components/mail/opendkim/Makefile
New file @@ -0,0 +1,107 @@ # # This file and its contents are supplied under the terms of the # Common Development and Distribution License ("CDDL"). You may # only use this file in accordance with the terms of the CDDL. # # A full copy of the text of the CDDL should have accompanied this # source. A copy of the CDDL is also available via the Internet at # http://www.illumos.org/license/CDDL. # # # Copyright 2022 Friedrich Kink # BUILD_BITS= 64 # for binaries or 32_and_64 for libraries USE_OPENSSL11= yes include ../../../make-rules/shared-macros.mk COMPONENT_NAME= opendkim COMPONENT_VERSION= 2.10.3 COMPONENT_SUMMARY= OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system COMPONENT_DESCRIPTION= OpenDKIM is an open source implementation of the DKIM \ (Domain Keys Identified Mail) sender authentication system proposed \ by the E-mail Signing Technology Group (ESTG), now standardized by \ the IETF (RFC6376). It also includes implementations of the RFC5617) \ Vouch By Reference (VBR, RFC5518) proposed standard and the experimental \ Authorized Third Party Signatures protocol (ATPS, RFC6541). COMPONENT_PROJECT_URL= http://opendkim.org/ COMPONENT_FMRI= mail/opendkim COMPONENT_CLASSIFICATION=Applications/Internet COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_URL= https://sourceforge.net/projects/opendkim/files/$(COMPONENT_ARCHIVE) COMPONENT_ARCHIVE_HASH= sha256:43a0ba57bf942095fe159d0748d8933c6b1dd1117caf0273fa9a0003215e681b COMPONENT_LICENSE= Copyright (c) 2009, 2010, 2012, 2013, The Trusted Domain Project. COMPONENT_LICENSE_FILE= LICENSE include $(WS_MAKE_RULES)/common.mk PATH= $(PATH.gnu) COMPONENT_PRE_CONFIGURE_ACTION= ( cd $(SOURCE_DIR) && autoreconf --install ) CONFIGURE_OPTIONS+= --sysconfdir=/etc/mail \ --enable-diffheaders \ --enable-identity_header \ --enable-rbl \ --enable-rate_limit \ --enable-replace_rules \ --enable-atps \ --enable-vbr \ --enable-reprrd \ --enable-statsext \ --enable-stats \ --enable-sender_macro \ --with-openldap \ --with-openssl=$(OPENSSL_PREFIX) \ --with-lmdb \ --with-sasl \ --with-erlang \ --with-odbx \ --with-libcurl \ --with-libxml2 \ --with-milter \ --with-tre \ --with-libjansson \ --with-db \ --enable-sender_macro \ --with-libmemcached \ --with-lua \ "LIBS=-lnsl -lldap_r -lldap -llber" \ "LIBLUA_LIBS=" \ "LIBMILTER_LIBDIRS=" \ "LDFLAGS=-L$(OPENSSL_PREFIX)/lib/amd64 -lssl -lcrypto" \ "CPPFLAGS=-I/usr/include/openldap -I$(SOURCE_DIR)/libut" unexport SHELLOPTS COMPONENT_TEST_MASTER = $(COMPONENT_TEST_RESULTS_DIR)/results-64.master COMPONENT_TEST_TRANSFORMS += " -n " \ "-e '/TOTAL: /p' " \ "-e '/PASS: /p' " \ "-e '/SKIP: /p' " \ "-e '/XFAIL: /p' " \ "-e '/FAIL: /p' " \ "-e '/XPASS: /p' " \ "-e '/ERROR: /p' " \ "-e '/^=======/p' " # Auto-generated dependencies REQUIRED_PACKAGES += SUNWcs REQUIRED_PACKAGES += database/berkeleydb-5 REQUIRED_PACKAGES += database/lmdb REQUIRED_PACKAGES += image/rrdtool REQUIRED_PACKAGES += library/jansson REQUIRED_PACKAGES += library/libmemcached REQUIRED_PACKAGES += library/libmilter REQUIRED_PACKAGES += library/opendbx REQUIRED_PACKAGES += library/openldap REQUIRED_PACKAGES += library/security/openssl-11 REQUIRED_PACKAGES += library/tre REQUIRED_PACKAGES += runtime/lua REQUIRED_PACKAGES += runtime/perl-524 REQUIRED_PACKAGES += shell/ksh93 REQUIRED_PACKAGES += system/library REQUIRED_PACKAGES += system/library/math components/mail/opendkim/files/opendkim.conf.sample
New file @@ -0,0 +1,763 @@ ## ## opendkim.conf -- configuration file for OpenDKIM filter ## ## Copyright (c) 2010-2015, The Trusted Domain Project. All rights reserved. ## ## ## For settings that refer to a "dataset", see the opendkim(8) man page. ## ## DEPRECATED CONFIGURATION OPTIONS ## ## The following configuration options are no longer valid. They should be ## removed from your existing configuration file to prevent potential issues. ## Failure to do so may result in opendkim being unable to start. ## ## Removed in 2.10.0: ## AddAllSignatureResults ## ADSPAction ## ADSPNoSuchDomain ## BogusPolicy ## DisableADSP ## LDAPSoftStart ## LocalADSP ## NoDiscardableMailTo ## On-PolicyError ## SendADSPReports ## UnprotectedPolicy ## CONFIGURATION OPTIONS ## AllowSHA1Only { yes | no } ## default "no" ## ## By default, the filter will refuse to start if support for SHA256 is ## not available since this violates the strong recommendations of ## RFC6376 Section 3.3, which says: ## ## "Verifiers MUST implement both rsa-sha1 and rsa-sha256. Signers MUST ## implement and SHOULD sign using rsa-sha256." ## ## This forces that violation to be explicitly selected by the administrator. # AllowSHA1Only no ## AlwaysAddARHeader { yes | no } ## default "no" ## ## Add an "Authentication-Results:" header even to unsigned messages ## from domains with no "signs all" policy. The reported DKIM result ## will be "none" in such cases. Normally unsigned mail from non-strict ## domains does not cause the results header to be added. # AlwaysAddARHeader no ## AuthservID string ## default (local host name) ## ## Defines the "authserv-id" token to be used when generating ## Authentication-Results headers after message verification. # AuthservID example.com ## AuthservIDWithJobID ## default "no" ## ## Appends a "/" followed by the MTA's job ID to the "authserv-id" token ## when generating Authentication-Results headers after message verification. # AuthservIDWithJobId no ## AutoRestart { yes | no } ## default "no" ## ## Indicate whether or not the filter should arrange to restart automatically ## if it crashes. # AutoRestart No ## AutoRestartCount n ## default 0 ## ## Sets the maximum automatic restart count. After this number of ## automatic restarts, the filter will give up and terminate. A value of 0 ## implies no limit. # AutoRestartCount 0 ## AutoRestartRate n/t[u] ## default (none) ## ## Sets the maximum automatic restart rate. See the opendkim.conf(5) ## man page for the format of this parameter. # AutoRestartRate n/tu ## Background { yes | no } ## default "yes" ## ## Indicate whether or not the filter should run in the background. # Background Yes ## BaseDirectory path ## default (none) ## ## Causes the filter to change to the named directory before beginning ## operation. Thus, cores will be dumped here and configuration files ## are read relative to this location. # BaseDirectory /var/run/opendkim ## BodyLengthDB dataset ## default (none) ## ## A data set that is checked against envelope recipients to see if a ## body length tag should be included in the generated signature. ## This has security implications; see opendkim.conf(5) for details. # BodyLengthDB dataset ## Canonicalization hdrcanon[/bodycanon] ## default "simple/simple" ## ## Select canonicalizations to use when signing. If the "bodycanon" is ## omitted, "simple" is used. Valid values for each are "simple" and ## "relaxed". # Canonicalization simple/simple ## ClockDrift n ## default 300 ## ## Specify the tolerance range for expired signatures or signatures ## which appear to have timestamps in the future, allowing for clock ## drift. # ClockDrift 300 ## Diagnostics { yes | no } ## default "no" ## ## Specifies whether or not signatures with header diagnostic tags should ## be generated. # Diagnostics No ## DNSTimeout n ## default 10 ## ## Specify the time in seconds to wait for replies from the nameserver when ## requesting keys or signing policies. # DNSTimeout 10 ## Domain dataset ## default (none) ## ## Specify for which domain(s) signing should be done. No default; must ## be specified for signing. Domain example.com ## DomainKeysCompat { yes | no } ## default "no" ## ## When enabled, backward compatibility with DomainKeys (RFC4870) key ## records is enabled. Otherwise, such key records are considered to be ## syntactically invalid. # DomainKeysCompat no ## DontSignMailTo dataset ## default (none) ## ## Gives a list of recipient addresses