diff --git a/opendmarc/.footprint b/opendmarc/.footprint new file mode 100644 index 000000000..79c2ba08e --- /dev/null +++ b/opendmarc/.footprint @@ -0,0 +1,92 @@ +drwxr-xr-x root/root etc/ +drwxr-xr-x root/root etc/opendmarc/ +-rw-r--r-- root/root etc/opendmarc/opendmarc.conf +drwxr-xr-x root/root etc/rc.d/ +-rwxr-xr-x root/root etc/rc.d/opendmarc +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/include/ +drwxr-xr-x root/root usr/include/opendmarc/ +-rw-r--r-- root/root usr/include/opendmarc/dmarc.h +drwxr-xr-x root/root usr/lib/ +-rw-r--r-- root/root usr/lib/libopendmarc.a +-rwxr-xr-x root/root usr/lib/libopendmarc.la +lrwxrwxrwx root/root usr/lib/libopendmarc.so -> libopendmarc.so.2.0.3 +lrwxrwxrwx root/root usr/lib/libopendmarc.so.2 -> libopendmarc.so.2.0.3 +-rwxr-xr-x root/root usr/lib/libopendmarc.so.2.0.3 +drwxr-xr-x root/root usr/sbin/ +-rwxr-xr-x root/root usr/sbin/opendmarc +-rwxr-xr-x root/root usr/sbin/opendmarc-check +-rwxr-xr-x root/root usr/sbin/opendmarc-expire +-rwxr-xr-x root/root usr/sbin/opendmarc-import +-rwxr-xr-x root/root usr/sbin/opendmarc-importstats +-rwxr-xr-x root/root usr/sbin/opendmarc-params +-rwxr-xr-x root/root usr/sbin/opendmarc-reports +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/doc/ +drwxr-xr-x root/root usr/share/doc/opendmarc/ +-rw-r--r-- root/root usr/share/doc/opendmarc/LICENSE +-rw-r--r-- root/root usr/share/doc/opendmarc/LICENSE.Sendmail +-rw-r--r-- root/root usr/share/doc/opendmarc/README +-rw-r--r-- root/root usr/share/doc/opendmarc/README.rddmarc +-rw-r--r-- root/root usr/share/doc/opendmarc/README.schema +-rw-r--r-- root/root usr/share/doc/opendmarc/dmarc_policy_t.html +-rw-r--r-- root/root usr/share/doc/opendmarc/dmarcfail.py +-rw-r--r-- root/root usr/share/doc/opendmarc/index.html +-rw-r--r-- root/root usr/share/doc/opendmarc/mkdmarc +-rw-r--r-- root/root usr/share/doc/opendmarc/mysql_ip6.c +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc.conf.sample +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc.service.in +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc.spec.in +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_dns_fake_record.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_get_policy_to_enforce.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_lib_t.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_connect_clear.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_connect_init.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_connect_rset.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_connect_shutdown.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_adkim.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_alignment.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_aspf.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_fo.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_p.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_pct.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_rf.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_rua.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_ruf.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_sp.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_fetch_utilized_domain.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_library_init.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_library_shutdown.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_parse_dmarc.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_query_dmarc.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_status_to_str.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_store_dkim.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_store_dmarc.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_store_from_domain.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_store_spf.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_policy_to_buf.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_spf_test.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_status_t.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_tld_read_file.