Re: 2.8.0 and newly strict checking

From: Doug Barton <dougb_at_dougbarton.us>
Date: Tue, 05 Mar 2013 23:09:32 -0800

On 03/05/2013 10:21 PM, Murray S. Kucherawy wrote:
> On Tue, 5 Mar 2013, Doug Barton wrote:
>> I already described what failed, and what worked. If you try testing
>> it with that environment and cannot reproduce the failure let me know,
>> and I will try to find time to try this patch, but it may be a while.
>
> Here's what I tried. I even used your filenames.
>
> medusa# ls -ld / /var /var/db /var/db/opendkim
> /var/db/opendkim/dougbarton.us.private
> drwxr-xr-x 27 root wheel 1024 May 3 2012 /
> drwxr-xr-x 25 root wheel 512 Feb 26 09:06 /var
> drwxr-xr-x 18 root wheel 512 Mar 5 22:06 /var/db
> drwx------ 2 root wheel 512 Mar 5 22:07 /var/db/opendkim

I have root:opendkim for /var/db/opendkim now. The opendkim group was
the one I created to have only the opendkim user in it. The broken
configuration was root:mail (with a postfix user also in the mail
group). Sounds like you reproduced that bit accurately.

> -r-------- 1 opendkim mail 887 Mar 5 12:05
> /var/db/opendkim/dougbarton.us.private

This looks good too, for the broken configuration. The working one has
root:opendkim for the file.

> medusa# id opendkim
> uid=1106(opendkim) gid=6(mail) groups=6(mail)

Mine is the same, modulo the opendkim uid is 1002. I stripped the mail
group down to just postfix again, and created a new opendkim group that
is empty.

> No error was produced. Further, no error was produced when I added
> other users to that group as a test. It did fail if I turned on the
> group read bit, since there are other users in /etc/passwd with the same
> group.

:-/

> Apart from the differing uid, did I miss a step in reproducing your
> configuration here? Your report didn't include your configuration file,
> so that part was improvised, but the rest is the same as what, as you
> pointed out, you already told me.

It's pretty plain-vanilla, at least I think so:

LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain dougbarton.us
Selector dougbarton.us
KeyFile /var/db/opendkim/dougbarton.us.private
Socket inet:8891_at_localhost
ReportAddress postmaster_at_dougbarton.us
SendReports yes

hth,

Doug
Received on Wed Mar 06 2013 - 07:09:40 PST

This archive was generated by hypermail 2.3.0 : Wed Mar 06 2013 - 07:18:01 PST