or address patterns whose mail should ## not be signed. # DontSignMailTo addr1,addr2,... ## EnableCoredumps { yes | no } ## default "no" ## ## On systems which have support for such, requests that the kernel dump ## core even though the process may change user ID during its execution. # EnableCoredumps no ## ExemptDomains dataset ## default (none) ## ## A data set of domain names that are checked against the message sender's ## domain. If a match is found, the message is ignored by the filter. # ExemptDomains domain1,domain2,... ## ExternalIgnoreList filename ## ## Names a file from which a list of externally-trusted hosts is read. ## These are hosts which are allowed to send mail through you for signing. ## Automatically contains 127.0.0.1. See man page for file format. # ExternalIgnoreList filename ## FixCRLF { yes | no } ## ## Requests that the library convert "naked" CR and LF characters to ## CRLFs during canonicalization. The default is "no". # FixCRLF no ## IgnoreMalformedMail { yes | no } ## default "no" ## ## Silently passes malformed messages without alteration. This includes ## messages that fail the RequiredHeaders check, if enabled. The default is ## to pass those messages but add an Authentication-Results field indicating ## that they were malformed. # IgnoreMalformedMail no ## InternalHosts dataset ## default "127.0.0.1" ## ## Names a file from which a list of internal hosts is read. These are ## hosts from which mail should be signed rather than verified. ## Automatically contains 127.0.0.1. # InternalHosts dataset ## KeepTemporaryFiles { yes | no } ## default "no" ## ## If set, causes temporary files generated during message signing or ## verifying to be left behind for debugging use. Not for normal operation; ## can fill your disks quite fast on busy systems. # KeepTemporaryFiles no ## KeyFile filename ## default (none) ## ## Specifies the path to the private key to use when signing. Ignored if ## SigningTable and KeyTable are used. No default; must be specified for ## signing if SigningTable/KeyTable are not in use. KeyFile /var/db/dkim/example.private ## KeyTable dataset ## default (none) ## ## Defines a table that will be queried to convert key names to ## sets of data of the form (signing domain, signing selector, private key). ## The private key can either contain a PEM-formatted private key, ## a base64-encoded DER format private key, or a path to a file containing ## one of those. # KeyTable dataset ## LogWhy { yes | no } ## default "no" ## ## If logging is enabled (see Syslog below), issues very detailed logging ## about the logic behind the filter's decision to either sign a message ## or verify it. The logic behind the decision is non-trivial and can be ## confusing to administrators not familiar with its operation. A ## description of how the decision is made can be found in the OPERATIONS ## section of the opendkim(8) man page. This causes a large increase ## in the amount of log data generated for each message, so it should be ## limited to debugging use and not enabled for general operation. # LogWhy no ## MacroList macro[=value][,...] ## ## Gives a set of MTA-provided macros which should be checked to see ## if the sender has been determined to be a local user and therefore ## whether or not signing should be done. See opendkim.conf(5) for ## more information. # MacroList foo=bar,baz=blivit ## MaximumHeaders n ## ## Disallow messages whose header blocks are bigger than "n" bytes. ## Intended to detect and block a denial-of-service attack. The default ## is 65536. A value of 0 disables this test. # MaximumHeaders n ## MaximumSignaturesToVerify n ## (default 3) ## ## Verify no more than "n" signatures on an arriving message. ## A value of 0 means "no limit". # MaximumSignaturesToVerify n ## MaximumSignedBytes n ## ## Don't sign more than "n" bytes of the message. The default is to ## sign the entire message. Setting this implies "BodyLengths". # MaximumSignedBytes n ## MilterDebug n ## ## Request a debug level of "n" from the milter library. The default is 0. # MilterDebug 0 ## Minimum n[% | +] ## default 0 ## ## Sets a minimum signing volume; one of the following formats: ## n at least n bytes (or the whole message, whichever is less) ## must be signed ## n% at least n% of the message must be signed ## n+ if a length limit was presented in the signature, no more than ## n bytes may have been added # Minimum n ## MinimumKeyBits n ## default 1024 ## ## Causes the library not to accept signatures matching keys made of fewer ## than the specified number of bits, even if they would otherwise pass ## DKIM signing. # MinimumKeyBits 1024 ## Mode [sv] ## default sv ## ## Indicates which mode(s) of operation should be provided. "s" means ## "sign", "v" means "verify". # Mode sv ## MTA dataset ## default (none) ## ## Specifies a list of MTAs whos mail should always be signed rather than ## verified. The "mtaname" is extracted from the DaemonPortOptions line ## in effect. # MTA name ## MultipleSignatures { yes | no } ## default no ## ## Allows multiple signatures to be added. If set to "true" and a SigningTable ## is in use, all SigningTable entries that match the candidate message will ## cause a signature to be added. Otherwise, only the first matching ## SigningTable entry will be added, or only the key defined by Domain, ## Selector and KeyFile will be added. # MultipleSignatures no ## MustBeSigned dataset ## default (none) ## ## Defines a list of headers which, if present on a message, must be ## signed for the signature to be considered acceptable. # MustBeSigned header1,header2,... ## Nameservers addr1[,addr2[,...]] ## default (none) ## ## Provides a comma-separated list of IP addresses that are to be used when ## doing DNS queries to retrieve DKIM keys, VBR records, etc. ## These override any local defaults built in to the resolver in use, which ## may be defined in /etc/resolv.conf or hard-coded into the software. # Nameservers addr1,addr2,... ## NoHeaderB { yes | no } ## default "no" ## ## Suppresses addition of "header.b" tags on Authentication-Results ## header fields. # NoHeaderB no ## OmitHeaders dataset ## default (none) ## ## Specifies a list of headers that should always be omitted when signing. ## Header names should be separated by commas. # OmitHeaders header1,header2,... ## On-... ## ## Specifies what to do when certain error conditions are encountered. ## ## See opendkim.conf(5) for more information. # On-Default # On-BadSignature # On-DNSError # On-InternalError # On-NoSignature # On-Security # On-SignatureError ## OversignHeaders dataset ## default (none) ## ## Specifies a set of header fields that should be included in all signature ## header lists (the "h=" tag) once more than the number of times they were ## actually present in the signed message. See opendkim.conf(5) for more ## information. # OverSignHeaders header1,header2,... ## PeerList dataset ## default (none) ## ## Contains a list of IP addresses, CIDR blocks, hostnames or domain names ## whose mail should be neither signed nor verified by this filter. See man ## page for file format. # PeerList filename ## PidFile filename ## default (none) ## ## Name of the file where the filter should write its pid before beginning ## normal operations. # PidFile filename ## POPDBFile dataset ## default (none) ## ## Names a database which should be checked for "POP before SMTP" records ## as a form of authentication of users who may be sending mail through ## the MTA for signing. Requires special compilation of the filter. ## See opendkim.conf(5) for more information. # POPDBFile filename ## Quarantine { yes | no } ## default "no" ## ## Indicates whether or not the filter should arrange to quarantine mail ## which fails verification. Intended for diagnostic use only. # Quarantine No ## QueryCache { yes | no } ## default "no" ## ## Instructs the DKIM library