--- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.docs +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.docs @@ -0,0 +1,3 @@ +FEATURES +KNOWNBUGS +README --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.conf +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.conf @@ -0,0 +1,52 @@ +# Log to syslog +Syslog yes +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +#UMask 002 + +# Sign for example.com with key in /etc/mail/dkim.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#Domain example.com +#KeyFile /etc/mail/dkim.key +#Selector 2007 + +# Common settings. See dkim-filter.conf(5) for more information. +#AutoRestart no +#Background yes +#Canonicalization simple +#DNSTimeout 5 +#Mode sv +#SignatureAlgorithm rsa-sha256 +#SubDomains no +#ASPDiscard no +#Version rfc4871 +#X-Header no + +############################################### +# Other (less-standard) configuration options # +############################################### +# +# If enabled, log verification stats here +#Statistics /var/log/dkim-filter/dkim-stats +# +# KeyList is a file containing tuples of key information. Requires +# KeyFile to be unset. Each line of the file should be of the format: +# sender glob:signing domain:signing key file +# Blank lines and lines beginning with # are ignored. Selector will be +# derived from the key's filename. +#KeyList /etc/dkim-keys.conf +# +# If enabled, will generate verification failure reports for any messages +# that fail signature verification. These will be sent to the r= address +# in the policy record, if any. +#SendReports yes +# +# If enabled, will issue a Sendmail QUARANTINE for any messages that fail +# signature verification, allowing them to be inspected later. +#Quarantine yes +# +# If enabled, will check for required headers when processing messages. +# At a minimum, that means From: and Date: will be required. Messages not +# containing the required headers will not be signed or verified, but will +# be passed through +#RequiredHeaders yes --- dkim-milter-2.8.1.dfsg.orig/debian/changelog +++ dkim-milter-2.8.1.dfsg/debian/changelog @@ -0,0 +1,427 @@ +dkim-milter (2.8.1.dfsg-0ubuntu1~gutsy1) gutsy-backports; urgency=low + + * Automated backport upload; no source changes. + + -- Ubuntu Archive Auto-Backport Tue, 20 Jan 2009 22:24:11 +0000 + +dkim-milter (2.8.1.dfsg-0ubuntu1) jaunty; urgency=low + + * New upstream release + - Repacked tarball to remove non-free IETF internet drafts and RFCs + + -- Scott Kitterman Sat, 17 Jan 2009 00:27:13 -0500 + +dkim-milter (2.6.0.dfsg-1ubuntu2) intrepid; urgency=low + + * Fix dkim-filter init by removing extraneous merge bits left behind + + -- Scott Kitterman Mon, 04 Aug 2008 23:26:55 -0400 + +dkim-milter (2.6.0.dfsg-1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes (LP: #240922): + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + - Disable new umask option by default (not needed since Ubuntu default + uses a TCP socket instead of a Unix socket) + - Move verification logging default back to /var/log since /var/run is a + tempfs in Ubuntu + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change build-dep on libdb4.5-dev | libdb-dev to libdb4.6-dev to help + with libdb version reduction + + -- Scott Kitterman Tue, 22 Jul 2008 03:13:18 -0400 + +dkim-milter (2.6.0.dfsg-1) unstable; urgency=low + + * New upstream version. + * Removed gentxt.csh from README.Debian and added reference to + dkim-genkey. + * Added note in NEWS.Debian about keys generated with compromised + versions of OpenSSL requiring recreation. + * Added quoting to dkim-filter.init and cleaned up the logic around + $SOCKET. Closes: #482672 + * Applied patch from Scott Kitterman/Ubuntu to start in verify-only + mode when no keys are configured. + * UseASPDiscard has been once again renamed, this time to ASPDiscard. + * Fixed some config file entries in the default dkim-filter.conf. + Closes: #490276 + + -- Mike Markley Sun, 20 Jul 2008 15:46:37 -0700 + +dkim-milter (2.5.5.dfsg-1) unstable; urgency=low + + * New upstream version. + * The exit code for configuration errors has changed to EX_CONFIG; + the init script now detects this and handles it. Closes: #478599 + * Added note to README.Debian about changing group ID of socket. + Closes: #472888 + + -- Mike Markley Sat, 03 May 2008 17:43:58 -0700 + +dkim-milter (2.5.4.dfsg-0ubuntu3) intrepid; urgency=low + + * Change exit code to trap for no key configured to 78 so the trap works + * Start in verification only mode if no key configured instead of just + exiting to initial package install can complete (LP: #228877) + + -- Scott Kitterman Thu, 12 Jun 2008 11:21:50 -0400 + +dkim-milter (2.5.4.dfsg-0ubuntu2) hardy; urgency=low + + * 01-partial-signatures.dpatch: Upstream patch for LP: #220863 + * Make build-stamp depend on patch-stamp for proper patching order + + -- John Dong Tue, 22 Apr 2008 23:28:28 -0400 + +dkim-milter (2.5.4.dfsg-0ubuntu1) hardy; urgency=low + + * New upstream (mostly) bug fix release (LP: #218893) + - Adds "LogWhy" configuration parameter and "-W" command line flag for + enhanced debugging operations + - Several significant bug fixes + + -- Scott Kitterman Thu, 17 Apr 2008 17:22:39 -0400 + +dkim-milter (2.5.2.dfsg-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable (LP: #210641). Remaining Ubuntu changes: + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + - Disable new umask option by default (not needed since Ubuntu default + uses a TCP socket instead of a Unix socket) + - Move verification logging default back to /var/log since /var/run is a + tempfs in Ubuntu + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change build-dep on libdb4.5-dev | libdb-dev to libdb4.6-dev to help + with libdb version reduction + + -- Scott Kitterman Wed, 02 Apr 2008 00:06:43 -0400 + +dkim-milter (2.5.2.dfsg-1) unstable; urgency=low + + * New upstream version. + * README.Debian: Updated draft URL for sender-auth-header. + * Applied upstream patch to revert to DB_HASH for backwards + compatibility with older releases' dkim-stats databases. + + -- Mike Markley Sun, 30 Mar 2008 22:04:17 -0700 + +dkim-milter (2.5.1.dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release (LP: #204597) + - Additional bug fixes + - Repack tarball to remove non-free IETF RFCs and internet drafts + * Merge from debian unstable, remaining changes: + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + - Disable new umask option by default (not needed since Ubuntu default + uses a TCP socket instead of a Unix socket) + - Move verification logging default back to /var/log since /var/run is a + tempfs in Ubuntu + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change build-dep on libdb4.5-dev | libdb-dev to libdb4.6-dev to help + with libdb version reduction + - Patches now applied upstream + + -- Scott Kitterman Fri, 21 Mar 2008 07:26:10 -0400 + +dkim-milter (2.5.0.dfsg-1) unstable; urgency=low + + * New upstream version. + * README.Debian: + - Updated draft URLs. + - Updated link to DomainKeys draft to point at RFC 4870. + - Removed now-irrelevant bits about lack of SSP support. + - Added note about renaming of conf option UseSSPDeny to UseASPDiscard + * Updated dkim-filter.conf to reflect new naming for UseASPDiscard + * Upstream now supports SIGUSR1 for reloading config file; this has been + implemented as the reload action in the init script. + * Upstream now installs the dkim-filter binary in /usr/sbin by default; + the init script has been updated to reflect this. + * Applied patch from SF#1911328 for breakage in OmitHeaders. + * Applied patch from SF#1912332 for issues with Statistics files. + + -- Mike Markley Mon, 17 Mar 2008 00:36:13 -0700 + +dkim-milter (2.4.4.dfsg-1ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + - Disable new umask option by default (not needed since Ubuntu default uses + a TCP socket instead of a Unix socket) + - Move verification logging default back to /var/log since /var/run is a + tempfs in Ubuntu + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change build-dep on libdb4.5-dev | libdb-dev to libdb4.6-dev to help + with libdb version reduction + + -- Scott Kitterman Fri, 08 Feb 2008 21:08:54 -0500 + +dkim-milter (2.4.4.dfsg-1) unstable; urgency=low + + * New upstream version. + * Updated Standards-Version to 3.7.3 + + -- Mike Markley Thu, 31 Jan 2008 00:18:47 -0800 + +dkim-milter (2.4.4.dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release + - Repacked upstream tarball to remove non-free IETF RFCs and internet + drafts + + -- Scott Kitterman Mon, 28 Jan 2008 00:03:08 -0500 + +dkim-milter (2.4.3.dfsg-0ubuntu1) hardy; urgency=low + + * New upstream release + - Repacked upstream tarball to remove non-free IETF RFCs and internet + drafts + * Bump standards version to 3.7.3 without further change + + -- Scott Kitterman Sat, 19 Jan 2008 20:06:36 -0500 + +dkim-milter (2.4.1.dfsg-1) unstable; urgency=low + + * New upstream version. + * Enabled AR_RES_MANUAL, which is required to use arlib with + IPv6 addresses in /etc/resolv.conf. This, along with a fix for + in this release for upstream bug #1852618, also Closes: #450711. + + -- Mike Markley Sat, 22 Dec 2007 15:36:19 -0800 + +dkim-milter (2.4.0.dfsg-1ubuntu2) hardy; urgency=low + + * Note: The following Ubuntu change is included, but not documented in the + last revision (LP: #175291): + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + * Disable new umask option by default (not needed since Ubuntu default uses + a TCP socket instead of a Unix socket) + * Move verification logging default back to /var/log since /var/run is a + tempfs in Ubuntu + + -- Scott Kitterman Mon, 10 Dec 2007 12:47:57 -0500 + +dkim-milter (2.4.0.dfsg-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + + -- Scott Kitterman Sat, 08 Dec 2007 23:30:30 -0500 + +dkim-milter (2.4.0.dfsg-1) unstable; urgency=low + + * Updated IETF document URLs in README.Debian. Closes: #449464 + * Corrected README.Debian reference in init script. Closes: #452588 + * Updated init script and default file to use somewhat more clear + local: prefix for local sockets. Closes: #452603 + * Removed umask handling from init script and replaced it with new + UMask option in dkim-filter.conf. + * Removed the SELECT_SIGN_HEADER feature from site.config.m4 because + it's now activated by default. + * Enabled the SELECTOR_HEADER feature. + * Added dkim-genkey, dkim-testkey, and dkim-testssp utilities. + * gentxt.csh has been obsoleted by dkim-genkey and removed from the + upstream distribution and the examples directory. + + -- Mike Markley Sun, 02 Dec 2007 23:19:41 -0800 + +dkim-milter (2.3.2.dfsg-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable (LP: #159680). Remaining Ubuntu changes: + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + + -- Scott Kitterman Sun, 04 Nov 2007 12:50:36 -0500 + +dkim-milter (2.3.2.dfsg-1) unstable; urgency=low + + * New upstream version + * Since the filter can be used with more MTAs than just Sendmail, + the short description has been reworded. Closes: #436922 + * libdkim-dev package section should be libdevel, not devel + * Fixed another thinko in init script socket. Closes: #445145 + * Attempt to identify & clean up after stale socket files that + can be left behind after an unclean exit + * Rename libdkim2 and libdkim-dev to libsmdkim2 and libsmdkim-dev + since there's already a libdkim0/libdkim-dev. The library and + header files have also been moved to /usr/lib/libsmdkim and + /usr/include/libsmdkim to prevent conflicts with the existing + package. + * Enable arlib resolver and DNS_UPGRADE feature + + -- Mike Markley Fri, 26 Oct 2007 02:46:17 -0700 + +dkim-milter (2.0.2.dfsg-1ubuntu1) hardy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default for Postfix chroot compatibility + - In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + - Change maintainer to MOTU + - Add test/install of pid dir to debian/dkim-filter.postinst to be safe + - Change debian/rules