## SIGNING OPTIONS -# Selects the canonicalization method(s) to be used when signing messages. +## Selects the canonicalization method(s) to be used when signing messages. Canonicalization relaxed/relaxed -# Domain(s) whose mail should be signed by this filter. Mail from other domains will -# be verified rather than being signed. Uncomment and use your domain name. -# This parameter is not required if a SigningTable is in use. -#Domain example.com +## Domain(s) whose mail should be signed by this filter. Mail from other domains will +## be verified rather than being signed. Uncomment and use your domain name. +## This parameter is not required if a SigningTable is in use. +# Domain example.com -# Defines the name of the selector to be used when signing messages. +## Defines the name of the selector to be used when signing messages. Selector default -# Specifies the minimum number of key bits for acceptable keys and signatures. -MinimumKeyBits 1024 +## Specifies the minimum number of key bits for acceptable keys and signatures. +MinimumKeyBits 1024 -# Gives the location of a private key to be used for signing ALL messages. This -# directive is ignored if KeyTable is enabled. +## Gives the location of a private key to be used for signing ALL messages. This +## directive is ignored if KeyTable is enabled. KeyFile %{_sysconfdir}/%{name}/keys/default.private -# Gives the location of a file mapping key names to signing keys. In simple terms, -# this tells %{upname} where to find your keys. If present, overrides any KeyFile -# directive in the configuration file. Requires SigningTable be enabled. -#KeyTable %{_sysconfdir}/%{name}/KeyTable - -# Defines a table used to select one or more signatures to apply to a message based -# on the address found in the From: header field. In simple terms, this tells -# %{upname} how to use your keys. Requires KeyTable be enabled. -#SigningTable refile:%{_sysconfdir}/%{name}/SigningTable - -# Identifies a set of "external" hosts that may send mail through the server as one -# of the signing domains without credentials as such. -#ExternalIgnoreList refile:%{_sysconfdir}/%{name}/TrustedHosts - -# Identifies a set "internal" hosts whose mail should be signed rather than verified. -#InternalHosts refile:%{_sysconfdir}/%{name}/TrustedHosts +## Gives the location of a file mapping key names to signing keys. In simple terms, +## this tells %{upname} where to find your keys. If present, overrides any KeyFile +## directive in the configuration file. Requires SigningTable be enabled. +# KeyTable %{_sysconfdir}/%{name}/KeyTable + +## Defines a table used to select one or more signatures to apply to a message based +## on the address found in the From: header field. In simple terms, this tells +## %{upname} how to use your keys. Requires KeyTable be enabled. +# SigningTable refile:%{_sysconfdir}/%{name}/SigningTable + +## Identifies a set of "external" hosts that may send mail through the server as one +## of the signing domains without credentials as such. +# ExternalIgnoreList refile:%{_sysconfdir}/%{name}/TrustedHosts + +## Identifies a set "internal" hosts whose mail should be signed rather than verified. +# InternalHosts refile:%{_sysconfdir}/%{name}/TrustedHosts + +## Contains a list of IP addresses, CIDR blocks, hostnames or domain names +## whose mail should be neither signed nor verified by this filter. See man +## page for file format. +# PeerList X.X.X.X + +## Always oversign From (sign using actual From and a null From to prevent +## malicious signatures header fields (From and/or others) between the signer +## and the verifier. From is oversigned by default in the Fedora package +## because it is often the identity key used by reputation systems and thus +## somewhat security sensitive. +OversignHeaders From EOF %{__cat} > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF' @@ -253,7 +298,7 @@ EOF ##################################### #FEDORA-SPECIFIC README FOR %{bigname}# ##################################### -Last updated: Mar 3, 2015 by Steve Jenkins (steve@stevejenkins.com) +Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com) Generating keys for %{upname} ============================ @@ -316,9 +361,20 @@ before attempting to start the %{name} service. Using %upname with SQL Datasets ================================ -If you have %upname configured to use SQL datasets on a systemd-based server, it might be necessary to start the -%name service after the database servers by referencing your database unit file(s) in the "After" section of the -%upname unit file. +%upname on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use, +you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum): + +- opendbx-firebird +- opendbx-mssql +- opendbx-mysql +- opendbx-postgresql +- opendbx-sqlite +- opendbx-sqlite2 +- opendbx-sybase + +If you have %upname configured to use SQL datasets on a systemd-based server, it might also be necessary to start +the %name service after the database servers by referencing your database unit file(s) in the "After" section of +the %upname unit file. For example, if using both MariaDB and PostgreSQL, in %{_unitdir}/%{name}.service change: @@ -373,26 +429,15 @@ exit 0 %post %if %systemd -if [ $1 -eq 1 ] ; then - # Initial installation - /bin/systemctl enable %{name}.service >/dev/null 2>&1 || : -fi - +%systemd_post %{name}.service %else - /sbin/chkconfig --add %{name} || : %endif %preun %if %systemd -if [ $1 -eq 0 ] ; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable %{name}.service > /dev/null 2>&1 || : - /bin/systemctl stop %{name}.service > /dev/null 2>&1 || : -fi - +%systemd_preun %{name}.service %else - if [ $1 -eq 0 ]; then service %{name} stop >/dev/null || : /sbin/chkconfig --del %{name} || : @@ -402,14 +447,8 @@ exit 0 %postun %if %systemd -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ] ; then - # Package upgrade, not uninstall - /bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : -fi - +%systemd_postun_with_restart %{name}.service %else - if [ "$1" -ge "1" ] ; then /sbin/service %{name} condrestart >/dev/null 2>&1 || : fi @@ -417,10 +456,11 @@ exit 0 %endif %if %systemd +# For the switchover from initscript to service file %triggerun -- %{name} < 2.8.0-1 -/bin/systemctl enable %{name}.service >/dev/null 2>&1 +%systemd_post %{name}.service /sbin/chkconfig --del %{name} >/dev/null 2>&1 || : -/bin/systemctl try-restart %{name}.service >/dev/null 2>&1 || : +%systemd_postun_with_restart %{name}.service %endif %post -n libopendkim -p /sbin/ldconfig @@ -482,6 +522,14 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Mon May 11 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.2-1 +- Updated to use newer upstream 2.10.2 source code +- Removed patches for bugs fixed in upstream source +- Included support for systemd macros +- Added deprecated options notice to default configuration file +- Added new options to default configuration file +- Updated README.fedora with additional SQL useage info + * Mon Apr 13 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-13 - Obsoleted sysvinit subpackage via libopendkim subpackage - Added more macros |