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_tld_shutdown.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_util_clearargv.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_xml.html +-rw-r--r-- root/root usr/share/doc/opendmarc/opendmarc_xml_parse.html +-rw-r--r-- root/root usr/share/doc/opendmarc/overview.html +-rw-r--r-- root/root usr/share/doc/opendmarc/rddmarc +-rw-r--r-- root/root usr/share/doc/opendmarc/schema.mysql +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man5/ +-rw-r--r-- root/root usr/share/man/man5/opendmarc.conf.5.gz +drwxr-xr-x root/root usr/share/man/man8/ +-rw-r--r-- root/root usr/share/man/man8/opendmarc-check.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc-expire.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc-import.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc-importstats.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc-params.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc-reports.8.gz +-rw-r--r-- root/root usr/share/man/man8/opendmarc.8.gz +drwxr-xr-x root/root var/ +drwxr-xr-x root/root var/lib/ +drwxr-xr-x opendmarc/opendmarc var/lib/opendmarc/ diff --git a/opendmarc/.signature b/opendmarc/.signature new file mode 100644 index 000000000..462459180 --- /dev/null +++ b/opendmarc/.signature @@ -0,0 +1,8 @@ +untrusted comment: verify with /etc/ports/contrib.pub +RWSagIOpLGJF3/BJKRMhoZXcSMfCNEMJUFkDnhrvgL8c1RpIRgoXYR7JQqcuegWnDC9JXX0hKmE7t+ZOjH6PA+8ciN68uMoW7A8= +SHA256 (Pkgfile) = 6d131cf52be805a7dd95c6cff2e0a013c0319177031021c8a2e841a9f05a7e10 +SHA256 (.footprint) = 7610383ea1c223a1c3ef3ea004fc18ac32d97c8234695a09916f520247e492dc +SHA256 (rel-opendmarc-1-4-2.tar.gz) = ee1dcdd158fd5fd2b16de2b86980c4a4be60a070641ca19591a713da4e4008bb +SHA256 (opendmarc.conf) = 2af0ee67e97609096c725836318dbb50c74090dfe88cdeedc4a1a7f3331be91c +SHA256 (opendmarc.rc) = 52928eb777292d24138e73f265a68ac682e74c4e470b017bcaffe04bba95e129 +SHA256 (arcseal-segfaults.patch) = c76524f6583fed5237c701bdd3cb1412a86c53de67c18fe18b2629a9a218e7e3 diff --git a/opendmarc/Pkgfile b/opendmarc/Pkgfile new file mode 100644 index 000000000..6ecd3c5f5 --- /dev/null +++ b/opendmarc/Pkgfile @@ -0,0 +1,31 @@ +# Description: Free open source software implementation of the DMARC specification +# URL: https://github.com/trusteddomainproject/OpenDMARC +# Maintainer: +# Depends on: libbsd libidn libspf2 + +name=opendmarc +version=1.4.2 +release=1 +source=(https://github.com/trusteddomainproject/OpenDMARC/archive/rel-${name}-${version//./-}.tar.gz + opendmarc.conf opendmarc.rc + arcseal-segfaults.patch) + +build() { + cd OpenDMARC-rel-$name-${version//./-} + + patch -Np1 -i $SRC/arcseal-segfaults.patch + + autoreconf -vi + ./configure --prefix=/usr \ + --sysconfdir="/etc/$name" \ + --with-spf \ + --with-spf2-include=/usr/include/spf2 \ + --with-spf2-lib=/usr/lib/ + + make + make DESTDIR=$PKG install + + install -o root -g root -m 0755 -D $SRC/$name.rc $PKG/etc/rc.d/$name + install -o opendmarc -g opendmarc -m 0755 -d $PKG/var/lib/opendmarc + install -o root -g root -Dm 0644 $SRC/$name.conf $PKG/etc/$name/$name.conf +} diff --git a/opendmarc/arcseal-segfaults.patch b/opendmarc/arcseal-segfaults.patch new file mode 100644 index 000000000..a40817f12 --- /dev/null +++ b/opendmarc/arcseal-segfaults.patch @@ -0,0 +1,50 @@ +From: "@KIC-8462852" <> +Date: Tue, 18 Jan 2022 11:57:01 -0500 +Subject: Fix segfaults, increase token max lengths in ARC-Seal headers + +Origin: other, https://github.com/trusteddomainproject/OpenDMARC/files/6717466/opendmarc-arcseal.patch.txt +Bug: https://github.com/trusteddomainproject/OpenDMARC/issues/183 +--- + opendmarc/opendmarc-arcseal.c | 7 ++++++- + opendmarc/opendmarc-arcseal.h | 2 +- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/opendmarc/opendmarc-arcseal.c b/opendmarc/opendmarc-arcseal.c +index 73eebb7..a5ae77b 100644 +--- a/opendmarc/opendmarc-arcseal.c ++++ b/opendmarc/opendmarc-arcseal.c +@@ -29,7 +29,7 @@ + #include "opendmarc.h" + + #define OPENDMARC_ARCSEAL_MAX_FIELD_NAME_LEN 255 +-#define OPENDMARC_ARCSEAL_MAX_TOKEN_LEN 512 ++#define OPENDMARC_ARCSEAL_MAX_TOKEN_LEN 768 + + /* tables */ + struct opendmarc_arcseal_lookup +@@ -167,7 +167,12 @@ opendmarc_arcseal_parse(u_char *hdr, struct arcseal *as) + if (*token_ptr == '\0') + return 0; + tag_label = strsep(&token_ptr, "="); ++ if (token_ptr == NULL) ++ return -1; ++ + tag_value = opendmarc_arcseal_strip_whitespace(token_ptr); ++ if (tag_value == NULL) ++ return -1; + + tag_code = opendmarc_arcseal_convert(as_tags, tag_label); + +diff --git a/opendmarc/opendmarc-arcseal.h b/opendmarc/opendmarc-arcseal.h +index 4eb0927..6e11a06 100644 +--- a/opendmarc/opendmarc-arcseal.h ++++ b/opendmarc/opendmarc-arcseal.h +@@ -32,7 +32,7 @@ + /* max header tag value length (short) */ + #define OPENDMARC_ARCSEAL_MAX_SHORT_VALUE_LEN 256 + /* max header tag value length (long) */ +-#define OPENDMARC_ARCSEAL_MAX_LONG_VALUE_LEN 512 ++#define OPENDMARC_ARCSEAL_MAX_LONG_VALUE_LEN 768 + + /* names and field labels */ + #define OPENDMARC_ARCSEAL_HDRNAME "ARC-Seal" diff --git a/opendmarc/opendmarc.conf b/opendmarc/opendmarc.conf new file mode 100644 index 000000000..84ea1a83a --- /dev/null +++ b/opendmarc/opendmarc.conf @@ -0,0 +1,370 @@ +## opendmarc.conf -- configuration file for OpenDMARC filter +## +## Copyright (c) 2012-2015, The Trusted Domain Project. All rights reserved. + +## DEPRECATED CONFIGURATION OPTIONS +## +## The following configuration options are no longer valid. They should be +## removed from your existing configuration file to prevent potential issues. +## Failure to do so may result in opendmarc being unable to start. +## +## Renamed in 1.3.0: +## ForensicReports became FailureReports +## ForensicReportsBcc became FailureReportsBcc +## ForensicReportsOnNone became FailureReportsOnNone +## ForensicReportsSentBy became FailureReportsSentBy + +## CONFIGURATION OPTIONS + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name +AuthservID HOSTNAME + +## AuthservIDWithJobID { true | false } +## default "false" +## +## If "true", requests that the authserv-id portion of the added +## Authentication-Results header fields contain the job ID of the message +## being evaluated. +# +# AuthservIDWithJobID false + +## AutoRestart { true | false } +## default "false" +## +## Automatically re-start on failures. Use with caution; if the filter fails +## instantly after it starts, this can cause a tight fork(2) loop. +# +# AutoRestart false + +## AutoRestartCount n +## default 0 +## +## Sets the maximum automatic restart count. After this number of automatic +## restarts, the filter will give up and terminate. A value of 0 implies no +## limit. +# +# AutoRestartCount 0 + +## AutoRestartRate n/t[u] +## default (no limit) +## +## Sets the maximum automatic restart rate. If the filter begins restarting +## faster than the rate defined here, it will give up and terminate. This +## is a string of the form n/t[u] where n is an integer limiting the count +## of restarts in the given interval and t[u] defines the time interval +## through which the rate is calculated; t is an integer and u defines the +## units thus represented ("s" or "S" for seconds, the default; "m" or "M" +## for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a +## value of "10/1h" limits the restarts to 10 in one hour. There is no +## default, meaning restart rate is not limited. +# +# AutoRestartRate n/t[u] + +## Background { true | false } +## default "true" +## +## Causes opendmarc to fork and exits immediately, leaving the service +## running in the background. +# +# Background true + +## BaseDirectory (string) +## default (none) +## +## If set, instructs the filter to change to the specified directory using +## chdir(2) before doing anything else. This means any files referenced +## elsewhere in the configuration file can be specified relative to this +## directory. It's also useful for arranging that any crash dumps will be +## saved to a specific location. +# +# BaseDirectory /var/run/opendmarc + +## ChangeRootDirectory (string) +## default (none) +## +## Requests that the operating system change the effective root directory of +## the process to the one specified here prior to beginning execution. +## chroot(2) requires