diff --git a/SOURCES/0001-support-for-lua-5.3.patch b/SOURCES/0001-support-for-lua-5.3.patch new file mode 100644 index 0000000..234bcb3 --- /dev/null +++ b/SOURCES/0001-support-for-lua-5.3.patch @@ -0,0 +1,271 @@ +From b15794f391547a983c64afed029a883fed3c3c1c Mon Sep 17 00:00:00 2001 +From: Matt Domsch +Date: Sat, 25 Apr 2020 23:04:38 -0500 +Subject: [PATCH] support for lua 5.3 + +--- + miltertest/miltertest.c | 14 +++---- + opendkim/opendkim-lua.c | 82 +++++++++++++++++++++++++---------------- + 2 files changed, 58 insertions(+), 38 deletions(-) + +diff --git a/miltertest/miltertest.c b/miltertest/miltertest.c +index 04e50c04..37dc601d 100644 +--- a/miltertest/miltertest.c ++++ b/miltertest/miltertest.c +@@ -4009,12 +4009,12 @@ main(int argc, char **argv) + } + + /* register functions */ +-#if LUA_VERSION_NUM == 502 +- luaL_newlib(l, mt_library); ++#if LUA_VERSION_NUM >= 502 ++ luaL_newlib(l, mt_library); + lua_setglobal(l, "mt"); +-#else /* LUA_VERSION_NUM == 502 */ ++#else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "mt", mt_library); +-#endif /* LUA_VERSION_NUM == 502 */ ++#endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* register constants */ +@@ -4163,13 +4163,13 @@ main(int argc, char **argv) + lua_setglobal(l, "SMFIF_SETSYMLIST"); + #endif /* SMFIF_SETSYMLIST */ + +-#if LUA_VERSION_NUM == 502 ++#if LUA_VERSION_NUM >= 502 + switch (lua_load(l, mt_lua_reader, (void *) &io, + script == NULL ? "(stdin)" : script, NULL)) +-#else /* LUA_VERSION_NUM == 502 */ ++#else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, mt_lua_reader, (void *) &io, + script == NULL ? "(stdin)" : script)) +-#endif /* LUA_VERSION_NUM == 502 */ ++#endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +diff --git a/opendkim/opendkim-lua.c b/opendkim/opendkim-lua.c +index 4720862c..3786aa4b 100644 +--- a/opendkim/opendkim-lua.c ++++ b/opendkim/opendkim-lua.c +@@ -285,11 +285,11 @@ dkimf_lua_alloc(void *ud, void *ptr, size_t osize, size_t nsize) + free(ptr); + return NULL; + } +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + else if (nsize != 0 && ptr == NULL) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + else if (nsize != 0 && osize == 0) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + return malloc(nsize); + } +@@ -485,12 +485,12 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_setup); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_setup); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -532,11 +532,11 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -564,8 +564,12 @@ dkimf_lua_setup_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) +- { ++#endif ++ { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; + } +@@ -640,12 +644,12 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_screen); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_screen); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -677,11 +681,11 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -709,7 +713,11 @@ dkimf_lua_screen_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -785,12 +793,12 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_stats); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_stats); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -914,11 +922,11 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -946,7 +954,11 @@ dkimf_lua_stats_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -1022,12 +1034,12 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + ** Register functions. + */ + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + luaL_newlib(l, dkimf_lua_lib_final); + lua_setglobal(l, "odkim"); +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + luaL_register(l, "odkim", dkimf_lua_lib_final); +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + lua_pop(l, 1); + + /* +@@ -1151,11 +1163,11 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + /* import other globals */ + dkimf_import_globals(ctx, l); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, name)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -1183,7 +1195,11 @@ dkimf_lua_final_hook(void *ctx, const char *script, size_t scriptlen, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +@@ -1252,11 +1268,11 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, + lua_pushstring(l, query); + lua_setglobal(l, "query"); + +-# if