Hi,
I am not familiar with Debian packages processes.
I hope this is the right place to report the issue.
I found the issue using the Ubuntu package dkimproxy, I believe
inherited from Debian.
I agree with Martin Hanson.
For me the dkimproxy daemon script does not work correctly.
It does not take into account the /etc/dkimproxy/dkimpproxy_out.conf
file and thus does not use the appropriate key location.
This is also what was, to me, reported in bug:
#688986: Init script of Debian package of dkimproxy do not parse/read
/etc/dkimproxy/dkimproxy_out.conf
The script /usr/sbin/dkimproxy.out works fine but, after some trials, I
understand that some options should be exclusive or at least, the
precedence of some options should be more documented.
Then the dkimproxy daemon script (in /etc/init.d/) builds the wrong
combination of options preventing dkimproxy.out to read the config file
and to work as expected.
My understanding is that the script /usr/sbin/dkimproxy.out should be
used either with the --conf_file=FILENAME option
or with options --keyfile=FILENAME, --selector=SELECTOR, etc...
I could not really figure out which options can be combined. I only
notice that:
/usr/sbin/dkimproxy.out --conf_file=/etc/dkimproxy/dkimproxy_out.conf
--daemonize
works fine whereas, command generated by the dkimproxy daemon script:
/usr/sbin/dkimproxy.out --domain=somedomain --method=simple
--conf_file=/etc/dkimproxy/dkimproxy_out.conf
--keyfile=/var/lib/dkimproxy/private.key --user=dkimproxy --group=email
--daemonize --pidfile=/var/run/dkimproxy.out --signature=dkim
--signature=domainkeys --min_servers=5
Does not work for me because the
--keyfile=/var/lib/dkimproxy/private.key seem to have precedence on the
key location specified in --conf_file=/etc/dkimproxy/dkimproxy_out.conf
I think that there are too many levels of config files:
- /etc/default/dkimproxy used by /etc/init.d/dkimproxy
- /etc/dkimproxy/dkimproxy_out.conf used by /usr/sbin/dkimproxy.out
- sender_map also used by /usr/sbin/dkimproxy.out
With very confusing combinations of options and overwriting
possibilities (and currently /etc/default/dkimproxy overwrites the
dkimproxy_out.conf options...).
Maybe this should be simplified.
Beside this, I think the dkimproxy daemon script need to be reviewed.
I found, for example that the piece of code:
# Get the host domains dynamically. You can change this to the location
where
# you have your virtual table here, or best: ehance this script to
support more
# situations with packages others than DTC
HOST_DOMAIN=${DKIM_HOSTNAME}
if [ -n "${DOMAIN}" ] ; then
if [ -f /var/lib/dtc/etc/local_domains ] ; then
DTC_DOMAIN=`cat /var/lib/dtc/etc/local_domains | tr \\\r\\\n ,,`
DTC_DOMAIN=`echo ${DTC_DOMAIN} | grep -v ^${HOST_DOMAIN}`
else
DTC_DOMAIN=""
fi
fi
DOMAIN=${DTC_DOMAIN}${HOST_DOMAIN}
Will never retain the DOMAIN, read in the /etc/default/dkimproxy file
but always set it to ${DTC_DOMAIN}${HOST_DOMAIN}...
For me, DOMAIN=${DTC_DOMAIN}${HOST_DOMAIN} should be put in an 'else'
section of 'if [ -n "${DOMAIN}" ] ;
For now I will try to rework this script at least for my own use (I am
not an sh expert...).
If the result is satisfactory, I will post it in this thread.
Best regards,
Erlé