1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
Change defaults based on Fedora and openSUSE packages.
Also remove options for supervisor and options that need root privileges
(we use OpenRC for process supervising and dropping privileges).
--- a/opendmarc/opendmarc.conf.sample
+++ b/opendmarc/opendmarc.conf.sample
@@ -24,7 +24,7 @@
## provided, the name of the host running the filter (as returned by the
## gethostname(3) function) will be used.
#
-# AuthservID name
+AuthservID HOSTNAME
## AuthservIDWithJobID { true | false }
## default "false"
@@ -35,46 +35,6 @@
#
# AuthservIDWithJobID false
-## AutoRestart { true | false }
-## default "false"
-##
-## Automatically re-start on failures. Use with caution; if the filter fails
-## instantly after it starts, this can cause a tight fork(2) loop.
-#
-# AutoRestart false
-
-## AutoRestartCount n
-## default 0
-##
-## Sets the maximum automatic restart count. After this number of automatic
-## restarts, the filter will give up and terminate. A value of 0 implies no
-## limit.
-#
-# AutoRestartCount 0
-
-## AutoRestartRate n/t[u]
-## default (no limit)
-##
-## Sets the maximum automatic restart rate. If the filter begins restarting
-## faster than the rate defined here, it will give up and terminate. This
-## is a string of the form n/t[u] where n is an integer limiting the count
-## of restarts in the given interval and t[u] defines the time interval
-## through which the rate is calculated; t is an integer and u defines the
-## units thus represented ("s" or "S" for seconds, the default; "m" or "M"
-## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a
-## value of "10/1h" limits the restarts to 10 in one hour. There is no
-## default, meaning restart rate is not limited.
-#
-# AutoRestartRate n/t[u]
-
-## Background { true | false }
-## default "true"
-##
-## Causes opendmarc to fork and exits immediately, leaving the service
-## running in the background.
-#
-# Background true
-
## BaseDirectory (string)
## default (none)
##
@@ -84,18 +44,8 @@
## directory. It's also useful for arranging that any crash dumps will be
## saved to a specific location.
#
-# BaseDirectory /var/run/opendmarc
+BaseDirectory /run/opendmarc
-## ChangeRootDirectory (string)
-## default (none)
-##
-## Requests that the operating system change the effective root directory of
-## the process to the one specified here prior to beginning execution.
-## chroot(2) requires superuser access. A warning will be generated if
-## UserID is not also set.
-#
-# ChangeRootDirectory /var/chroot/opendmarc
-
## CopyFailuresTo (string)
## default (none)
##
@@ -175,7 +125,7 @@
## rather periodically imported into a relational database from which the
## aggregate reports can be extracted by a tool such as opendmarc-import(8).
#
-# HistoryFile /var/run/opendmarc.dat
+# HistoryFile /var/spool/opendmarc/opendmarc.dat
## IgnoreAuthenticatedClients { true | false }
## default "false"
@@ -193,7 +143,7 @@
## connections are to be ignored by the filter. If not specified, defaults
## to "127.0.0.1" only.
#
-# IgnoreHosts /usr/local/etc/opendmarc/ignore.hosts
+# IgnoreHosts /etc/opendmarc/ignore.hosts
## IgnoreMailFrom domain[,...]
## default (none)
@@ -212,14 +162,6 @@
#
# MilterDebug 0
-## PidFile path
-## default (none)
-##
-## Specifies the path to a file that should be created at process start
-## containing the process ID.
-#
-# PidFile /var/run/opendmarc.pid
-
## PublicSuffixList path
## default (none)
##
@@ -284,7 +226,7 @@
## either in the configuration file or on the command line. If an IP
## address is used, it must be enclosed in square brackets.
#
-# Socket inet:8893@localhost
+Socket inet:8893@localhost
## SoftwareHeader { true | false }
## default "false"
@@ -294,7 +236,7 @@
## delivery. The product's name, version, and the job ID are included in
## the header field's contents.
#
-# SoftwareHeader false
+SoftwareHeader true
## SPFIgnoreResults { true | false }
## default "false"
@@ -303,7 +245,7 @@
## message. This is useful if you want the filter to perfrom SPF checks
## itself, or because you don't trust the arriving header.
#
-# SPFIgnoreResults false
+SPFIgnoreResults true
## SPFSelfValidate { true | false }
## default false
@@ -316,14 +258,14 @@
## is also set, it never looks for SPF results in headers and
## always performs the SPF check itself when this is set.
#
-# SPFSelfValidate false
+SPFSelfValidate true
## Syslog { true | false }
## default "false"
##
## Log via calls to syslog(3) any interesting activity.
#
-# Syslog false
+Syslog true
## SyslogFacility facility-name
## default "mail"
@@ -354,13 +296,4 @@
## specific file mode on creation regardless of the process umask. See
## umask(2) for more information.
#
-# UMask 077
-
-## UserID user[:group]
-## default (none)
-##
-## Attempts to become the specified userid before starting operations.
-## The process will be assigned all of the groups and primary group ID of
-## the named userid unless an alternate group is specified.
-#
-# UserID opendmarc
+UMask 007
|