LUA_VERSION_NUM == 502 ++# if LUA_VERSION_NUM >= 502 + switch (lua_load(l, dkimf_lua_reader, (void *) &io, script, NULL)) +-# else /* LUA_VERSION_NUM == 502 */ ++# else /* LUA_VERSION_NUM >= 502 */ + switch (lua_load(l, dkimf_lua_reader, (void *) &io, script)) +-# endif /* LUA_VERSION_NUM == 502 */ ++# endif /* LUA_VERSION_NUM >= 502 */ + { + case 0: + break; +@@ -1284,7 +1300,11 @@ dkimf_lua_db_hook(const char *script, size_t scriptlen, const char *query, + io.lua_io_len = 0; + io.lua_io_alloc = 0; + ++#if LUA_VERSION_NUM >= 503 ++ if (lua_dump(l, dkimf_lua_writer, &io, 0) == 0) ++#else + if (lua_dump(l, dkimf_lua_writer, &io) == 0) ++#endif + { + *keep = (void *) io.lua_io_script; + *funclen = io.lua_io_len; +-- +2.25.4 + diff --git a/SOURCES/KeyTable b/SOURCES/KeyTable new file mode 100644 index 0000000..e804d68 --- /dev/null +++ b/SOURCES/KeyTable @@ -0,0 +1,6 @@ +# OPENDKIM KEY TABLE +# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf, +# then uncomment the following line and replace example.com with your domain +# name, then restart OpenDKIM. Additional keys may be added on separate lines. + +#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private diff --git a/SOURCES/README.fedora b/SOURCES/README.fedora new file mode 100644 index 0000000..da173c2 --- /dev/null +++ b/SOURCES/README.fedora @@ -0,0 +1,102 @@ +##################################### +#FEDORA-SPECIFIC README FOR OPENDKIM# +##################################### +Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com) + +Generating keys for OpenDKIM +============================ +After installing the opendkim package, you MUST generate a pair of keys (public and private) before +attempting to start the opendkim service. + +A valid private key must exist in the location expected by /etc/opendkim.conf before the service will start. + +A matching public key must be included in your domain's DNS records before remote systems can validate +your outgoing mail's DKIM signature. + + +Generating Keys Automatically +============================= +To automatically create a pair of default keys for the local domain, do: + +% sudo /usr/sbin/opendkim-default-keygen + +The default keygen script will attempt to fetch the local domain name, generate a private and public key for +the domain, then save them in /etc/opendkim/keys as default.private and default.txt with the proper +ownership and permissions. + +NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting +private key ownership and permissions will not be correct. + + +Generating Keys Manually +======================== +A privileged user (or root) can manually generate a set of keys by doing the following: + +1) Create a directory to store the new keys: + +% sudo mkdir /etc/opendkim/keys/example.com + +2) Generate keys in that directory for a specific domain name and selector: + +% sudo /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default + +3) Set the proper ownership for the directory and private key: + +% sudo chown -R root:opendkim /etc/opendkim/keys/example.com + +4) Set secure permissions for the private key: + +% sudo chmod 640 /etc/opendkim/keys/example.com/default.private + +5) Set standard permissions for the public key: + +% sudo chmod 644 /etc/opendkim/keys/example.com/default.txt + + +Updating Key Location(s) in Configuration Files +=============================================== +If you run the opendkim-default-keygen script, the default keys will be saved in /etc/opendkim/keys as +default.private and default.txt, which is the location expected by the default /etc/opendkim.conf file. + +If you manually generate your own keys, you must update the key location and name in /etc/opendkim.conf +before attempting to start the opendkim service. + +Using OpenDKIM with SQL Datasets +================================ +OpenDKIM on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use, +you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum): + +- opendbx-firebird +- opendbx-mssql +- opendbx-mysql +- opendbx-postgresql +- opendbx-sqlite +- opendbx-sqlite2 +- opendbx-sybase + +If you have OpenDKIM configured to use SQL datasets on a systemd-based server, it might also be necessary to start +the opendkim service after the database servers