Change defaults based on Fedora and openSUSE packages. Also remove options for supervisor and options that need root privileges (we use OpenRC for process supervising and dropping privileges). --- a/opendmarc/opendmarc.conf.sample +++ b/opendmarc/opendmarc.conf.sample @@ -24,7 +24,7 @@ ## provided, the name of the host running the filter (as returned by the ## gethostname(3) function) will be used. # -# AuthservID name +AuthservID HOSTNAME ## AuthservIDWithJobID { true | false } ## default "false" @@ -35,46 +35,6 @@ # # AuthservIDWithJobID false -## AutoRestart { true | false } -## default "false" -## -## Automatically re-start on failures. Use with caution; if the filter fails -## instantly after it starts, this can cause a tight fork(2) loop. -# -# AutoRestart false - -## AutoRestartCount n -## default 0 -## -## Sets the maximum automatic restart count. After this number of automatic -## restarts, the filter will give up and terminate. A value of 0 implies no -## limit. -# -# AutoRestartCount 0 - -## AutoRestartRate n/t[u] -## default (no limit) -## -## Sets the maximum automatic restart rate. If the filter begins restarting -## faster than the rate defined here, it will give up and terminate. This -## is a string of the form n/t[u] where n is an integer limiting the count -## of restarts in the given interval and t[u] defines the time interval -## through which the rate is calculated; t is an integer and u defines the -## units thus represented ("s" or "S" for seconds, the default; "m" or "M" -## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a -## value of "10/1h" limits the restarts to 10 in one hour. There is no -## default, meaning restart rate is not limited. -# -# AutoRestartRate n/t[u] - -## Background { true | false } -## default "true" -## -## Causes opendmarc to fork and exits immediately, leaving the service -## running in the background. -# -# Background true - ## BaseDirectory (string) ## default (none) ## @@ -84,18 +44,8 @@ ## directory. It's also useful for arranging that any crash dumps will be ## saved to a specific location. # -# BaseDirectory /var/run/opendmarc +BaseDirectory /run/opendmarc -## ChangeRootDirectory (string) -## default (none) -## -## Requests that the operating system change the effective root directory of -## the process to the one specified here prior to beginning execution. -## chroot(2) requires superuser access. A warning will be generated if -## UserID is not also set. -# -# ChangeRootDirectory /var/chroot/opendmarc - ## CopyFailuresTo (string) ## default (none) ## @@ -175,7 +125,7 @@ ## rather periodically imported into a relational database from which the ## aggregate reports can be extracted by a tool such as opendmarc-import(8). # -# HistoryFile /var/run/opendmarc.dat +# HistoryFile /var/spool/opendmarc/opendmarc.dat ## IgnoreAuthenticatedClients { true | false } ## default "false" @@ -193,7 +143,7 @@ ## connections are to be ignored by the filter. If not specified, defaults ## to "127.0.0.1" only. # -# IgnoreHosts /usr/local/etc/opendmarc/ignore.hosts +# IgnoreHosts /etc/opendmarc/ignore.hosts ## IgnoreMailFrom domain[,...] ## default (none) @@ -212,14 +162,6 @@ # # MilterDebug 0 -## PidFile path -## default (none) -## -## Specifies the path to a file that should be created at process start -## containing the process ID. -# -# PidFile /var/run/opendmarc.pid - ## PublicSuffixList path ## default (none) ## @@ -284,7 +226,7 @@ ## either in the configuration file or on the command line. If an IP ## address is used, it must be enclosed in square brackets. # -# Socket inet:8893@localhost +Socket inet:8893@localhost ## SoftwareHeader { true | false } ## default "false" @@ -294,7 +236,7 @@ ## delivery. The product's name, version, and the job ID are included in ## the header field's contents. # -# SoftwareHeader false +SoftwareHeader true ## SPFIgnoreResults { true | false } ## default "false" @@ -303,7 +245,7 @@ ## message. This is useful if you want the filter to perfrom SPF checks ## itself, or because you don't trust the arriving header. # -# SPFIgnoreResults false +SPFIgnoreResults true ## SPFSelfValidate { true | false } ## default false @@ -316,14 +258,14 @@ ## is also set, it never looks for SPF results in headers and ## always performs the SPF check itself when this is set. # -# SPFSelfValidate false +SPFSelfValidate true ## Syslog { true | false } ## default "false" ## ## Log via calls to syslog(3) any interesting activity. # -# Syslog false +Syslog true ## SyslogFacility facility-name ## default "mail" @@ -354,13 +296,4 @@ ## specific file mode on creation regardless of the process umask. See ## umask(2) for more information. # -# UMask 077 - -## UserID user[:group] -## default (none) -## -## Attempts to become the specified userid before starting operations. -## The process will be assigned all of the groups and primary group ID of -## the named userid unless an alternate group is specified. -# -# UserID opendmarc +UMask 007