and debian/control to add dpatch (No patches + currently needed) + + -- Scott Kitterman Tue, 23 Oct 2007 12:16:40 -0400 + +dkim-milter (2.0.2.dfsg-1) unstable; urgency=low + + * New upstream version + * Created standalone libdkim2 and libdkim-dev packages + * Install RELEASE_NOTES as upstream changelog + * Fixed thinko in init script default socket + * Add v= tag to example record in README.Debian since, as Scott + Kitterman pointed out, it's now mandatory. Closes: #433717 + * Create $RUNDIR in init script if it doesn't exist. Closes: #433718 + + -- Mike Markley Sun, 05 Aug 2007 16:31:50 -0700 + +dkim-milter (1.2.0.dfsg-1ubuntu3) gutsy; urgency=low + + [ Cesare Tirabassi ] + * Change debian/rules and debian/control to add dpatch + + [ Scott Kitterman ] + * Backfit patches from dkim-milter 2.0 development: + - Add cname.dpatch + - Add 64_bit_config.dpatch + - Add b_not_eol.dpatch + - Add dkim-cache-rwlock-fix.dpatch + + -- Scott Kitterman Tue, 11 Sep 2007 23:40:56 -0400 + +dkim-milter (1.2.0.dfsg-1ubuntu2) gutsy; urgency=low + + * Clean up change from Unix socket to TCP socket: + - Make TCP socket default $SOCKET in debian/dkim-filter.default + - Change debian/dkim-filter.init to use $SOCKET from .default if provided + but fall back to Unix socket if a .default isn't provided. + - Update comments in debian/dkim-filter.default and debian/DEBIAN.Readme + * Add test/install of pid dir to debian/dkim-filter.postinst to be safe + + -- Scott Kitterman Thu, 16 Aug 2007 15:55:47 -0400 + +dkim-milter (1.2.0.dfsg-1ubuntu1) gutsy; urgency=low + + * Because /var/run is a tempfs in Ubuntu, add test/install of + pid dir in debian/dkim-filter.init + * Change default connection method from socket to localhost port 8891 in + debian/dkim-filter.default and comment out socket in + debian/dkim-filter.init for Postfix chroot compatibility + * In debian/DEBIAN.Readme describe the changes in default configuration + and Postfix configuration changes needed to use dkim-filter + * Change maintainer to MOTU + + -- Scott Kitterman Wed, 18 Jul 2007 02:46:06 +0000 + +dkim-milter (1.2.0.dfsg-1) unstable; urgency=low + + * New upstream version + * Support setting listening socket in /etc/default/dkim-filter + * Minor rephrasing of deluser test in postrm so the if block can + be later extended if needed + * Fixes for socket permissions; Closes: #428392 + - Create dkim-filter group and assign as primary GID of same user + in postinst + - Set umask in init script to force group writable socket + - dkim-filter now picks up primary GID of its run user + - Added a doc note for Postfix users who need write permissions + to the socket + * Remove pidfile on normal shutdown + + -- Mike Markley Tue, 26 Jun 2007 20:22:10 -0700 + +dkim-milter (1.0.0.dfsg-1) unstable; urgency=low + + * New upstream version + * Removed bits to rename dkim-filter.conf.4 to dkim-filter.conf.5 + since it's been corrected upstream + * Define confNROFF to /bin/true. Lack of nroff was causing the target + install-docs to fail, resulting in man pages not being installed. + nroff is only needed here for catman pages, which we don't install. + Closes: #425324 + * Updated conf file comments to reflect new default signing algorithm + version rfc4871 + * Made postrm deluser conditional on deluser availability + + -- Mike Markley Thu, 24 May 2007 22:27:04 -0700 + +dkim-milter (0.8.0.dfsg-1) unstable; urgency=low + + * New upstream version + * Fixed spurious : in init script restart stanza. + * KeyList comments in dkim-filter.conf had KeyFile instead of KeyList + as the commented-out option; fixed. + * Removed dkim-stats patch as it's been integrated upstream + * Removed dkim-stats manpage for same reason + * Removed _FFR_REPORTINFO & _FFR_QUARANTINE; they've been activated + upstream + * Added new _FFR_ZTAGS to provide DiagnosticDirectory option + * Add -L/usr/lib/libmilter to confLIBDIRS to support libmilter0 -> + libmilter1 transition. Also fixes FTBFS and Closes: #423758. + + -- Mike Markley Sat, 