to maintain its own local cache of keys and ## policies retrieved from DNS, rather than relying on the nameserver for ## caching service. Useful if the nameserver being used by the filter is ## not local. The filter must be compiled with the QUERY_CACHE flag to enable ## this feature, since it adds a library dependency. # QueryCache No ## RedirectFailuresTo address ## default (none) ## ## Redirects signed messages to the specified address if none of the ## signatures present failed to verify. # RedirectFailuresTo postmaster@example.com ## RemoveARAll { yes | no } ## default "no" ## ## Remove all Authentication-Results: headers on all arriving mail. # RemoveARAll No ## RemoveARFrom dataset ## default (none) ## ## Remove all Authentication-Results: headers on all arriving mail that ## claim to have been added by hosts listed in this parameter. The list ## should be comma-separated. Entire domains may be specified by preceding ## the dopmain name by a single dot (".") character. # RemoveARFrom host1,host2,.domain1,.domain2,... ## RemoveOldSignatures { yes | no } ## default "no" ## ## Remove old signatures on messages, if any, when generating a signature. # RemoveOldSignatures No ## ReportAddress addr ## default (executing user)@(hostname) ## ## Specifies the sending address to be used on From: headers of outgoing ## failure reports. By default, the e-mail address of the user executing ## the filter is used. # ReportAddress "DKIM Error Postmaster" <postmaster@example.com> ## ReportBccAddress addr ## default (none) ## ## Specifies additional recipient address(es) to receive outgoing failure ## reports. # ReportBccAddress postmaster@example.com, john@example.com ## RequiredHeaders { yes | no } ## default no ## ## Rejects messages which don't conform to RFC5322 header count requirements. # RequiredHeaders No ## RequireSafeKeys { yes | no } ## default yes ## ## Refuses to use key files that appear to have unsafe permissions. # RequireSafeKeys Yes ## ResignAll { yes | no } ## default no ## ## Where ResignMailTo triggers a re-signing action, this flag indicates ## whether or not all mail should be signed (if set) versus only verified ## mail being signed (if not set). # ResignAll No ## ResignMailTo dataset ## default (none) ## ## Checks each message recipient against the specified dataset for a ## matching record. The full address is checked in each case, then the ## hostname, then each domain preceded by ".". If there is a match, the ## value returned is presumed to be the name of a key in the KeyTable ## (if defined) to be used to re-sign the message in addition to ## verifying it. If there is a match without a KeyTable, the default key ## is applied. # ResignMailTo dataset ## ResolverConfiguration string ## ## Passes arbitrary configuration data to the resolver. For the stock UNIX ## resolver, this is ignored; for Unbound, it names a resolv.conf(5)-style ## file that should be read for configuration information. # ResolverConfiguration string ## ResolverTracing { yes | no } ## ## Requests enabling of resolver trace features, if available. The effect ## of setting this flag depends on how trace features, if any, are implemented ## in the resolver in use. Currently only effective when used with the ## OpenDKIM asynchronous resolver. # ResolverTracing no ## Selector name ## ## The name of the selector to use when signing. No default; must be ## specified for signing. Selector my-selector-name ## SenderHeaders dataset ## default (none) ## ## Overrides the default list of headers that will be used to determine ## the sending domain when deciding whether to sign the message and with ## with which key(s). See opendkim.conf(5) for details. # SenderHeaders From ## SendReports { yes | no } ## default "no" ## ## Specifies whether or not the filter should generate report mail back ## to senders when verification fails and an address for such a purpose ## is provided. See opendkim.conf(5) for details. # SendReports No ## SignatureAlgorithm signalg ## default "rsa-sha256" ## ## Signature algorithm to use when generating signatures. Must be either ## "rsa-sha1" or "rsa-sha256". # SignatureAlgorithm rsa-sha256 ## SignatureTTL seconds ## default "0" ## ## Specifies the lifetime in seconds of signatures generated by the ## filter. A value of 0 means no expiration time is included in the ## signature. # SignatureTTL 0 ## SignHeaders dataset ## default (none) ## ## Specifies the list of headers which should be included when generating ## signatures. The string should be a comma-separated list of header names. ## See the opendkim.conf(5) man page for more information. # SignHeaders header1,header2,... ## SigningTable dataset ## default (none) ## ## Defines a dataset that will be queried for the message sender's address ## to determine which private key(s) (if any) should be used to sign the ## message. The sender is determined from the value of the sender ## header fields as described with SenderHeaders above. The key for this ## lookup should be an address or address pattern that matches senders; ## see the opendkim.conf(5) man page for more information. The value ## of the lookup should return the name of a key found in the KeyTable ## that should be used to sign the message. If MultipleSignatures ## is set, all possible lookup keys will be attempted which may result ## in multiple signatures being applied. # SigningTable filename ## SingleAuthResult { yes | no} ## default "no" ## ## When DomainKeys verification is enabled, multiple Authentication-Results ## will be added, one for DK and one for DKIM. With this enabled, only ## a DKIM result will be reported unless DKIM failed but DK passed, in which ## case only a DK result will be reported. # SingleAuthResult no ## SMTPURI uri ## ## Specifies a URI (e.g., "smtp://localhost") to which mail should be sent ## via SMTP when notifications are generated. # Socket smtp://localhost ## Socket socketspec ## ## Names the socket where this filter should listen for milter connections ## from the MTA. Required. Should be in one of these forms: ## ## inet:port@address to listen on a specific interface ## inet:port to listen on all interfaces ## local:/path/to/socket to listen on a UNIX domain socket Socket inet:port@localhost ## SoftwareHeader { yes | no } ## default "no" ## ## Add a DKIM-Filter header field to messages passing through this filter ## to identify messages it has processed. # SoftwareHeader no ## StrictHeaders { yes | no } ## default "no" ## ## Requests that the DKIM library refuse to process a message whose ## header fields do not conform to the standards, in particular Section 3.6 ## of RFC5322. # StrictHeaders no ## StrictTestMode { yes | no } ## default "no" ## ## Selects strict CRLF mode during testing (see the "-t" command line ## flag in the opendkim(8) man page). Messages for which all header ## fields and body lines are not CRLF-terminated are considered malformed ## and will produce an error. # StrictTestMode no ## SubDomains { yes | no } ## default "no" ## ## Sign for subdomains as well? # SubDomains No ## Syslog { yes | no } ## default "yes" ## ## Log informational and error activity to syslog? Syslog Yes ## SyslogFacility facility ## default "mail" ## ## Valid values are : ## auth cron daemon kern lpr mail news security syslog user uucp ## local0 local1 local2 local3 local4 local5 local6 local7 ## ## syslog facility to be used # SyslogFacility mail ## SyslogSuccess { yes | no } ## default "no" ## ## Log success activity to syslog? # SyslogSuccess No ## TemporaryDirectory path ## default /tmp ## ## Specifies which directory will be used for creating temporary files ## during message processing. # TemporaryDirectory /tmp ## TestPublicKeys filename ## default (none) ## ## Names a file from which public keys should be read. Intended for use ## only during automated testing. # TestPublicKeys /tmp/testkeys ## TrustAnchorFile filename ## default (none) ## ## Specifies a file from which trust anchor data should be read when doing ## DNS queries and applying the DNSSEC protocol. See the Unbound documentation ## at http://unbound.net for the expected format of this file. # TrustAnchorFile /var/named/trustanchor ## UMask mask ## default (none) ## ## Change the process umask for file creation to the specified value. ## The system has its own default which will be used (usually 022). ## See the umask(2) man page for more information. # UMask 022 # UnboundConfigFile /var/named/unbound.conf ## Userid userid ## default (none) ## ## Change to user "userid" before starting normal operation? May include ## a group ID as well, separated from the userid by a colon. # UserID userid components/mail/opendkim/files/opendkim.xml
