From 5c12f76ce309eb454ffe0bceb943e2db05abb188 Mon Sep 17 00:00:00 2001 From: mose Date: Mon, 30 Jun 2014 13:34:55 +0800 Subject: [PATCH] - add opendkim-tools package - set UMask 002 in opendkim.conf for postfix unprivileged access - add postfix in opendkim group --- postfix-dkim/recipes/default.rb | 9 ++++++++- postfix-dkim/templates/default/opendkim.conf.erb | 7 ++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/postfix-dkim/recipes/default.rb b/postfix-dkim/recipes/default.rb index 393dbb2..6e08a45 100644 --- a/postfix-dkim/recipes/default.rb +++ b/postfix-dkim/recipes/default.rb @@ -18,6 +18,7 @@ # package 'opendkim' +package 'opendkim-tools' template "/etc/opendkim.conf" do source "opendkim.conf.erb" @@ -44,10 +45,16 @@ EOH end +group "opendkim" do + action :modify + members "postfix" + append true +end + service "opendkim" do action :start end service "postfix" do action :restart -end \ No newline at end of file +end diff --git a/postfix-dkim/templates/default/opendkim.conf.erb b/postfix-dkim/templates/default/opendkim.conf.erb index a193aff..fc088a1 100644 --- a/postfix-dkim/templates/default/opendkim.conf.erb +++ b/postfix-dkim/templates/default/opendkim.conf.erb @@ -6,7 +6,7 @@ Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) -#UMask 002 +UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) @@ -24,7 +24,8 @@ SignatureAlgorithm rsa-sha256 SubDomains no #ADSPDiscard no #Version rfc4871 -X-Header no +X-Header yes +OversignHeaders From ############################################### # Other (less-standard) configuration options # @@ -55,4 +56,4 @@ X-Header no # be passed through #RequiredHeaders yes -<%= "SenderHeaders #{node[:postfix_dkim][:sender_headers]}" if node[:postfix_dkim][:sender_headers] %> \ No newline at end of file +<%= "SenderHeaders #{node[:postfix_dkim][:sender_headers]}" if node[:postfix_dkim][:sender_headers] %>