19 May 2007 14:07:02 -0700 + +dkim-milter (0.7.0.dfsg-1) unstable; urgency=low + + * New upstream version + * Reversioned source package with .dfsg since we've repackaged it with + IETF documents removed + * Added SET_REPLY feature to compile options + * Strategic rewording of description to reference upstream name and + ensure we can be found via a search + * Versions 0.6.5 and above exit with EX_USAGE if no key & selector + are configured. The init script now catches this cleanly and points + towards the README, which allows clean initial installs. In the + near future, this will likely be supplemented with a key generation + helper in postinst. + * Removed _FFR_MULTIPLE_KEYS and _FFR_OMIT_HEADERS from site.config.m4 + since they're now enabled by default + * Added _FFR_STATS and requisite build-deps on libdb4.5-dev | libdb-dev + * Applied patch for dkim-stats from Graham Murray on dkim-milter-discuss + + -- Mike Markley Sat, 05 May 2007 19:12:39 -0700 + +dkim-milter (0.6.4-1) unstable; urgency=low + + * New upstream version + * Initial upload to Debian archive + + -- Mike Markley Sat, 21 Apr 2007 20:05:04 -0700 + --- dkim-milter-2.8.1.dfsg.orig/debian/NEWS +++ dkim-milter-2.8.1.dfsg/debian/NEWS @@ -0,0 +1,9 @@ +dkim-milter (2.5.5.dfsg-2) unstable; urgency=low + + * WARNING: All keys generated on Debian systems with OpenSSL versions + older than 0.9.8c-4etch3 should be re-created and re-published. It is + advised that a new selector be chosen in order to prevent signature + failures due to the old key being cached in DNS. See README.Debian or + dkim-genkey(8) for more information on how to do this. + + -- Mike Markley Tue, 20 May 2008 23:12:15 -0700 --- dkim-milter-2.8.1.dfsg.orig/debian/copyright +++ dkim-milter-2.8.1.dfsg/debian/copyright @@ -0,0 +1,85 @@ +This package was debianized by Mike Markley on +Wed, 2 Nov 2005 15:52:53 -0800. + +It was downloaded from http://sourceforge.net/projects/dkim-milter + +Copyright Holder: Sendmail Inc. + +License: + SENDMAIL OPEN SOURCE LICENSE + +The following license terms and conditions apply to this open source +software ("Software"), unless a different license is obtained directly +from Sendmail, Inc. ("Sendmail") located at 6425 Christie Ave, Fourth +Floor, Emeryville, CA 94608, USA. + +Use, modification and redistribution (including distribution of any +modified or derived work) of the Software in source and binary forms is +permitted only if each of the following conditions of 1-6 are met: + +1. Redistributions of the Software qualify as "freeware" or "open + source software" under one of the following terms: + + (a) Redistributions are made at no charge beyond the reasonable + cost of materials and delivery; or + + (b) Redistributions are accompanied by a copy of the modified + Source Code (on an acceptable machine-readable medium) or by an + irrevocable offer to provide a copy of the modified Source Code + (on an acceptable machine-readable medium) for up to three years + at the cost of materials and delivery. Such redistributions must + allow further use, modification, and redistribution of the Source + Code under substantially the same terms as this license. For + the purposes of redistribution "Source Code" means the complete + human-readable, compilable, linkable, and operational source + code of the redistributed module(s) including all modifications. + +2. Redistributions of the Software Source Code must retain the + copyright notices as they appear in each Source Code file, these + license terms and conditions, and the disclaimer/limitation of + liability set forth in paragraph 6 below. Redistributions of the + Software Source Code must also comply with the copyright notices + and/or license terms and conditions imposed by contributors on + embedded code. The contributors' license terms and conditions + and/or copyright notices are contained in the Source Code + distribution. + +3. Redistributions of the Software in binary form must reproduce the + Copyright Notice