New file @@ -0,0 +1,129 @@ <?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- CDDL HEADER START The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] CDDL HEADER END Copyright 2009 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Copyright 2021 Friedrich Kink <friedrich.kink@gmail.com> NOTE: This service manifest is not editable; its contents will be overwritten by package or patch operations, including operating system upgrade. Make customizations in a different file. --> <service_bundle type='manifest' name='service/network/smtp/opendkim:opendkim'> <service name="network/smtp" type="service" version="1"> <single_instance/> <dependency name="fs-local" grouping="require_all" restart_on="none" type="service"> <service_fmri value="svc:/system/filesystem/local"/> </dependency> <dependency name="network-service" grouping="require_all" restart_on="none" type="service"> <service_fmri value="svc:/network/service"/> </dependency> <dependency name="name-services" grouping="require_all" restart_on="refresh" type="service"> <service_fmri value="svc:/milestone/name-services"/> </dependency> <dependency name="identity" grouping="optional_all" restart_on="refresh" type="service"> <service_fmri value="svc:/system/identity:domain"/> </dependency> <dependency name="system-log" grouping="optional_all" restart_on="none" type="service"> <service_fmri value="svc:/system/system-log"/> </dependency> <property_group name="firewall_context" type="com.sun,fw_definition"> <propval name="name" type="astring" value="smtp"/> </property_group> <property_group name="firewall_config" type="com.sun,fw_configuration"> <propval name="policy" type="astring" value="use_global"/> <propval name="block_policy" type="astring" value="use_global"/> <propval name="apply_to" type="astring" value=""/> <propval name="apply_to_6" type="astring" value=""/> <propval name="exceptions" type="astring" value=""/> <propval name="exceptions_6" type="astring" value=""/> <propval name="target" type="astring" value=""/> <propval name="target_6" type="astring" value=""/> <propval name="value_authorization" type="astring" value="solaris.smf.value.firewall.config"/> </property_group> <instance name="opendkim" enabled="false"> <dependency name="config-file" grouping="require_all" restart_on="refresh" type="path"> <service_fmri value="file://localhost/etc/mail/opendkim.conf"/> </dependency> <dependency name="nsswitch" grouping="require_all" restart_on="refresh" type="path"> <service_fmri value="file://localhost/etc/nsswitch.conf"/> </dependency> <dependency name="autofs" grouping="optional_all" restart_on="none" type="service"> <service_fmri value="svc:/system/filesystem/autofs"/> </dependency> <dependent name="smtp-opendkim_multi-user" grouping="optional_all" restart_on="none"> <service_fmri value="svc:/milestone/multi-user"/> </dependent> <exec_method type="method" name="start" exec="/usr/sbin/opendkim" timeout_seconds="60"> <method_context> <method_credential user='opendkim' group='opendkim' privileges='basic,net_privaddr,proc_setid,file_dac_read,file_dac_search'/> </method_context> </exec_method> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'/> <property_group name="startd" type="framework"> <propval name="ignore_error" type="astring" value="core,signal"/> </property_group> <property_group name="general" type="framework"> <propval name="action_authorization" type="astring" value="solaris.smf.manage.opendkim"/> </property_group> <template> <common_name> <loctext xml:lang="C"> OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified Mail) sender authentication system </loctext> </common_name> <documentation> <manpage title="opendkim" section="1M" manpath="/usr/share/man"/> </documentation> </template> </instance> <stability value="Unstable"/> </service> </service_bundle> components/mail/opendkim/files/prof_attr
New file @@ -0,0 +1 @@ DKIM filter:RO:::auths=solaris.smf.manage.opendkim/default,solaris.smf.value.opendkim/default components/mail/opendkim/manifests/sample-manifest.p5m
New file @@ -0,0 +1,231 @@ # # This file and its contents are supplied under the terms of the # Common Development and Distribution License ("CDDL"), version 1.0. # You may only use this file in accordance with the terms of version # 1.0 of the CDDL. # # A full copy of the text of the CDDL should have accompanied this # source. A copy of the CDDL is also available via the Internet at # http://www.illumos.org/license/CDDL. # # # Copyright 2022 <contributor> # set name=pkg.fmri value=pkg:/$(COMPONENT_FMRI)@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="$(COMPONENT_SUMMARY)" set name=info.classification value="$(COMPONENT_CLASSIFICATION)" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) set name=org.opensolaris.consolidation value=$(CONSOLIDATION) license $(COMPONENT_LICENSE_FILE) license='$(COMPONENT_LICENSE)' file path=usr/bin/autobuild file path=usr/bin/miltertest file path=usr/bin/opendkim-reprrdimport file path=usr/bin/opendkim-spam file path=usr/include/opendkim/dkim.h file path=usr/include/rbl/rbl.h file path=usr/include/reprrd/reprrd.h file path=usr/include/vbr/vbr.h file path=usr/lib/$(MACH64)/libopendkim.a link path=usr/lib/$(MACH64)/libopendkim.so target=libopendkim.so.10.0.3 link path=usr/lib/$(MACH64)/libopendkim.so.10 target=libopendkim.so.10.0.3 file path=usr/lib/$(MACH64)/libopendkim.so.10.0.3 file path=usr/lib/$(MACH64)/librbl.a link path=usr/lib/$(MACH64)/librbl.so target=librbl.so.1.0.0 link path=usr/lib/$(MACH64)/librbl.so.1 target=librbl.so.1.0.0 file path=usr/lib/$(MACH64)/librbl.so.1.0.0 file path=usr/lib/$(MACH64)/libreprrd.a link path=usr/lib/$(MACH64)/libreprrd.so target=libreprrd.so.1.0.0 link path=usr/lib/$(MACH64)/libreprrd.so.1 target=libreprrd.so.1.0.0 file path=usr/lib/$(MACH64)/libreprrd.so.1.0.0 file path=usr/lib/$(MACH64)/libvbr.a link path=usr/lib/$(MACH64)/libvbr.so target=libvbr.so.2.0.0 link path=usr/lib/$(MACH64)/libvbr.so.2 target=libvbr.so.2.0.0 file path=usr/lib/$(MACH64)/libvbr.so.2.0.0 file path=usr/lib/$(MACH64)/pkgconfig/opendkim.pc file path=usr/lib/$(MACH64)/pkgconfig/rbl.pc file path=usr/lib/$(MACH64)/pkgconfig/vbr.pc file path=usr/sbin/opendkim file path=usr/sbin/opendkim-atpszone file path=usr/sbin/opendkim-expire file path=usr/sbin/opendkim-gengraphs file path=usr/sbin/opendkim-genkey file path=usr/sbin/opendkim-genstats file path=usr/sbin/opendkim-genzone file path=usr/sbin/opendkim-importstats file path=usr/sbin/opendkim-reportstats file path=usr/sbin/opendkim-stats file path=usr/sbin/opendkim-testkey file path=usr/sbin/opendkim-testmsg file path=usr/share/doc/opendkim/FEATURES file path=usr/share/doc/opendkim/KNOWNBUGS file path=usr/share/doc/opendkim/LICENSE file path=usr/share/doc/opendkim/LICENSE.Sendmail file path=usr/share/doc/opendkim/README file path=usr/share/doc/opendkim/README.LDAP file path=usr/share/doc/opendkim/README.SQL file path=usr/share/doc/opendkim/README.opendkim-reportstats file path=usr/share/doc/opendkim/README.specs.html file path=usr/share/doc/opendkim/RELEASE_NOTES.Sendmail file path=usr/share/doc/opendkim/authheaders-check-setup-hook.lua