--- opendkim-2.4.2/INSTALL 2011-07-12 22:53:43.000000000 -0700 +++ opendkim-2.4.2-patches/INSTALL 2011-08-22 21:15:28.535480182 -0700 @@ -6,11 +6,11 @@ In order to install the opendkim as a milter to an MTA you will need to perform the following steps: -* Compile the opendkim program itself. +* Install the RPMs for libopendkim and opendkim. -* Configure the opendkim for signing and/or verification. +* Configure opendkim for signing and/or verification. -* Install the opendkim and configure your MTA to use it. +* Configure your MTA to use opendkim. Note that there is a difference between "OpenDKIM" and "opendkim". "OpenDKIM" is a package containing a library, a filter and some tools to @@ -23,167 +23,100 @@ The opendkim filter program incorporates the libopendkim library and works with recent versions of sendmail and Postfix or any other MTA that supports -"milter". For more information about milter, see . +"milter". For more information about milter, see . Sendmail is available at and Postfix is available -at . +at . -OPTIONAL PACKAGES -================= +REQUIREMENTS +============ -OpenDKIM supports a few optional packages that can be included in the build -to provide additional services. A few of these become mandatory when -enabling certain features below. Specifying only the "--with-xxx" parameter -to the "configure" command (described below) enables the package and makes a -guess at where it might be installed on your system. If the configure script -doesn't find it, you will need to specify the location with -"--with-xxx=location". +The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later +for required milter protocol enhancements. For more information on milters: ---with-db BerkeleyDB include file and library. If enabled without - a specific path, the /usr/local/BerkeleyDB, /usr/local and - /usr directories will be searched for both the required - includes and the required libraries. Required for the - following features: query_cache, stats +Postfix users, see: http://www.postfix.org/MILTER_README.html ---with-db-incdir ---with-db-libdir ---with-db-lib - These provide a finer control over the location of BerkeleyDB - include, library path and libary name where the default - locations of --with-db are not enough. +Sendmail users, see: http://www.sendmail.com/sm/partners/milter_partners/ ---with-domainkeys - Sendmail's "libdk" include file and library for verifying - messages signed with the older DomainKeys specification. ---with-libgcrypt - Location of GNU's libgcrypt includes and library. - If not specified, "--with-openssl" is assumed. +CONFIGURING OPENDKIM +==================== ---with-lua Lua interpreter library. Enables fine-grained policy control - via Lua script hooks, and also enables building of the - "miltertest" test tool. +For a step-by-step How-To on installing and configuring OpenDKIM with Postfix +or Sendmail on RedHat systems, see: ---with-milter Sendmail's "milter" include file and library. Required - unless compilation fo the filter is disabled (see below). - Enabled by default. +http://packages.stevejenkins.com/opendkim/ ---with-odbx Location of the OpenDBX installation on your system. - Optional; enables use of a number of SQL and ODBC databases - for configuration information. Version 1.3.7 or later is - required. +For general installation and configuration instructions for all supported +operating systems, refer to the official documentation at: ---with-openldap Location of the OpenLDAP installation on your system. +http://opendkim.org/docs.html ---with-openssl Location of the OpenSSL installation on your system. - Either this or libgcrypt required, and this one is assumed - if libgcrypt is not enabled. If no specific location is - provided, several common install locations will be searched for - the required includes and libraries. +After installing opendkim, you must do the following: ---with-sasl Location of the Cyrus SASL include file definitions. This is - used for authenticating against LDAP servers. +* Configure your MTA (Postfix, Sendmail, etc.) to use OpenDKIM. ---with-tre Location of the TRE installation on your system. This - is required if you are using the "diffheaders" feature. - If no specific location is provided, the /usr/local and - /usr directories will be searched for the required includes - and libraries. +Postfix users will need to add/edit the smtpd_milters, non_smtpd_milters, and +milter_default_action parameters in their main.cf file. Generally, adding the +following lines to main.cf will be enough to get opendkim working with Postfix: ---with-unbound Location of the Unbound DNSSEC capable asynchronous resolver - library and include file. - +smtpd_milters = inet:127.0.0.1:8891 +non_smtpd_milters = inet:127.0.0.1:8891 +milter_default_action = accept +If you