described below, these license terms and conditions, + and the disclaimer/limitation of liability set forth in paragraph + 6 below, in the documentation and/or other materials provided with + the binary distribution. For the purposes of binary distribution, + "Copyright Notice" refers to the following language: "Copyright (c) + 1998-2004 Sendmail, Inc. All rights reserved." + +4. Neither the name, trademark or logo of Sendmail, Inc. (including + without limitation its subsidiaries or affiliates) or its contributors + may be used to endorse or promote products, or software or services + derived from this Software without specific prior written permission. + The name "sendmail" is a registered trademark and service mark of + Sendmail, Inc. + +5. We reserve the right to cancel this license if you do not comply with + the terms. This license is governed by California law and both of us + agree that for any dispute arising out of or relating to this Software, + that jurisdiction and venue is proper in San Francisco or Alameda + counties. These license terms and conditions reflect the complete + agreement for the license of the Software (which means this supercedes + prior or contemporaneous agreements or representations). If any term + or condition under this license is found to be invalid, the remaining + terms and conditions still apply. + +6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY + SENDMAIL AND ITS CONTRIBUTORS "AS IS" WITHOUT WARRANTY OF ANY KIND + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A + PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL SENDMAIL + OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, + OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + WITHOUT LIMITATION NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +$Revision: 1.1 $ $Date: 2006-10-21 23:55:19 $ --- dkim-milter-2.8.1.dfsg.orig/debian/compat +++ dkim-milter-2.8.1.dfsg/debian/compat @@ -0,0 +1 @@ +4 --- dkim-milter-2.8.1.dfsg.orig/debian/libsmdkim2.docs +++ dkim-milter-2.8.1.dfsg/debian/libsmdkim2.docs @@ -0,0 +1 @@ +KNOWNBUGS --- dkim-milter-2.8.1.dfsg.orig/debian/libsmdkim2.dirs +++ dkim-milter-2.8.1.dfsg/debian/libsmdkim2.dirs @@ -0,0 +1 @@ +usr/lib/libsmdkim --- dkim-milter-2.8.1.dfsg.orig/debian/README.Debian +++ dkim-milter-2.8.1.dfsg/debian/README.Debian @@ -0,0 +1,144 @@ +dkim-milter for Debian +---------------------- + +Generating a key and publishing a TXT record +-------------------------------------------- + +The DKIM spec requires an RSA key between 512 and 2048 bits in length. +It also requires 1024 for keys that are "long-lived", so 1024 is a +good safe starting point. + +The easiest way to generate a key is with the dkim-genkey(8) utility. +For example: + +$ dkim-genkey -b 1024 -d example.com -s selector1 + +This will create two files: selector1.private, containing the private +RSA key, and selector1.txt, containing the appropriate DNS record for +this key. + +Alternately, keys may be generated by hand: + +$ openssl genrsa -out selector1.private 1024 + +Note that this private key should be installed such that it's readable +only by the filter itself and any other software requiring access to +it. Anyone who is able to access it will be able to sign mail as your +domain. The maintainer's recommendation: Change the key file's ownership +to dkim-filter and its permissions to 400 (read-only by owner). + +The public value may then be retrieved with: + +$ openssl rsa -in selector1.private -pubout -outform pem + +The public key will go into your DNS TXT record under the name +._domainkey. The TXT record contains a number of tag/value +pairs as described in the DKIM specification. The required p= tag +contains the PEM-formatted (that is, base64-encoded DER) public key, +no header, footer, newlines or spaces. This can be obtained using +a command line like this: + +$ openssl rsa -in selector1.private -pubout -outform pem 2>/dev/null | \ +grep -v "^-" | tr -d '\n' + +Other useful but optional flags