Hi all,
Sorry for the long post.
I come back to you with my thoughts on what I think is an issue in the
dkimproxy package.
In file /etc/default/dkimproxy, it is mentioned:
# If a variable is unset or set to an empty value, the corresponding
argument will be omitted from
# the dkimproxy command line, and dkimproxy is free to read a value from its
# own configuration file or use its own default value.
Maybe I did it wrong, but I could not manage to unset some variables.
For me, once the dkimproxy daemon script reads the
/etc/default/dkimproxy file,
if for example the DKIMPROXY_OUT_PRIVKEY is not specified or is set to '',
the dkimproxy will set the location of the key to default:
/var/lib/dkimproxy/private.key
And the script will ignore the /etc/dkimproxy/dkimproxy_out.conf or
sender_map.
For me, this is an issue.
I think that, if the script /usr/sbin/dkimproxy.out was written with a
lot of options and the possibility to
specify (in command line options) the selector, the key location, the
type of signature etc., it is more for trials purpose.
Then for a "normal" use of the dkimproxy.out (run as a daemon), the
configuration should be set in files:
/etc/dkimproxy/dkimproxy_out.conf or/and sender_map.
So there is not point, at the /etc/init.d/dkimproxy script level, to
offer some of the options.
We should have there, only the options that are not available in other
config files.
Such as RUN_DKIMPROXY_OUT, DKIMPROXY_OUT_MIN_SERVERS, user or group.
But options such as DKIMPROXY_OUT_PRIVKEY should not be specified in
this file, as it will then take
precedence on the /etc/dkimproxy/dkimproxy_out.conf and sender_map
files, are less flexible
than in the sender_map file and just add confusion.
I have worked on a new version of the dkimproxy daemon script present in
/etc/init.d/
and the associated config file /etc/default/dkimproxy
For backward compatibility, I have tried to find a solution allowing to
leave the confusing 'DKIMPROXY_OUT_PRIVKEY '
parameter but it doesn seem possible. So I think this confiusing
parameter could simply be removed from
the /etc/default/dkimproxy file.
In my daemon script, I have also added the command "service dkimproxy
status"
Here are my versions of the files; Maybe they will be useful to others:
- /etc/default/dkimproxy:
### Default configuration for dkimproxy.
## The following variables specify configuration to be passed as
arguments to
## the dkimproxy daemons. If a variable is commented out, the default value
## within the /etc/init.d/dkimproxy script will be used.
## For more details about dkimproxy parameters, please use:
## /usr/sbin/dkimproxy.out --help and
## /usr/sbin/dkimproxy.in --help
## Variables in Section1 have no risk to conflict with variables specified
## in other config files dkimproxy_in.conf and sender_map.
## Variables in Section2 are now obsolete and will be ignored by the
## /etc/init.d/dkimproxy script.
## SECTION 1
#
## which daemons would be run; anything other than '1' will disable a daemon
## default: 1
RUN_DKIMPROXY_OUT=1
RUN_DKIMPROXY_IN=0
## configuration file to use for dkimproxy.in
## default: "/etc/dkimproxy/dkimproxy_in.conf"
#DKIMPROXY_IN_CONF="/etc/dkimproxy/dkimproxy_in.conf"
## configuration file to use for dkimproxy.out
## default: "/etc/dkimproxy/dkimproxy_out.conf"
#DKIMPROXY_OUT_CONF="/etc/dkimproxy/dkimproxy_out.conf"
## Number of pre-forked process that dkimproxy should keep ready for action.
## The best value for performances is 5 on a single core server. It would
## seem reasonable to add at least one process per core on your server.
## Each process will take about 2MB of RAM, so with a value of 2 for both
## the in and the out daemon, dkimproxy will use 10/12 MB of RAM.
## default: 5
#DKIMPROXY_IN_MIN_SERVERS=5
DKIMPROXY_OUT_MIN_SERVERS=4
## user and group of the dkimproxy daemons
## default user: dkimproxy
## default group: dkimproxy
DKIMPROXYUSER=dkimproxy
DKIMPROXYGROUP=email
## HOSTNAME
## Is used by the DKIM IN PROXY
## hostname for verification "Authentication-Results" header
## Feel free to use hostname -f if that fits you, but then make
## sure that your DNS dkim key entry is setup accordingly with
## something like _domainkey.mx.example.com
## default: `hostname -d`
#DKIM_HOSTNAME=
## DOMAIN
## Is used by the DKIM OUT PROXY
## Specifies the domains to sign for; specify multiple domains separated
by commas
## This variable is overwriten by domain specified in dkimproxy_out.conf
## or in sender_map files.
## default: `hostname -d` and domains parsed from