Package: opendkim Version: 2.9.2-2 Severity: wishlist Hello,
Thank you for maintaining this important package. As the "war on spam" grows, more independent email systems will find OpenDKIM critical to ensuring their emails get delivered. I had to do quite a bit of configuring to get a standard installation of the OpenDKIM package to work with a standard installation of Postfix. I'm reporting this "wishlist" bug in hopes that you might consider these as ways to make the integration more "plug-and-play." I realize that some of the onus might need to be placed on the Postfix maintainers as well. The primary problem had to do with the fact that Postfix runs in a chroot environment by default. The standard location of the opendkim.sock Socket file (/var/run/opendkim/opendkim.sock) is inaccessable by Postfix which has a chroot at /var/spool/postfix. After considering a hard link and bind mount, I concluded the only permanent way to let Postfix access OpenDKIM (without resorting to networking) is to place the opendkim.sock file under the Postfix chroot. This is the opendkim.conf setting I used: Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock Of course I had to manually create the directory ahead of time with the proper ownership: # mkdir -p /var/spool/postfix/var/run/opendkim # chown opendkim:opendkim /var/spool/postfix/var/run/opendkim The current OpenDKIM configuration includes an important setting for UMask which helps make the file w ritable by MTAs: UMask 0002 Unfortunately, this alone does not allow Postfix to write to the socket as Postfix runs as its own user (postfix) and is not in the opendkim group by default. To make it part of the opendkim group I issued the command: # adduser postfix opendkim A UMask of 0000 would remove the previous step, but would make OpenDKIM less secure. The final issue I had was with storing my key file in the /etc/postfix directory. This seemed like the most appropriate place. Unfortunately, Postfix warns of non-postfix files in its directory (# postfix check). I had to create a separate /etc/opendkim directory for my key file. I don't currently have other OpenDKIM configuration files but several are possible. It seems to me that giving users a standard location for OpenDKIM configuration/keys and having opendkim.conf there would be a good approach. Otherwise, people end up polluting /etc. Thank you for considering my configuration. I am sharing this in hopes that my experience might help in future adjustments to the way OpenDKIM is configured -- to make it easier to use for all users. Thank you again for the work you do maintaining this important package. Tom Dworzanski t...@dworzanski.com -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.1.5-x86_64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages opendkim depends on: ii adduser 3.113+nmu3 ii libbsd0 0.7.0-2 ii libc6 2.19-18 ii libdb5.3 5.3.28-9 ii libldap-2.4-2 2.4.40+dfsg-1 ii liblua5.1-0 5.1.5-7.1 ii libmemcached11 1.0.18-4 ii libmemcachedutil2 1.0.18-4 ii libmilter1.0.1 8.14.4-8 ii libopendbx1 1.4.6-8 ii libopendkim9 2.9.2-2 ii librbl1 2.9.2-2 ii libssl1.0.0 1.0.1k-3+deb8u1 ii libunbound2 1.4.22-3 ii libvbr2 2.9.2-2 ii lsb-base 4.1+Debian13+nmu1 opendkim recommends no packages. Versions of packages opendkim suggests: ii opendkim-tools 2.9.2-2 -- Configuration Files: /etc/opendkim.conf changed [not included] -- no debconf information