by referencing your database unit file(s) in the "After" section of +the OpenDKIM unit file. + +For example, if using both MariaDB and PostgreSQL, in /usr/lib/systemd/system/opendkim.service change: + +After=network.target nss-lookup.target syslog.target + +to: + +After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service + + +Additional Configuration Help +============================= +For help configuring your MTA (Postfix, Sendmail, etc.) with OpenDKIM, setting up DNS records with your +public DKIM key, as well as instructions on configuring OpenDKIM to sign outgoing mail for multiple +domains, follow the how-to at: + +http://wp.me/p1iGgP-ou + +Official documentation for OpenDKIM is available at http://opendkim.org/ + +OpenDKIM mailing lists are available at http://lists.opendkim.org/ + +### diff --git a/SOURCES/SigningTable b/SOURCES/SigningTable new file mode 100644 index 0000000..e8161a1 --- /dev/null +++ b/SOURCES/SigningTable @@ -0,0 +1,25 @@ +# OPENDKIM SIGNING TABLE +# This table controls how to apply one or more signatures to outgoing messages based +# on the address found in the From: header field. In simple terms, this tells +# OpenDKIM "how" to apply your keys. + +# To use this file, uncomment the SigningTable option in /etc/opendkim.conf, +# then uncomment one of the usage examples below and replace example.com with your +# domain name, then restart OpenDKIM. + +# WILDCARD EXAMPLE +# Enables signing for any address on the listed domain(s), but will work only if +# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf. +# Create additional lines for additional domains. + +#*@example.com default._domainkey.example.com + +# NON-WILDCARD EXAMPLE +# If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then +# wildcards will not work. Instead, full user@host is checked first, then simply host, +# then user@.domain (with all superdomains checked in sequence, so "foo.example.com" +# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"), +# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under +# "SigningTable" for more details. + +#example.com default._domainkey.example.com diff --git a/SOURCES/TrustedHosts b/SOURCES/TrustedHosts new file mode 100644 index 0000000..7a086d4 --- /dev/null +++ b/SOURCES/TrustedHosts @@ -0,0 +1,9 @@ +# OPENDKIM TRUSTED HOSTS +# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts +# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts +# may be added on separate lines (IP addresses, hostnames, or CIDR ranges). +# The localhost IP (127.0.0.1) should always be the first entry in this file. +127.0.0.1 +::1 +#host.example.com +#192.168.1.0/24 diff --git a/SOURCES/opendkim-2.11.0-comment-separator.patch b/SOURCES/opendkim-2.11.0-comment-separator.patch new file mode 100644 index 0000000..1b8b293 --- /dev/null +++ b/SOURCES/opendkim-2.11.0-comment-separator.patch @@ -0,0 +1,13 @@ +diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c +index 803f37b0..c9dd782d 100644 +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -10766,7 +10766,7 @@ dkimf_ar_all_sigs(char *hdr, size_t hdrlen, struct dkimf_dstring *tmpstr, + " (%u-bit key%s%s)", + keybits, + dnssec == NULL ? "" +- : "; ", ++ : ", ", + dnssec == NULL ? "" + : dnssec); + } diff --git a/SOURCES/opendkim-systemd-service-simple.patch b/SOURCES/opendkim-systemd-service-simple.patch new file mode 100644 index 0000000..412c932 --- /dev/null +++ b/SOURCES/opendkim-systemd-service-simple.patch @@ -0,0 +1,24 @@ +--- OpenDKIM-2.11.0-Beta2.orig/contrib/systemd/opendkim.service.in 2022-09-05 13:34:39.099662836 -0400 ++++ OpenDKIM-2.11.0-Beta2/contrib/systemd/opendkim.service.in 2022-09-05 13:36:33.580356467 -0400 +@@ -8,13 +8,18 @@ Documentation=man:opendkim(8) man:opendk + After=network.target nss-lookup.target syslog.target + + [Service] +-Type=forking +-PIDFile=@localstatedir@/run/opendkim/opendkim.pid ++Type=simple + EnvironmentFile=-@sysconfdir@/sysconfig/opendkim +-ExecStart=@sbindir@/opendkim $OPTIONS ++ExecStart=@sbindir@/opendkim -f $OPTIONS + ExecReload=/bin/kill -USR1 $MAINPID + User=opendkim + Group=opendkim ++Restart=on-failure ++StandardOutput=null ++StandardError=null ++ProtectSystem=strict ++ProtectHome=true ++ReadWritePaths=@logdir@/opendkim + + [Install] + WantedBy=multi-user.target diff --git