file path=usr/share/doc/opendkim/autobuild.conf.sample file path=usr/share/doc/opendkim/chroot file path=usr/share/doc/opendkim/convert_keylist.sh file path=usr/share/doc/opendkim/dkim.html file path=usr/share/doc/opendkim/dkim_add_querymethod.html file path=usr/share/doc/opendkim/dkim_add_xtag.html file path=usr/share/doc/opendkim/dkim_alg_t.html file path=usr/share/doc/opendkim/dkim_atps_check.html file path=usr/share/doc/opendkim/dkim_atps_t.html file path=usr/share/doc/opendkim/dkim_body.html file path=usr/share/doc/opendkim/dkim_canon_t.html file path=usr/share/doc/opendkim/dkim_cbstat.html file path=usr/share/doc/opendkim/dkim_chunk.html file path=usr/share/doc/opendkim/dkim_close.html file path=usr/share/doc/opendkim/dkim_diffheaders.html file path=usr/share/doc/opendkim/dkim_dns_close.html file path=usr/share/doc/opendkim/dkim_dns_config.html file path=usr/share/doc/opendkim/dkim_dns_init.html file path=usr/share/doc/opendkim/dkim_dns_nslist.html file path=usr/share/doc/opendkim/dkim_dns_set_close.html file path=usr/share/doc/opendkim/dkim_dns_set_config.html file path=usr/share/doc/opendkim/dkim_dns_set_init.html file path=usr/share/doc/opendkim/dkim_dns_set_nslist.html file path=usr/share/doc/opendkim/dkim_dns_set_query_cancel.html file path=usr/share/doc/opendkim/dkim_dns_set_query_service.html file path=usr/share/doc/opendkim/dkim_dns_set_query_start.html file path=usr/share/doc/opendkim/dkim_dns_set_query_waitreply.html file path=usr/share/doc/opendkim/dkim_dns_set_trustanchor.html file path=usr/share/doc/opendkim/dkim_dns_trustanchor.html file path=usr/share/doc/opendkim/dkim_dnssec.html file path=usr/share/doc/opendkim/dkim_eoh.html file path=usr/share/doc/opendkim/dkim_eom.html file path=usr/share/doc/opendkim/dkim_flush_cache.html file path=usr/share/doc/opendkim/dkim_free.html file path=usr/share/doc/opendkim/dkim_get_msgdate.html file path=usr/share/doc/opendkim/dkim_get_reputation.html file path=usr/share/doc/opendkim/dkim_get_signer.html file path=usr/share/doc/opendkim/dkim_get_sigsubstring.html file path=usr/share/doc/opendkim/dkim_get_user_context.html file path=usr/share/doc/opendkim/dkim_getcachestats.html file path=usr/share/doc/opendkim/dkim_getdomain.html file path=usr/share/doc/opendkim/dkim_geterror.html file path=usr/share/doc/opendkim/dkim_getid.html file path=usr/share/doc/opendkim/dkim_getmode.html file path=usr/share/doc/opendkim/dkim_getpartial.html file path=usr/share/doc/opendkim/dkim_getresultstr.html file path=usr/share/doc/opendkim/dkim_getsighdr.html file path=usr/share/doc/opendkim/dkim_getsighdr_d.html file path=usr/share/doc/opendkim/dkim_getsiglist.html file path=usr/share/doc/opendkim/dkim_getsignature.html file path=usr/share/doc/opendkim/dkim_getsslbuf.html file path=usr/share/doc/opendkim/dkim_getuser.html file path=usr/share/doc/opendkim/dkim_header.html file path=usr/share/doc/opendkim/dkim_init.html file path=usr/share/doc/opendkim/dkim_key_syntax.html file path=usr/share/doc/opendkim/dkim_lib.html file path=usr/share/doc/opendkim/dkim_libfeature.html file path=usr/share/doc/opendkim/dkim_libversion.html file path=usr/share/doc/opendkim/dkim_mail_parse.html file path=usr/share/doc/opendkim/dkim_minbody.html file path=usr/share/doc/opendkim/dkim_ohdrs.html file path=usr/share/doc/opendkim/dkim_options.html file path=usr/share/doc/opendkim/dkim_param_t.html file path=usr/share/doc/opendkim/dkim_privkey_load.html file path=usr/share/doc/opendkim/dkim_qi_getname.html file path=usr/share/doc/opendkim/dkim_qi_gettype.html file path=usr/share/doc/opendkim/dkim_query_t.html file path=usr/share/doc/opendkim/dkim_queryinfo.html file path=usr/share/doc/opendkim/dkim_resign.html file path=usr/share/doc/opendkim/dkim_set_dns_callback.html file path=usr/share/doc/opendkim/dkim_set_final.html file path=usr/share/doc/opendkim/dkim_set_key_lookup.html file path=usr/share/doc/opendkim/dkim_set_margin.html file path=usr/share/doc/opendkim/dkim_set_prescreen.html file path=usr/share/doc/opendkim/dkim_set_signature_handle.html file path=usr/share/doc/opendkim/dkim_set_signature_handle_free.html file path=usr/share/doc/opendkim/dkim_set_signature_tagvalues.html file path=usr/share/doc/opendkim/dkim_set_signer.html file path=usr/share/doc/opendkim/dkim_set_trust_anchor.html file path=usr/share/doc/opendkim/dkim_set_user_context.html file path=usr/share/doc/opendkim/dkim_setpartial.html file path=usr/share/doc/opendkim/dkim_sig_getbh.html file path=usr/share/doc/opendkim/dkim_sig_getcanonlen.html file path=usr/share/doc/opendkim/dkim_sig_getcanons.html file path=usr/share/doc/opendkim/dkim_sig_getcontext.html file path=usr/share/doc/opendkim/dkim_sig_getdnssec.html file path=usr/share/doc/opendkim/dkim_sig_getdomain.html file path=usr/share/doc/opendkim/dkim_sig_geterror.html file path=usr/share/doc/opendkim/dkim_sig_geterrorstr.html file path=usr/share/doc/opendkim/dkim_sig_getflags.html file path=usr/share/doc/opendkim/dkim_sig_gethashes.html file path=usr/share/doc/opendkim/dkim_sig_getidentity.html file path=usr/share/doc/opendkim/dkim_sig_getkeysize.html file path=usr/share/doc/opendkim/dkim_sig_getqueries.html file path=usr/share/doc/opendkim/dkim_sig_getreportinfo.html file path=usr/share/doc/opendkim/dkim_sig_getselector.html file path=usr/share/doc/opendkim/dkim_sig_getsignalg.html file path=usr/share/doc/opendkim/dkim_sig_getsignedhdrs.html file path=usr/share/doc/opendkim/dkim_sig_getsigntime.html file path=usr/share/doc/opendkim/dkim_sig_getsslbuf.html file path=usr/share/doc/opendkim/dkim_sig_gettagvalue.html file path=usr/share/doc/opendkim/dkim_sig_hdrsigned.html file path=usr/share/doc/opendkim/dkim_sig_ignore.html file path=usr/share/doc/opendkim/dkim_sig_process.html file path=usr/share/doc/opendkim/dkim_sig_seterror.html file path=usr/share/doc/opendkim/dkim_sig_syntax.html file path=usr/share/doc/opendkim/dkim_sigerror.html file path=usr/share/doc/opendkim/dkim_siginfo.html file path=usr/share/doc/opendkim/dkim_sigkey_t.html file path=usr/share/doc/opendkim/dkim_sign.html file path=usr/share/doc/opendkim/dkim_signhdrs.html file path=usr/share/doc/opendkim/dkim_ssl_version.html file path=usr/share/doc/opendkim/dkim_stat.html file path=usr/share/doc/opendkim/dkim_verify.html file path=usr/share/doc/opendkim/dns.html file path=usr/share/doc/opendkim/example.com.ldif file path=usr/share/doc/opendkim/final.lua.sample file path=usr/share/doc/opendkim/index.html file path=usr/share/doc/opendkim/mkdb.mysql file path=usr/share/doc/opendkim/opendkim file path=usr/share/doc/opendkim/opendkim-default-keygen file path=usr/share/doc/opendkim/opendkim-fixipaddrs.pl file path=usr/share/doc/opendkim/opendkim-spam-ignore-cmdswitch.patch file path=usr/share/doc/opendkim/opendkim.conf.sample file path=usr/share/doc/opendkim/opendkim.conf.simple file path=usr/share/doc/opendkim/opendkim.conf.simple-verify file path=usr/share/doc/opendkim/opendkim.ldif file path=usr/share/doc/opendkim/opendkim.schema file path=usr/share/doc/opendkim/opendkim.service file path=usr/share/doc/opendkim/opendkim.spec.in file path=usr/share/doc/opendkim/opendkim.xml file path=usr/share/doc/opendkim/overview.html file path=usr/share/doc/opendkim/reprrd-config.php file path=usr/share/doc/opendkim/reprrd.php file path=usr/share/doc/opendkim/repute.py file path=usr/share/doc/opendkim/screen.lua.sample file path=usr/share/doc/opendkim/setup.lua.sample file path=usr/share/doc/opendkim/stats.lua file path=usr/share/man/man1/opendkim-spam.1 file path=usr/share/man/man3/opendkim-lua.3 file path=usr/share/man/man3/rbl.3 file path=usr/share/man/man3/vbr.3 file path=usr/share/man/man5/opendkim.conf.5 file path=usr/share/man/man8/autobuild.8 file path=usr/share/man/man8/miltertest.8 file path=usr/share/man/man8/opendkim-atpszone.8 file path=usr/share/man/man8/opendkim-expire.8 file path=usr/share/man/man8/opendkim-gengraphs.8 file path=usr/share/man/man8/opendkim-genkey.8 file path=usr/share/man/man8/opendkim-genstats.8 file path=usr/share/man/man8/opendkim-genzone.8 file path=usr/share/man/man8/opendkim-importstats.8 file path=usr/share/man/man8/opendkim-reprrdimport.8 file path=usr/share/man/man8/opendkim-stats.8 file path=usr/share/man/man8/opendkim-testkey.8 file path=usr/share/man/man8/opendkim-testmsg.8 file path=usr/share/man/man8/opendkim.8 components/mail/opendkim/opendkim.p5m