superuser access. A warning will be generated if +## UserID is not also set. +# +# ChangeRootDirectory /var/chroot/opendmarc + +## CopyFailuresTo (string) +## default (none) +## +## Requests addition of the specified email address to the envelope of +## any message that fails the DMARC evaluation. +# +# CopyFailuresTo postmaster@localhost + +## DNSTimeout (integer) +## default 5 +## +## Sets the DNS timeout in seconds. A value of 0 causes an infinite wait. +## (NOT YET IMPLEMENTED) +# +# DNSTimeout 5 + +## EnableCoredumps { true | false } +## default "false" +## +## On systems that have such support, make an explicit request to the kernel +## to dump cores when the filter crashes for some reason. Some modern UNIX +## systems suppress core dumps during crashes for security reasons if the +## user ID has changed during the lifetime of the process. Currently only +## supported on Linux. +# +# EnableCoreDumps false + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## FailureReportsBcc (string) +## default (none) +## +## When failure reports are enabled and one is to be generated, always +## send one to the address(es) specified here. If a failure report is +## requested by the domain owner, the address(es) are added in a Bcc: field. +## If no request is made, they address(es) are used in a To: field. There +## is no default. +# +# FailureReportsBcc postmaster@example.coom + +## FailureReportsOnNone { true | false } +## default "false" +## +## Supplements the "FailureReports" setting by generating reports for +## domains that advertise "none" policies. By default, reports are only +## generated (when enabled) for sending domains advertising a "quarantine" +## or "reject" policy. +# +# FailureReportsOnNone false + +## FailureReportsSentBy string +## default "USER@HOSTNAME" +## +## Specifies the email address to use in the From: field of failure +## reports generated by the filter. The default is to use the userid of +## the user running the filter and the local hostname to construct an +## email address. "postmaster" is used in place of the userid if a name +## could not be determined. +# +# FailureReportsSentBy USER@HOSTNAME + +## HistoryFile path +## default (none) +## +## If set, specifies the location of a text file to which records are written +## that can be used to generate DMARC aggregate reports. Records are groups +## of rows containing information about a single received message, and +## include all relevant information needed to generate a DMARC aggregate +## report. It is expected that this will not be used in its raw form, but +## rather periodically imported into a relational database from which the +## aggregate reports can be extracted by a tool such as opendmarc-import(8). +# +# HistoryFile /var/run/opendmarc.dat + +## IgnoreAuthenticatedClients { true | false } +## default "false" +## +## If set, causes mail from authenticated clients (i.e., those that used +## SMTP AUTH) to be ignored by the filter. +# +IgnoreAuthenticatedClients true + +## IgnoreHosts path +## default (internal) +## +## Specifies the path to a file that contains a list of hostnames, IP +## addresses, and/or CIDR expressions identifying hosts whose SMTP +## connections are to be ignored by the filter. If not specified, defaults +## to "127.0.0.1" only. +# +# IgnoreHosts /etc/opendmarc/ignore.hosts + +## IgnoreMailFrom domain[,...] +## default (none) +## +## Gives a list of domain names whose mail (based on the From: domain) is to +## be ignored by the filter. The list should be comma-separated. Matching +## against this list is case-insensitive. The default is an empty list, +## meaning no mail is ignored. +# +# IgnoreMailFrom example.com + +## MilterDebug (integer) +## default 0 +## +## Sets the debug level to be requested from the milter library. +# +# MilterDebug 0 + +## PidFile path +## default (none) +## +## Specifies the path to a file that should be created at process start +## containing the process ID. +# +# PidFile /var/run/opendmarc.pid + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +# PublicSuffixList path + +## RecordAllMessages { true | false } +## default "false" +## +## If set and "HistoryFile" is in use, all received messages are recorded +## to the history file. If not set (the default), only messages for which +## the From: domain published a DMARC record will be recorded in the +## history file. +# +# RecordAllMessages false + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +# RejectFailures false + +## ReportCommand string +## default "/usr/sbin/sendmail -t" +## +## Indicates the shell command to which failure reports should be passed for +## delivery when "FailureReports" is enabled. +# +# ReportCommand /usr/sbin/sendmail -t + +## RequiredHeaders { true | false } +## default "false" +## +## If set, the filter will ensure the header of the message conforms to the +## basic header field count restrictions laid out in RFC5322, Section 3.6. +## Messages failing this test are rejected without further processing. A +## From: field from which no domain name could be extracted will also be +## rejected. +# +# RequiredHeaders false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +# Socket inet:8893@localhost +Socket unix:/var/spool/opendmarc/opendmarc.sock + +## SoftwareHeader { true | false } +## default "false" +## +## Causes the filter to add a "DMARC-Filter" header field indicating the +## presence of this filter in the path of the message from injection to +## delivery. The product's name, version, and the job ID are included in +## the header field's contents. +# +# SoftwareHeader false + +## SPFIgnoreResults { true | false } +## default "false" +## +## Causes the filter to ignore any SPF results in the header of the +## message. This is useful if you want the filter to perfrom SPF checks +## itself, or because you don't trust the arriving header. +# +# SPFIgnoreResults false + +## SPFSelfValidate { true | false } +## default false +## +## Enable internal spf checking with --with-spf +## To use libspf2 instead: --with-spf --with-spf2-include=path --with-spf2-lib=path +## +## Causes the filter to perform a fallback SPF check itself when +## it can find no SPF results in the message header. If SPFIgnoreResults +## is also set, it never looks for SPF results in headers and +## always performs the SPF check itself when this is set. +# +SPFSelfValidate true + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +# Syslog false + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +# UMask 077 +UMask 002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +# UserID opendmarc +# ATTENTION: user and group are enforced throug the systemd service file diff --git a/opendmarc/opendmarc.rc b/opendmarc/opendmarc.rc new file mode 100755 index 000000000..a74c1d563 --- /dev/null +++ b/opendmarc/opendmarc.rc @@ -0,0 +1,46 @@ +#!/bin/sh +# +# /etc/rc.d/opendmarc: start/stop the opendmarc daemon +# + +SSD=/sbin/start-stop-daemon +PROG=/usr/sbin/opendmarc +PID=/run/opendmarc/opendmarc.pid +OPTS="-c /etc/opendmarc/opendmarc.conf" +HOME="/run/opendmarc" +USER=opendmarc +GROUP=$USER + +case $1 in + "start") + [ ! -e $HOME ] && install -o $USER -g $GROUP -m 0755 -d $HOME + $SSD --start --pidfile $PID -u $USER --exec $PROG -- $OPTS + ;; + "stop") + $SSD --stop --retry 10 --exec $PROG --pidfile $PID + ;; + "restart") + $0 stop + $0 start + ;; + "status") + $SSD --status --name opendmarc --pidfile $PID + case $? in + 0) + echo "$PROG is running with pid $(cat $PID)" + ;; + 1) + echo "$PROG is not running but pid file $PID exists" + ;; + 3) + echo "$PROG is not running" + ;; + 4) + echo "Unable to determine program status" + ;; + esac + ;; + *) + echo "Usage: $0 [start|stop|restart|status]" + ;; +esac diff --git a/opendmarc/pre-install b/opendmarc/pre-install new file mode 100755 index 000000000..c8ad3d568 --- /dev/null +++ b/opendmarc/pre-install @@ -0,0 +1,9 @@ +#!/bin/sh -e + +_USER=opendmarc +_HOME=/var/lib/opendmarc +_GROUP=opendmarc + +/usr/bin/getent group $_GROUP > /dev/null 2>&1 || /usr/sbin/groupadd $_GROUP +/usr/bin/getent passwd $_USER > /dev/null 2>&1 || /usr/sbin/useradd -c 'opendmarc system user' -g $_GROUP -d $_HOME -s /bin/false $_USER +passwd -l $_USER > /dev/null