a/SOURCES/opendkim.conf b/SOURCES/opendkim.conf new file mode 100644 index 0000000..5933b4e --- /dev/null +++ b/SOURCES/opendkim.conf @@ -0,0 +1,133 @@ +## BASIC OPENDKIM CONFIGURATION FILE +## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more + +## BEFORE running OpenDKIM you must: + +## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM +## - generate keys for your domain (if signing) +## - edit your DNS records to publish your public keys (if signing) + +## See /usr/share/doc/opendkim/INSTALL for detailed instructions. + +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in opendkim being unable to start. +## +## Removed in 2.10.0: +## AddAllSignatureResults +## ADSPAction +## ADSPNoSuchDomain +## BogusPolicy +## DisableADSP +## LDAPSoftStart +## LocalADSP +## NoDiscardableMailTo +## On-PolicyError +## SendADSPReports +## UnprotectedPolicy + +## CONFIGURATION OPTIONS + +## Specifies the path to the process ID file. +PidFile /run/opendkim/opendkim.pid + +## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v. +## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing +## messages. +Mode v + +## Log activity to the system log. +Syslog yes + +## Log additional entries indicating successful signing or verification of messages. +SyslogSuccess yes + +## If logging is enabled, include detailed logging about why or why not a message was +## signed or verified. This causes an increase in the amount of log data generated +## for each message, so set this to No (or comment it out) if it gets too noisy. +LogWhy yes + +## Attempt to become the specified user before starting operations. +UserID opendkim:opendkim + +## Create a socket through which your MTA can communicate. +Socket inet:8891@localhost + +## Required to use local socket with MTAs that access the socket as a non- +## privileged user (e.g. Postfix) +Umask 002 + +## This specifies a text file in which to store DKIM transaction statistics. +## OpenDKIM must be manually compiled with --enable-stats to enable this feature. +# Statistics /var/spool/opendkim/stats.dat + +## Specifies whether or not the filter should generate report mail back +## to senders when verification fails and an address for such a purpose +## is provided. See opendkim.conf(5) for details. +SendReports yes + +## Specifies the sending address to be used on From: headers of outgoing +## failure reports. By default, the e-mail address of the user executing +## the filter is used (executing_user@hostname). +# ReportAddress "Example.com Postmaster" + +## Add a DKIM-Filter header field to messages passing through this filter +## to identify messages it has processed. +SoftwareHeader yes + +## SIGNING OPTIONS + +## Selects the canonicalization method(s) to be used when signing messages. +Canonicalization relaxed/relaxed + +## Domain(s) whose mail should be signed by this filter. Mail from other domains will +## be verified rather than being signed. Uncomment and use your domain name. +## This parameter is not required if a SigningTable is in use. +# Domain example.com + +## Defines the name of the selector to be used when signing messages. +Selector default + +## Specifies the minimum number of key bits for acceptable keys and signatures. +MinimumKeyBits 1024 + +## Gives the location of a private key to be used for signing ALL messages. This +## directive is ignored if KeyTable is enabled. +KeyFile /etc/opendkim/keys/default.private + +## Gives the location of a file mapping key names to signing keys. In simple terms, +## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile +## directive in the configuration file. Requires SigningTable be enabled. +# KeyTable /etc/opendkim/KeyTable + +## Defines a table used to select one or more signatures to apply to a message based +## on the address found in the From: header field. In simple terms, this tells +## OpenDKIM how to use your keys. Requires KeyTable be enabled. +# SigningTable refile:/etc/opendkim/SigningTable + +## Identifies a set of "external" hosts that may send mail through the server as one +## of the signing domains without credentials as such. +# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts + +## Identifies a set "internal" hosts whose mail should be signed rather than verified. +# InternalHosts refile:/etc/opendkim/TrustedHosts + +## Contains a list of IP addresses, CIDR blocks, hostnames or domain names +## whose mail should be neither signed nor verified by this filter. See man +## page for file format. +# PeerList X.X.X.X + +## Always oversign From (sign using actual From and a null From to prevent +## malicious signatures header fields (From and/or others) between the signer +## and the verifier. From is oversigned by default in the Fedora package +## because it is often the identity key used by reputation systems and thus +## somewhat security sensitive. +OversignHeaders From + +## Instructs the DKIM library to maintain its own local cache of keys and +## policies retrieved from DNS, rather than relying on the nameserver for +## caching service. Useful if the nameserver being used by the filter is +## not local. +# QueryCache yes diff --git a/SOURCES/opendkim.sysconfig b/SOURCES/opendkim.sysconfig new file mode 100644 index 0000000..befdb7e --- /dev/null +++ b/SOURCES/opendkim.sysconfig @@ -0,0 +1,8 @@ +# Set the necessary startup options +OPTIONS="-x /etc/opendkim.conf" + +# Set the default DKIM selector +DKIM_SELECTOR=default + +# Set the default DKIM key location +DKIM_KEYDIR=/etc/opendkim/keys diff --git a/SPECS/opendkim.spec b/SPECS/opendkim.spec new file mode 100644 index 0000000..e80ccec --- /dev/null +++ b/SPECS/opendkim.spec @@ -0,0 +1,221 @@ +%global upname OpenDKIM +%global bigname OPENDKIM +%global full_version 2.11.0-Beta2 + +Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail +Name: opendkim +Version: 2.11.0 +Release: 0.31%{?dist} +License: BSD and Sendmail +URL: http://%{name}.org/ +Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz +Source1: opendkim.conf +Source2: opendkim.sysconfig +Source3: SigningTable +Source4: KeyTable +Source5: TrustedHosts +Source6: README.fedora +# https://github.com/trusteddomainproject/OpenDKIM/pull/70 +Patch0: 0001-support-for-lua-5.3.patch +# https://github.com/trusteddomainproject/OpenDKIM/pull/136 +Patch1: opendkim-2.11.0-comment-separator.patch +# systemd service type=simple +Patch2: opendkim-systemd-service-simple.patch +# Required for all versions +Requires: lib%{name}%{?_isa} = %{version}-%{release} +BuildRequires: make +BuildRequires: openssl-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: libbsd +BuildRequires: libbsd-devel +BuildRequires: tre-devel +#BuildRequires: opendbx-devel +BuildRequires: lua-devel +Requires(pre): shadow-utils +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: libdb-devel +#BuildRequires: libmemcached-devel +BuildRequires: sendmail-devel +BuildRequires: openldap-devel + + +%description +%{upname} allows signing and/or verification of email through an open source +library that implements the DKIM service, plus a milter-based filter +application that can plug in to any milter-aware MTA, including sendmail, +Postfix, or any other MTA that supports the milter protocol. + + +%package -n %{name}-tools +Summary: An open source DKIM library +%description -n %{name}-tools +This package contains the tools necessary to create artifacts needed +by opendkim. + + +%package -n lib%{name} +Summary: An open source DKIM library +Obsoletes: %{name}-sysvinit < 2.10.1-5 +%description -n lib%{name} +This package contains the library files required for running services built +using libopendkim. + + +%package -n lib%{name}-devel +Summary: Development files for lib%{name} +Requires: lib%{name}%{?_isa} = %{version}-%{release} +%description -n lib%{name}-devel +This package contains the static libraries, headers, and other support files +required for developing applications against libopendkim. + + +%prep +%autosetup -p1 -n %{upname}-%{full_version} + + +%build +autoreconf -iv +# Always use system libtool instead of pacakge-provided one to +# properly handle 32 versus 64 bit detection and settings +%define LIBTOOL LIBTOOL=`which libtool` +%configure \ + --without-odbx \ + --with-db \ + --without-libmemcached \ + --with-openldap \ + --enable-query_cache \ + --with-lua \ + --enable-stats \ + --enable-rbl \ + --enable-rate_limit \ + --enable-diffheaders \ + --enable-identity_header \ + --with-milter %{_includedir}/libmilter/ +# Remove rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + + +%install +make DESTDIR=%{buildroot} install %{?