New file @@ -0,0 +1,241 @@ # # This file and its contents are supplied under the terms of the # Common Development and Distribution License ("CDDL"), version 1.0. # You may only use this file in accordance with the terms of version # 1.0 of the CDDL. # # A full copy of the text of the CDDL should have accompanied this # source. A copy of the CDDL is also available via the Internet at # http://www.illumos.org/license/CDDL. # # # Copyright 2022 Friedrich Kink. All right reserved. # set name=pkg.fmri value=pkg:/$(COMPONENT_FMRI)@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="$(COMPONENT_SUMMARY)" set name=pkg.description value="$(COMPONENT_DESCRIPTION)" set name=info.classification value="$(COMPONENT_CLASSIFICATION)" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) set name=org.opensolaris.consolidation value=$(CONSOLIDATION) license $(COMPONENT_LICENSE_FILE) license='$(COMPONENT_LICENSE)' group groupname=opendkim gid=30 user username=opendkim gcos-field="opendkim - used for unprivileged processes" group=opendkim home-dir=/var/empty login-shell=/bin/false uid=30 file files/opendkim.xml path=lib/svc/manifest/network/opendkim.xml restart_fmri=svc:/system/manifest-import:default file files/opendkim.conf.sample path=etc/mail/opendkim.conf.sample file files/prof_attr path=etc/security/prof_attr.d/opendkim group=sys file path=usr/bin/autobuild file path=usr/bin/miltertest file path=usr/bin/opendkim-reprrdimport file path=usr/bin/opendkim-spam file path=usr/include/opendkim/dkim.h file path=usr/include/rbl/rbl.h file path=usr/include/reprrd/reprrd.h file path=usr/include/vbr/vbr.h file path=usr/lib/$(MACH64)/libopendkim.a link path=usr/lib/$(MACH64)/libopendkim.so target=libopendkim.so.10.0.3 link path=usr/lib/$(MACH64)/libopendkim.so.10 target=libopendkim.so.10.0.3 file path=usr/lib/$(MACH64)/libopendkim.so.10.0.3 file path=usr/lib/$(MACH64)/librbl.a link path=usr/lib/$(MACH64)/librbl.so target=librbl.so.1.0.0 link path=usr/lib/$(MACH64)/librbl.so.1 target=librbl.so.1.0.0 file path=usr/lib/$(MACH64)/librbl.so.1.0.0 file path=usr/lib/$(MACH64)/libreprrd.a link path=usr/lib/$(MACH64)/libreprrd.so target=libreprrd.so.1.0.0 link path=usr/lib/$(MACH64)/libreprrd.so.1 target=libreprrd.so.1.0.0 file path=usr/lib/$(MACH64)/libreprrd.so.1.0.0 file path=usr/lib/$(MACH64)/libvbr.a link path=usr/lib/$(MACH64)/libvbr.so target=libvbr.so.2.0.0 link path=usr/lib/$(MACH64)/libvbr.so.2 target=libvbr.so.2.0.0 file path=usr/lib/$(MACH64)/libvbr.so.2.0.0 file path=usr/lib/$(MACH64)/pkgconfig/opendkim.pc file path=usr/lib/$(MACH64)/pkgconfig/rbl.pc file path=usr/lib/$(MACH64)/pkgconfig/vbr.pc file path=usr/sbin/opendkim file path=usr/sbin/opendkim-atpszone file path=usr/sbin/opendkim-expire file path=usr/sbin/opendkim-gengraphs file path=usr/sbin/opendkim-genkey file path=usr/sbin/opendkim-genstats file path=usr/sbin/opendkim-genzone file path=usr/sbin/opendkim-importstats file path=usr/sbin/opendkim-reportstats file path=usr/sbin/opendkim-stats file path=usr/sbin/opendkim-testkey file path=usr/sbin/opendkim-testmsg file path=usr/share/doc/opendkim/FEATURES file path=usr/share/doc/opendkim/KNOWNBUGS file path=usr/share/doc/opendkim/LICENSE file path=usr/share/doc/opendkim/LICENSE.Sendmail file path=usr/share/doc/opendkim/README file path=usr/share/doc/opendkim/README.LDAP file path=usr/share/doc/opendkim/README.SQL file path=usr/share/doc/opendkim/README.opendkim-reportstats file path=usr/share/doc/opendkim/README.specs.html file path=usr/share/doc/opendkim/RELEASE_NOTES.Sendmail file path=usr/share/doc/opendkim/authheaders-check-setup-hook.lua file path=usr/share/doc/opendkim/autobuild.conf.sample file path=usr/share/doc/opendkim/chroot file path=usr/share/doc/opendkim/convert_keylist.sh file path=usr/share/doc/opendkim/dkim.html file path=usr/share/doc/opendkim/dkim_add_querymethod.html file path=usr/share/doc/opendkim/dkim_add_xtag.html file path=usr/share/doc/opendkim/dkim_alg_t.html file path=usr/share/doc/opendkim/dkim_atps_check.html file path=usr/share/doc/opendkim/dkim_atps_t.html file path=usr/share/doc/opendkim/dkim_body.html file path=usr/share/doc/opendkim/dkim_canon_t.html file path=usr/share/doc/opendkim/dkim_cbstat.html file path=usr/share/doc/opendkim/dkim_chunk.html file path=usr/share/doc/opendkim/dkim_close.html file path=usr/share/doc/opendkim/dkim_diffheaders.html file path=usr/share/doc/opendkim/dkim_dns_close.html file path=usr/share/doc/opendkim/dkim_dns_config.html file path=usr/share/doc/opendkim/dkim_dns_init.html file path=usr/share/doc/opendkim/dkim_dns_nslist.html file path=usr/share/doc/opendkim/dkim_dns_set_close.html file path=usr/share/doc/opendkim/dkim_dns_set_config.html file path=usr/share/doc/opendkim/dkim_dns_set_init.html file path=usr/share/doc/opendkim/dkim_dns_set_nslist.html file path=usr/share/doc/opendkim/dkim_dns_set_query_cancel.html file path=usr/share/doc/opendkim/dkim_dns_set_query_service.html file path=usr/share/doc/opendkim/dkim_dns_set_query_start.html file path=usr/share/doc/opendkim/dkim_dns_set_query_waitreply.html file path=usr/share/doc/opendkim/dkim_dns_set_trustanchor.html file path=usr/share/doc/opendkim/dkim_dns_trustanchor.html file path=usr/share/doc/opendkim/dkim_dnssec.html file path=usr/share/doc/opendkim/dkim_eoh.html file path=usr/share/doc/opendkim/dkim_eom.html file path=usr/share/doc/opendkim/dkim_flush_cache.html file path=usr/share/doc/opendkim/dkim_free.html file path=usr/share/doc/opendkim/dkim_get_msgdate.html file path=usr/share/doc/opendkim/dkim_get_reputation.html file path=usr/share/doc/opendkim/dkim_get_signer.html file path=usr/share/doc/opendkim/dkim_get_sigsubstring.html file path=usr/share/doc/opendkim/dkim_get_user_context.html file path=usr/share/doc/opendkim/dkim_getcachestats.html file path=usr/share/doc/opendkim/dkim_getdomain.html file path=usr/share/doc/opendkim/dkim_geterror.html file path=usr/share/doc/opendkim/dkim_getid.html file path=usr/share/doc/opendkim/dkim_getmode.html file path=usr/share/doc/opendkim/dkim_getpartial.html file path=usr/share/doc/opendkim/dkim_getresultstr.html file path=usr/share/doc/opendkim/dkim_getsighdr.html file path=usr/share/doc/opendkim/dkim_getsighdr_d.html file path=usr/share/doc/opendkim/dkim_getsiglist.html file path=usr/share/doc/opendkim/dkim_getsignature.html file path=usr/share/doc/opendkim/dkim_getsslbuf.html file path=usr/share/doc/opendkim/dkim_getuser.html file path=usr/share/doc/opendkim/dkim_header.html file path=usr/share/doc/opendkim/dkim_init.html file path=usr/share/doc/opendkim/dkim_key_syntax.html file path=usr/share/doc/opendkim/dkim_lib.html file path=usr/share/doc/opendkim/dkim_libfeature.html file path=usr/share/doc/opendkim/dkim_libversion.html file path=usr/share/doc/opendkim/dkim_mail_parse.html file path=usr/share/doc/opendkim/dkim_minbody.html file path=usr/share/doc/opendkim/dkim_ohdrs.html file path=usr/share/doc/opendkim/dkim_options.html file path=usr/share/doc/opendkim/dkim_param_t.html file path=usr/share/doc/opendkim/dkim_privkey_load.html file path=usr/share/doc/opendkim/dkim_qi_getname.html file path=usr/share/doc/opendkim/dkim_qi_gettype.html file path=usr/share/doc/opendkim/dkim_query_t.html file path=usr/share/doc/opendkim/dkim_queryinfo.html file path=usr/share/doc/opendkim/dkim_resign.html file path=usr/share/doc/opendkim/dkim_set_dns_callback.html file path=usr/share/doc/opendkim/dkim_set_final.html file path=usr/share/doc/opendkim/dkim_set_key_lookup.html