From 5a5fc801f8337e4aa0351b1f5726e8617440679b Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Thu, 14 Jun 2018 14:12:14 -0400 Subject: [PATCH] Generate opendkim configuration in stretch when alternc.install is run The default configuration in stretch doesn't work very well and needs a couple of tweaks. This will generate the service files and make sure opendkim is run as the opendkim user instead of root. The alternc opendkim.conf template is updated so that the connection can be made locally through a socket. --- etc/alternc/templates/opendkim.conf | 4 ++++ install/alternc.install | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/etc/alternc/templates/opendkim.conf b/etc/alternc/templates/opendkim.conf index 7499491f..d2edbb7c 100644 --- a/etc/alternc/templates/opendkim.conf +++ b/etc/alternc/templates/opendkim.conf @@ -14,3 +14,7 @@ KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable ExternalIgnoreList /etc/opendkim/TrustedHosts InternalHosts /etc/opendkim/TrustedHosts + +# The value from /etc/default/opendkim doesn't seem to be taken into account +# @see https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=861169 +Socket local:/var/run/opendkim/opendkim.sock \ No newline at end of file diff --git a/install/alternc.install b/install/alternc.install index 4385ddbb..0f1e84e8 100755 --- a/install/alternc.install +++ b/install/alternc.install @@ -649,6 +649,15 @@ touch /etc/opendkim/TrustedHosts /etc/opendkim/SigningTable /etc/opendkim/KeyTab grep -q "^127.0.0.1\$" /etc/opendkim/TrustedHosts || echo "127.0.0.1" >>/etc/opendkim/TrustedHosts grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/opendkim/TrustedHosts grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts +if [ "$(lsb_release -s -c)" == 'stretch' ] ; then + /lib/opendkim/opendkim.service.generate + # Without adding '-u opendkim' after the service file is generated, opendkim + # will run as root, which we do not want. + if [ "$(grep -c 'u opendkim' /etc/systemd/system/opendkim.service.d/override.conf)" == 0 ] ; then + sed 's/inet:8891@127.0.0.1/& -u opendkim/' /etc/systemd/system/opendkim.service.d/override.conf + fi + systemctl daemon-reload +fi # Add opendkim to service to restart SERVICES="$SERVICES opendkim bind9"