_smp_mflags} +install -d %{buildroot}%{_sysconfdir} +install -d %{buildroot}%{_sysconfdir}/sysconfig +install -m 0755 contrib/init/redhat/%{name}-default-keygen %{buildroot}%{_sbindir}/%{name}-default-keygen +install -d -m 0755 %{buildroot}%{_unitdir} +# fix service file for rundir +sed -i -e "s:PIDFile=/var/run/opendkim/opendkim.pid:PIDFile=%{_rundir}/opendkim/opendkim.pid:" contrib/systemd/%{name}.service +install -m 0644 contrib/systemd/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}.conf +install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/SigningTable +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}/KeyTable +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts +cp %{SOURCE6} ./README.fedora +install -p -d %{buildroot}/usr/lib/tmpfiles.d +cat > %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf <<'EOF' +D %{_rundir}/%{name} 0750 %{name} %{name} - +EOF +rm -r %{buildroot}%{_prefix}/share/doc/%{name} +rm %{buildroot}%{_libdir}/*.a +rm %{buildroot}%{_libdir}/*.la +mkdir -p %{buildroot}%{_localstatedir}/spool/%{name} +mkdir -p %{buildroot}%{_rundir}/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +mkdir %{buildroot}%{_sysconfdir}/%{name}/keys +install -m 0755 stats/%{name}-reportstats %{buildroot}%{_prefix}/sbin/%{name}-reportstats +sed -i 's|^%{bigname}STATSDIR="/var/db/%{name}"|%{bigname}STATSDIR="%{_localstatedir}/spool/%{name}"|g' %{buildroot}%{_prefix}/sbin/%{name}-reportstats +sed -i 's|^%{bigname}DATOWNER="mailnull:mailnull"|%{bigname}DATOWNER="%{name}:%{name}"|g' %{buildroot}%{_prefix}/sbin/%{name}-reportstats +chmod 0644 contrib/convert/convert_keylist.sh + + +%pre +getent group %{name} >/dev/null || groupadd -r %{name} +getent passwd %{name} >/dev/null || \ + useradd -r -g %{name} -G mail -d %{_rundir}/%{name} -s /sbin/nologin \ + -c "%{upname} Milter" %{name} +exit 0 +%post +%systemd_post %{name}.service +%preun +%systemd_preun %{name}.service +%postun +%systemd_postun_with_restart %{name}.service +# For the switchover from initscript to service file +%triggerun -- %{name} < 2.8.0-1 +%systemd_post %{name}.service +/sbin/chkconfig --del %{name} >/dev/null 2>&1 || : +%systemd_postun_with_restart %{name}.service + + +%post -n libopendkim -p /sbin/ldconfig +%postun -n libopendkim -p /sbin/ldconfig + + +%files +%license LICENSE LICENSE.Sendmail +%doc FEATURES KNOWNBUGS RELEASE_NOTES RELEASE_NOTES.Sendmail +%doc contrib/convert/convert_keylist.sh %{name}/*.sample +%doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple +%doc %{name}/README contrib/lua/*.lua +%doc README.fedora +%config(noreplace) %{_sysconfdir}/%{name}.conf +%config(noreplace) /usr/lib/tmpfiles.d/%{name}.conf +%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable +%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable +%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%{_bindir}/miltertest +%{_sbindir}/opendkim +%{_sbindir}/opendkim-reportstats +%{_mandir}/man3/* +%{_mandir}/man5/* +%{_mandir}/man8/miltertest.8.gz +%{_mandir}/man8/opendkim.8.gz +%dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name} +%dir %attr(0750,%{name},%{name}) %{_rundir}/%{name} +%dir %attr(-,root,%{name}) %{_sysconfdir}/%{name} +%dir %attr(0750,root,%{name}) %{_sysconfdir}/%{name}/keys +%attr(0755,root,root) %{_sbindir}/%{name}-default-keygen +%attr(0644,root,root) %{_unitdir}/%{name}.service + + +%files -n libopendkim +%license LICENSE LICENSE.Sendmail +%doc README +%{_libdir}/lib%{name}.so.* +%{_libdir}/librbl.so.* + + +%files -n opendkim-tools +%license LICENSE LICENSE.Sendmail +%{_mandir}/man8/opendkim-genkey.8.gz +%{_mandir}/man8/opendkim-genzone.8.gz +%{_mandir}/man8/opendkim-testkey.8.gz +%{_mandir}/man8/opendkim-testmsg.8.gz +%{_mandir}/man8/opendkim-expire.8.gz +%{_mandir}/man8/opendkim-gengraphs.8.gz +%{_mandir}/man8/opendkim-genstats.8.gz +%{_mandir}/man8/opendkim-stats.8.gz +%{_sbindir}/opendkim-genkey +%{_sbindir}/opendkim-genzone +%{_sbindir}/opendkim-testkey +%{_sbindir}/opendkim-testmsg +%{_sbindir}/opendkim-expire +%{_sbindir}/opendkim-gengraphs +%{_sbindir}/opendkim-genstats +%{_sbindir}/opendkim-stats + + +%files -n libopendkim-devel +%license LICENSE LICENSE.Sendmail +%doc lib%{name}/docs/*.html +%{_includedir}/%{name} +%{_includedir}/rbl/rbl.h +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + + +%changelog