file path=usr/share/doc/opendkim/dkim_set_margin.html file path=usr/share/doc/opendkim/dkim_set_prescreen.html file path=usr/share/doc/opendkim/dkim_set_signature_handle.html file path=usr/share/doc/opendkim/dkim_set_signature_handle_free.html file path=usr/share/doc/opendkim/dkim_set_signature_tagvalues.html file path=usr/share/doc/opendkim/dkim_set_signer.html file path=usr/share/doc/opendkim/dkim_set_trust_anchor.html file path=usr/share/doc/opendkim/dkim_set_user_context.html file path=usr/share/doc/opendkim/dkim_setpartial.html file path=usr/share/doc/opendkim/dkim_sig_getbh.html file path=usr/share/doc/opendkim/dkim_sig_getcanonlen.html file path=usr/share/doc/opendkim/dkim_sig_getcanons.html file path=usr/share/doc/opendkim/dkim_sig_getcontext.html file path=usr/share/doc/opendkim/dkim_sig_getdnssec.html file path=usr/share/doc/opendkim/dkim_sig_getdomain.html file path=usr/share/doc/opendkim/dkim_sig_geterror.html file path=usr/share/doc/opendkim/dkim_sig_geterrorstr.html file path=usr/share/doc/opendkim/dkim_sig_getflags.html file path=usr/share/doc/opendkim/dkim_sig_gethashes.html file path=usr/share/doc/opendkim/dkim_sig_getidentity.html file path=usr/share/doc/opendkim/dkim_sig_getkeysize.html file path=usr/share/doc/opendkim/dkim_sig_getqueries.html file path=usr/share/doc/opendkim/dkim_sig_getreportinfo.html file path=usr/share/doc/opendkim/dkim_sig_getselector.html file path=usr/share/doc/opendkim/dkim_sig_getsignalg.html file path=usr/share/doc/opendkim/dkim_sig_getsignedhdrs.html file path=usr/share/doc/opendkim/dkim_sig_getsigntime.html file path=usr/share/doc/opendkim/dkim_sig_getsslbuf.html file path=usr/share/doc/opendkim/dkim_sig_gettagvalue.html file path=usr/share/doc/opendkim/dkim_sig_hdrsigned.html file path=usr/share/doc/opendkim/dkim_sig_ignore.html file path=usr/share/doc/opendkim/dkim_sig_process.html file path=usr/share/doc/opendkim/dkim_sig_seterror.html file path=usr/share/doc/opendkim/dkim_sig_syntax.html file path=usr/share/doc/opendkim/dkim_sigerror.html file path=usr/share/doc/opendkim/dkim_siginfo.html file path=usr/share/doc/opendkim/dkim_sigkey_t.html file path=usr/share/doc/opendkim/dkim_sign.html file path=usr/share/doc/opendkim/dkim_signhdrs.html file path=usr/share/doc/opendkim/dkim_ssl_version.html file path=usr/share/doc/opendkim/dkim_stat.html file path=usr/share/doc/opendkim/dkim_verify.html file path=usr/share/doc/opendkim/dns.html file path=usr/share/doc/opendkim/example.com.ldif file path=usr/share/doc/opendkim/final.lua.sample file path=usr/share/doc/opendkim/index.html file path=usr/share/doc/opendkim/mkdb.mysql file path=usr/share/doc/opendkim/opendkim file path=usr/share/doc/opendkim/opendkim-default-keygen file path=usr/share/doc/opendkim/opendkim-fixipaddrs.pl file path=usr/share/doc/opendkim/opendkim-spam-ignore-cmdswitch.patch file path=usr/share/doc/opendkim/opendkim.conf.sample file path=usr/share/doc/opendkim/opendkim.conf.simple file path=usr/share/doc/opendkim/opendkim.conf.simple-verify file path=usr/share/doc/opendkim/opendkim.ldif file path=usr/share/doc/opendkim/opendkim.schema file path=usr/share/doc/opendkim/opendkim.service file path=usr/share/doc/opendkim/opendkim.spec.in file path=usr/share/doc/opendkim/opendkim.xml file path=usr/share/doc/opendkim/overview.html file path=usr/share/doc/opendkim/reprrd-config.php file path=usr/share/doc/opendkim/reprrd.php file path=usr/share/doc/opendkim/repute.py file path=usr/share/doc/opendkim/screen.lua.sample file path=usr/share/doc/opendkim/setup.lua.sample file path=usr/share/doc/opendkim/stats.lua file path=usr/share/man/man1/opendkim-spam.1 file path=usr/share/man/man3/opendkim-lua.3 file path=usr/share/man/man3/rbl.3 file path=usr/share/man/man3/vbr.3 file path=usr/share/man/man5/opendkim.conf.5 file path=usr/share/man/man8/autobuild.8 file path=usr/share/man/man8/miltertest.8 file path=usr/share/man/man8/opendkim-atpszone.8 file path=usr/share/man/man8/opendkim-expire.8 file path=usr/share/man/man8/opendkim-gengraphs.8 file path=usr/share/man/man8/opendkim-genkey.8 file path=usr/share/man/man8/opendkim-genstats.8 file path=usr/share/man/man8/opendkim-genzone.8 file path=usr/share/man/man8/opendkim-importstats.8 file path=usr/share/man/man8/opendkim-reprrdimport.8 file path=usr/share/man/man8/opendkim-stats.8 file path=usr/share/man/man8/opendkim-testkey.8 file path=usr/share/man/man8/opendkim-testmsg.8 file path=usr/share/man/man8/opendkim.8 components/mail/opendkim/patches/01_define_MAX.patch
New file @@ -0,0 +1,15 @@ # there is no MAX function defined and there is no C function, too --- opendkim-2.10.3/stats/opendkim-importstats.c 2022-02-05 19:01:48.369660562 +0000 +++ opendkim-2.10.3/stats/opendkim-importstats.c.new 2022-02-05 19:33:02.755143771 +0000 @@ -41,6 +41,11 @@ #endif /* USE_ODBX */ /* macros, definitions */ +#define MAX(a,b) \ + ({ __typeof__ (a) _a = (a); \ + __typeof__ (b) _b = (b); \ + _a > _b ? _a : _b; }) + #define CMDLINEOPTS "d:EFh:mP:p:rSs:u:vx" #define DEFDBHOST "localhost" components/mail/opendkim/patches/02_config_h.patch
New file @@ -0,0 +1,20 @@ # again __P isn't defined anywhere else --- opendkim-2.10.3/opendkim/config.h 2022-02-05 20:11:14.668189198 +0000 +++ opendkim-2.10.3/opendkim/config.h.new 2022-02-05 20:14:36.784798073 +0000 @@ -18,6 +18,16 @@ #endif /* HAVE_STDBOOL_H */ #include <stdio.h> +#ifdef __STDC__ +# ifndef __P +# define __P(x) x +# endif /* ! __P */ +#else /* __STDC__ */ +# ifndef __P +# define __P(x) () +# endif /* ! __P */ +#endif /* __STDC__ */ + /* types and things */ #define CONFIG_TYPE_STRING 0 #define CONFIG_TYPE_INTEGER 1 components/mail/opendkim/patches/CRYPTO_set_id_callback.patch
New file @@ -0,0 +1,15 @@ # according to https://github.com/openssl/openssl/issues/1260 those functions aren't needed for openssl > 1.0 # and test results are still exactly the same --- opendkim-2.10.3/opendkim/opendkim-crypto.c 2022-02-06 14:42:23.022149911 +0000 +++ opendkim-2.10.3/opendkim/opendkim-crypto.c.new 2022-02-06 14:57:05.159603533 +0000 @@ -365,8 +365,10 @@ SSL_library_init(); ERR_load_crypto_strings(); +#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 CRYPTO_set_id_callback(&dkimf_crypto_get_id); CRYPTO_set_locking_callback(&dkimf_crypto_lock_callback); +#endif CRYPTO_set_dynlock_create_callback(&dkimf_crypto_dyn_create); CRYPTO_set_dynlock_lock_callback(&dkimf_crypto_dyn_lock); CRYPTO_set_dynlock_destroy_callback(&dkimf_crypto_dyn_destroy); components/mail/opendkim/patches/mlfi_body_dont_skip.patch
New file @@ -0,0 +1,36 @@ commit 90a4ea2af4669eeaef945b13319f7a9c03855aac Author: Dilian Wesselinov Palauzov <git-dpa@aegee.org> Date: Wed May 16 11:16:08 2018 +0000 opendkim/opendkim.c:mlfi_body: don't SMFIS_SKIP a big message, that doesn't need verification, but need signing sendmail sends bodies to libmilter in chunks of 64k. When opendkim is supposed simulateneously to verify the signature of an email and to sign it, the body is >64k, the email has no signature yet, that can be verified, opendkim shall not send SMFIS_SKIP, hence ingoring the remaining chunks of the message, as opendkim needs the remaining chunks for correct signing of the message. diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c index eaf8c9e6..3c16da07 100644 --- a/opendkim/opendkim.c +++ b/opendkim/opendkim.c @@ -13138,13 +13138,10 @@ mlfi_body(SMFICTX *ctx, u_char *bodyp, size_t bodylen) return dkimf_libstatus(ctx, last, "dkim_body()", status); #ifdef SMFIS_SKIP - if (dfc->mctx_srhead != NULL && cc->cctx_milterv2 && - dkimf_msr_minbody(dfc->mctx_srhead) == 0) - return SMFIS_SKIP; - - if (dfc->mctx_dkimv != NULL && cc->cctx_milterv2 && - dkim_minbody(dfc->mctx_dkimv) == 0) - return SMFIS_SKIP; + if (cc->cctx_milterv2 && + (dfc->mctx_srhead == NULL || dkimf_msr_minbody(dfc->mctx_srhead) == 0) && + (dfc->mctx_dkimv == NULL || dkim_minbody(dfc->mctx_dkimv) == 0)) + return SMFIS_SKIP; #endif /* SMFIS_SKIP */ return SMFIS_CONTINUE; components/mail/opendkim/patches/openssl_1.1.0_compat.patch