are using a version of Postfix prior to 2.6, you may also need to set +the milter_protocol parameter in main.cf to "2" with: -FEATURES -======== +milter_protocol = 2 -There are several compile-time features you may select. Some of these -are present but unsupported while others are fully-supported. Read the -FEATURES file for a description of the unsupported features. +Sendmail users will need to add the following line to the .mc configuration +file that was used to build your current sendmail.cf file: -The supported features are as follows. The can be turned on at compile -time by adding "--enable-xxx" to the "configure" command line (described -below), where "xxx" is the name of the feature. +INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost') -arlib Use the provided asynchronous resolver library. +Then you will need to build and install a new sendmail.cf from the .mc file. +Remember to make backups of your sendmail.cf and .mc files before attempting +any changes. -debug Produce debug-enabled libraries and executables. +* Configure opendkim for signing and/or verification. -filter Compile the opendkim filter. Requires libmilter (see - "--with-milter" above). This is on by default; if you - don't want the filter, specify "--disable-filter". +By default, opendkim is configured for DKIM signature verification of incoming +mail only. Before you can sign outgoing mail with a DKIM signature, you must: -maxverify Allow limitation of the number of signatures verified per - message. +- generate a set of private and public keys +- configure opendkim for signing +- publish your public key via DNS -oversign Enable optional header field over-signing. +A default set of keys based on your system's fully qualified domain name +(FQDN) and using the selector "default" will be generated in +/etc/opendkim/keys the first time you run: -popauth Enable POP-before-SMTP support. +service opendkim start -query_cache Cache DNS replies in a local database. Requires the - BerkeleyDB database. (See "--with-db" above.) +You can also generate your own keys using the opendkim-genkey command. -stats Produce a filter and tools used for statistics collection, - analysis and submission. +After generating your keys, you must edit opendkim.conf and verify that your +domain name is correct, change the Mode to "s" for signing or "sv" for signing +and verifying, and configure the KeyFile and Selector parameters. Additional +options are available for signing for multiple users and/or multiple domains. +For more information, consult the online documentation or do: -xtags Support for signature extension tags. +man opendkim.conf +You must also publish your public key(s) via DNS before remote mail servers +can verify your outdoing DKIM signature. Consult your DNS provider's +documentation on how to do this. -COMPILING +MORE INFO ========= -The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later -for required milter protocol enhancements. - -To build this package you must first have installed or at least have available -the OpenSSL package and libmilter. The former is available from - or in package form from your vendor. At a minimum -version 0.9.8 is required to meet DKIM requirements. The application library -libmilter is part of the sendmail Open Source distribution and can be built -and installed from there (ftp://ftp.sendmail.org). - -As Postfix currently does not provide milter library, you need to have -sendmail sources or development package installed. See -http://www.postfix.org/MILTER_README.html - -You can view the configuration options with the following command: - - ./configure --help - -The commands shown below assume a UNIX system with standard build tools -installed. - -Steps to compiling the library and the milter: +For a step-by-step How-To on installing and configuring OpenDKIM with Postfix +or Sendmail on RedHat systems, see: -(1) Download the source from OpenDKIM (http://www.opendkim.org). - -(2) Unpack the tarball: - tar -xzvf opendkim-.tar.gz - - Note: Use as the version number that you downloaded. - -(3) Change directories to the release directory (opendkim-) that - was created in step 2. - cd opendkim- - -(4) Run the "configure" script to configure the package for your operating - system. - ./configure - -(5) Compile the package. - make - -(6) Install the output of the build. You probably need to become the - superuser to run this step. - make install - - -CONFIGURING OPENDKIM -==================== +http://packages.stevejenkins.com/opendkim/ -The README document (in the opendkim directory) covers the installation and -configuration of opendkim. +For more information about the OpenDKIM Project, including official +documentation and support, visit: -$Id: INSTALL,v 1.22 2010/09/13 01:39:48 cm-msk Exp $ +http://opendkim.org/