aboutsummaryrefslogblamecommitdiffstats
path: root/testing/opendmarc/config-defaults.patch
blob: 65aa823e30b156522d06b84c22d9872507756711 (plain) (tree)














































































































































































                                                                              
Change defaults based on Fedora and openSUSE packages.

Also remove options for supervisor and options that need root privileges
(we use OpenRC for process supervising and dropping privileges).

--- a/opendmarc/opendmarc.conf.sample
+++ b/opendmarc/opendmarc.conf.sample
@@ -24,7 +24,7 @@
 ##  provided, the name of the host running the filter (as returned by the
 ##  gethostname(3) function) will be used.  
 #
-# AuthservID name
+AuthservID HOSTNAME
 
 ##  AuthservIDWithJobID { true | false }
 ##  	default "false"
@@ -35,46 +35,6 @@
 #
 # AuthservIDWithJobID false
 
-##  AutoRestart { true | false }
-##  	default "false"
-##
-##  Automatically re-start on failures. Use with caution; if the filter fails
-##  instantly after it starts, this can cause a tight fork(2) loop.
-#
-# AutoRestart false
-
-##  AutoRestartCount n
-##  	default 0
-##
-##  Sets the maximum automatic restart count.  After this number of automatic
-##  restarts, the filter will give up and terminate.  A value of 0 implies no
-##  limit.
-#
-# AutoRestartCount 0
-
-##  AutoRestartRate n/t[u]
-##  	default (no limit)
-##
-##  Sets the maximum automatic restart rate.  If the filter begins restarting
-##  faster than the rate defined here, it will give up and terminate.  This
-##  is a string of the form n/t[u] where n is an integer limiting the count
-##  of restarts in the given interval and t[u] defines the time interval
-##  through which the rate is calculated; t is an integer and u defines the
-##  units thus represented ("s" or "S" for seconds, the default; "m" or "M"
-##  for minutes; "h" or "H" for hours; "d" or "D" for days). For example, a
-##  value of "10/1h" limits the restarts to 10 in one hour. There is no
-##  default, meaning restart rate is not limited.
-#
-# AutoRestartRate n/t[u]
-
-##  Background { true | false }
-##  	default "true"
-##
-##  Causes opendmarc to fork and exits immediately, leaving the service
-##  running in the background.
-#
-# Background true
-
 ##  BaseDirectory (string)
 ##  	default (none)
 ##
@@ -84,18 +44,8 @@
 ##  directory.  It's also useful for arranging that any crash dumps will be
 ##  saved to a specific location.
 #
-# BaseDirectory /var/run/opendmarc
+BaseDirectory /run/opendmarc
 
-##  ChangeRootDirectory (string)
-##  	default (none)
-##
-##  Requests that the operating system change the effective root directory of
-##  the process to the one specified here prior to beginning execution.
-##  chroot(2) requires superuser access.  A warning will be generated if
-##  UserID is not also set.
-# 
-# ChangeRootDirectory /var/chroot/opendmarc
-
 ##  CopyFailuresTo (string)
 ##  	default (none)
 ##
@@ -175,7 +125,7 @@
 ##  rather periodically imported into a relational database from which the
 ##  aggregate reports can be extracted by a tool such as opendmarc-import(8).
 #
-# HistoryFile /var/run/opendmarc.dat
+# HistoryFile /var/spool/opendmarc/opendmarc.dat
 
 ##  IgnoreAuthenticatedClients { true | false }
 ##  	default "false"
@@ -193,7 +143,7 @@
 ##  connections are to be ignored by the filter.  If not specified, defaults
 ##  to "127.0.0.1" only.
 #
-# IgnoreHosts /usr/local/etc/opendmarc/ignore.hosts
+# IgnoreHosts /etc/opendmarc/ignore.hosts
 
 ##  IgnoreMailFrom domain[,...]
 ##  	default (none)
@@ -212,14 +162,6 @@
 #
 # MilterDebug 0
 
-##  PidFile path
-##  	default (none)
-##
-##  Specifies the path to a file that should be created at process start
-##  containing the process ID.
-#
-# PidFile /var/run/opendmarc.pid
-
 ##  PublicSuffixList path
 ##  	default (none)
 ##
@@ -284,7 +226,7 @@
 ##  either in the configuration file or on the command line.  If an IP
 ##  address is used, it must be enclosed in square brackets.
 #
-# Socket inet:8893@localhost
+Socket inet:8893@localhost
 
 ##  SoftwareHeader { true | false }
 ##  	default "false"
@@ -294,7 +236,7 @@
 ##  delivery.  The product's name, version, and the job ID are included in
 ##  the header field's contents.
 #
-# SoftwareHeader false
+SoftwareHeader true
 
 ##  SPFIgnoreResults { true | false }
 ##	default "false"
@@ -303,7 +245,7 @@
 ##  message.  This is useful if you want the filter to perfrom SPF checks
 ##  itself, or because you don't trust the arriving header.
 #
-# SPFIgnoreResults false
+SPFIgnoreResults true
 
 ##  SPFSelfValidate { true | false }
 ##	default false
@@ -316,14 +258,14 @@
 ##  is also set, it never looks for SPF results in headers and
 ##  always performs the SPF check itself when this is set.
 #
-# SPFSelfValidate false
+SPFSelfValidate true
 
 ##  Syslog { true | false }
 ##  	default "false"
 ##
 ##  Log via calls to syslog(3) any interesting activity.
 #
-# Syslog false
+Syslog true
 
 ##  SyslogFacility facility-name
 ##  	default "mail"
@@ -354,13 +296,4 @@
 ##  specific file mode on creation regardless of the process umask.  See
 ##  umask(2) for more information.
 #
-# UMask 077
-
-##  UserID user[:group]
-##  	default (none)
-##
-##  Attempts to become the specified userid before starting operations.
-##  The process will be assigned all of the groups and primary group ID of
-##  the named userid unless an alternate group is specified.
-#
-# UserID opendmarc
+UMask 007