New file @@ -0,0 +1,90 @@ Description: Build and work with either openssl 1.0.2 or 1.1.0 * Add patch to build with either openssl 1.0.2 or 1.1.0 (Closes: #828466) - Thanks to Sebastian Andrzej Siewior for the patch Author: Sebastian Andrzej Siewior Bug-Debian: http://bugs.debian.org/828466 Origin: vendor Forwarded: no Reviewed-By: Scott Kitterman <scott@kitterman.com> Last-Update: <YYYY-MM-DD> --- opendkim-2.11.0~alpha.orig/configure.ac +++ opendkim-2.11.0~alpha/configure.ac @@ -864,26 +864,28 @@ then AC_SEARCH_LIBS([ERR_peek_error], [crypto], , AC_MSG_ERROR([libcrypto not found])) - AC_SEARCH_LIBS([SSL_library_init], [ssl], , - [ - if test x"$enable_shared" = x"yes" - then - AC_MSG_ERROR([Cannot build shared opendkim - against static openssl libraries. - Configure with --disable-shared - to get this working or obtain a - shared libssl library for - opendkim to use.]) - fi - # avoid caching issue - last result of SSL_library_init - # shouldn't be cached for this next check - unset ac_cv_search_SSL_library_init - LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" - AC_SEARCH_LIBS([SSL_library_init], [ssl], , - AC_MSG_ERROR([libssl not found]), [-ldl]) - ] - ) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]], + [[SSL_library_init();]])], + [od_have_ossl="yes";], + [od_have_ossl="no";]) + if test x"$od_have_ossl" = x"no" + then + if test x"$enable_shared" = x"yes" + then + AC_MSG_ERROR([Cannot build shared opendkim + against static openssl libraries. + Configure with --disable-shared + to get this working or obtain a + shared libssl library for + opendkim to use.]) + fi + + LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" + AC_SEARCH_LIBS([SSL_library_init], [ssl], , + AC_MSG_ERROR([libssl not found]), [-ldl]) + fi AC_CHECK_DECL([SHA256_DIGEST_LENGTH], AC_DEFINE([HAVE_SHA256], 1, --- opendkim-2.11.0~alpha.orig/opendkim/opendkim-crypto.c +++ opendkim-2.11.0~alpha/opendkim/opendkim-crypto.c @@ -222,7 +222,11 @@ dkimf_crypto_free_id(void *ptr) { assert(pthread_setspecific(id_key, ptr) == 0); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + OPENSSL_thread_stop(); +#else ERR_remove_state(0); +#endif free(ptr); @@ -392,11 +396,15 @@ dkimf_crypto_free(void) { if (crypto_init_done) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + OPENSSL_thread_stop(); +#else CRYPTO_cleanup_all_ex_data(); CONF_modules_free(); EVP_cleanup(); ERR_free_strings(); ERR_remove_state(0); +#endif if (nmutexes > 0) { components/mail/opendkim/patches/sql-filter.patch
New file @@ -0,0 +1,16 @@ --- opendkim-2.11.0~alpha.orig/opendkim/opendkim-db.c 2015-10-20 02:21:23.000000000 +0000 +++ ./opendkim-2.11.0~alpha/opendkim/opendkim-db.c 2017-09-20 17:41:51.410641883 +0000 @@ -5994,9 +5994,11 @@ { char query[BUFRSZ]; - snprintf(query, sizeof query, "SELECT %s,%s FROM %s", + snprintf(query, sizeof query, "SELECT %s,%s FROM %s%s%s", dsn->dsn_keycol, dsn->dsn_datacol, - dsn->dsn_table); + dsn->dsn_table, + dsn->dsn_filter == NULL ? "" : " WHERE ", + dsn->dsn_filter == NULL ? "" : dsn->dsn_filter); err = odbx_query((odbx_t *) db->db_handle, query, 0); if (err < 0) components/mail/opendkim/pkg5
New file @@ -0,0 +1,24 @@ { "dependencies": [ "SUNWcs", "database/berkeleydb-5", "database/lmdb", "image/rrdtool", "library/jansson", "library/libmemcached", "library/libmilter", "library/opendbx", "library/openldap", "library/security/openssl-11", "library/tre", "runtime/lua", "runtime/perl-524", "shell/ksh93", "system/library", "system/library/math" ], "fmris": [ "mail/opendkim" ], "name": "opendkim" } components/mail/opendkim/test/results-64.master
New file @@ -0,0 +1,215 @@ PASS: t-setup PASS: t-test00 PASS: t-test01 PASS: t-test02 PASS: t-test03 PASS: t-test04 PASS: t-test05 PASS: t-test06 PASS: t-test07 PASS: t-test08 PASS: t-test09 PASS: t-test10 PASS: t-test11 PASS: t-test12 PASS: t-test13 PASS: t-test14 PASS: t-test15 PASS: t-test16 PASS: t-test17 PASS: t-test18 PASS: t-test19 PASS: t-test20 PASS: t-test21 PASS: t-test22 PASS: t-test23 PASS: t-test24 PASS: t-test25 PASS: t-test26 PASS: t-test27 PASS: t-test28 PASS: t-test29 PASS: t-test30 PASS: t-test31 PASS: t-test32 PASS: t-test33 PASS: t-test34 PASS: t-test35 PASS: t-test36 PASS: t-test37 PASS: t-test38 PASS: t-test39 PASS: t-test40 PASS: t-test41 PASS: t-test42 PASS: t-test43 PASS: t-test44 PASS: t-test45 PASS: t-test46 PASS: t-test47 PASS: t-test48 PASS: t-test50 PASS: t-test51 PASS: t-test52 PASS: t-test53 PASS: t-test54 PASS: t-test55 PASS: t-test56 PASS: t-test57 PASS: t-test58 PASS: t-test59 PASS: t-test60 PASS: t-test61 PASS: t-test62 PASS: t-test63 PASS: t-test64 PASS: t-test65 PASS: t-test66 PASS: t-test67 PASS: t-test68 PASS: t-test69 PASS: t-test70 PASS: t-test71 PASS: t-test72 PASS: t-test73 PASS: t-test74 PASS: t-test76 PASS: t-test77 PASS: t-test78 PASS: t-test79 PASS: t-test80 PASS: t-test81 PASS: t-test82 PASS: t-test83 PASS: t-test84 PASS: t-test85 PASS: t-test86 PASS: t-test87 PASS: t-test88 PASS: t-test89 PASS: t-test90 PASS: t-test91 PASS: t-test92 PASS: t-test93 PASS: t-test94 PASS: t-test96 PASS: t-test97 PASS: t-test98 PASS: t-test99 PASS: t-test100 PASS: t-test101 PASS: t-test102 PASS: t-test103 PASS: t-test104 PASS: t-test105 PASS: t-test106 PASS: t-test107 PASS: t-test108 PASS: t-test109 PASS: t-test110 PASS: t-test111 PASS: t-test112 PASS: t-test114 PASS: t-test115 PASS: t-test116 PASS: t-test117 PASS: t-test119 PASS: t-test120 PASS: t-test121 PASS: t-test122 PASS: t-test123 PASS: t-test125 PASS: t-test126 PASS: t-test127 PASS: t-test128 PASS: t-test129 PASS: t-test130 PASS: t-test131 PASS: t-test132 PASS: t-test133 PASS: t-test134 PASS: t-test135 PASS: t-test136 PASS: t-test137 PASS: t-test138 PASS: t-test139 PASS: t-test140 PASS: t-test141 PASS: t-test142 PASS: t-test143 PASS: t-test144 PASS: t-test145 PASS: t-test146 PASS: t-test147 PASS: t-test148 PASS: t-test149 PASS: t-test150 PASS: t-test151 PASS: t-test152 PASS: t-test153 PASS: t-test154 PASS: t-signperf PASS: t-verifyperf PASS: t-cleanup PASS: t-signperf-sha1 PASS: t-signperf-relaxed-relaxed PASS: t-signperf-simple-simple ============================================================================ ============================================================================ # TOTAL: 156 # PASS: 156 # SKIP: 0 # XFAIL: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # XPASS: 0 # ERROR: 0 ============================================================================ PASS: t-sign-ss PASS: t-sign-rs PASS: t-sign-rs-tables PASS: t-sign-rs-tables-bad FAIL: t-sign-rs-tables-token PASS: t-sign-rs-multiple PASS: t-sign-rs-mixconf PASS: t-sign-rs-lua PASS: t-sign-ss-all PASS: t-sign-ss-ltag PASS: t-sign-ss-x PASS: t-verify-revoked PASS: t-verify-unspec PASS: t-verify-malformed PASS: t-verify-unsigned FAIL: t-verify-unsigned-silent PASS: t-verify-syntax PASS: t-verify-ss PASS: t-verify-ss-bad PASS: t-verify-ss-ar-bad PASS: t-dontsign PASS: t-peer PASS: t-lua-verify-tests PASS: t-sign-ss-macro FAIL: t-sign-ss-macro-value FAIL: t-sign-ss-macro-value-file PASS: t-verify-report PASS: t-sign-report PASS: t-conf-check PASS: t-verify-double-from PASS: t-lua-rbl PASS: t-sign-ss-replace PASS: t-sign-atps PASS: t-verify-ss-atps ============================================================================ ============================================================================ # TOTAL: 34 # PASS: 30 # SKIP: 0 # XFAIL: 0 # XFAIL: 0 # FAIL: 4 # XPASS: 0 # XPASS: 0 # ERROR: 0 ============================================================================ ============================================================================ doc/reserved_uids_and_gids.md
@@ -25,6 +25,7 @@ 22 | sshd 25 | smmsp 27 | postfix 30 | opendkim 37 | listen 40 | puppet 50 | gdm @@ -94,6 +95,7 @@ 25 | smmsp 27 | postfix 28 | postdrop 30 | opendkim 40 | puppet 50 | gdm 52 | upnp