include k= (the key type, "rsa" +by default) and t= (which can have any of the flags "t" and "s", +indicating, respectively, testing mode and scope). Testing mode +instructs recipients to treat signed and unsigned email the same, +allowing the generation and verification of signatures without +any action (yet) being taken. + +For example: example.com wishes to sign all of their mail with DKIM. +They choose the selector "mail" and decide, for now, to indicate that +they are in testing mode", until they've verified their configuration. +They might put the following in their DNS: + +mail._domainkey.example.com TXT "v=DKIM1; k=rsa; t=y; p=" + +In addition, some receivers may support DomainKeys-style sender policy +as described in the DomainKeys specification at: +http://tools.ietf.org/html/rfc4870#section-3.6 + +Note that this is not an exhaustive list of features or tags; see below +for a link to the DKIM specifications. + +General package notes +--------------------- + +Note that as of 0.5.2, the dkim-milter source contains several IETF +documents. These have been removed from the source tarball, but are +still accessible via the IETF web site. The removed documents are: + +http://tools.ietf.org/id/draft-hoffman-dac-vbr-03.txt +http://tools.ietf.org/id/draft-ietf-dkim-deployment-01.txt +http://tools.ietf.org/id/draft-ietf-dkim-overview-09.txt +http://tools.ietf.org/id/draft-ietf-dkim-ssp-03.txt +http://tools.ietf.org/id/draft-kucherawy-dkim-reporting-02.txt +http://tools.ietf.org/id/draft-kucherawy-sender-auth-header-14.txt +http://tools.ietf.org/id/draft-shafranovich-feedback-report-04.txt +http://www.ietf.org/rfc/rfc4686.txt +http://www.ietf.org/rfc/rfc4871.txt +http://www.ietf.org/rfc/rfc5016.txt + +As of the 0.6.x series, upstream intends to make the config file the +primary means of configuring the dkim-filter. As such, configuration +options have been moved into /etc/dkim-filter.conf as of 0.6.1-1. + +Notes for Postfix users +----------------------- + +Postfix users who wish to access the dkim-filter service via UNIX socket +(the default) may need to add the postfix user to the dkim-filter +group and ensure that UMask is set to 002 in /etc/dkim-filter.conf, in +order to make the socket readable by Posfix. + +Users may also need to move the socket into a directory accessible by the +Postfix chroot; this can be accomplished by setting the SOCKET variable +in /etc/default/dkim-filter. + +As an alternative, you may opt to connect to the filter over TCP. The +filter can be bound to localhost to prevent other hosts from accessing it. + +Changing group ownership of socket +---------------------------------- + +The group ID of the UNIX socket created by dkim-filter can be changed by +changing the primary GID of the dkim-filter user, e.g.: +$ usermod -g mail dkim-filter + +Other notes +----------- + +As of version 2.5.0, the option UseSSPDeny has been renamed to UseASPDiscard +to reflect changes in language and naming in the IETF drafts. + + -- Mike Markley Thu, 06 Mar 2008 23:19:13 -0800 + +Notes for Ubuntu specific changes +-------------------------------- + +Postfix is the standard MTA in Ubuntu, so the dkim-filter init is modified +to use a TCP socket on localhost port 8891 when installed. This will work +with a chrooted Postfix (the Ubuntu default configuration). To use the +dkim-filter, add: + +# Milters for mail that arrives via the smtpd(8) server. +smtpd_milters = inet:localhost:8891 + +to your main.cf + +By default, if the milter is not available Postfix will defer messages. You +change this by also adding: + +milter_default_action = accept + +These can also be set on a per process basis in master.cf using standard +Postfix master.cf syntax: + + -o milter_default_action=accept + -o smtpd_milters=inet:localhost:8891 + +See the Postfix MILTER_README for additional information. + + -- Scott Kitterman Fri, 21 Mar 2008 07:26:10 -0400 + --- dkim-milter-2.8.1.dfsg.orig/debian/libsmdkim-dev.dirs +++ dkim-milter-2.8.1.dfsg/debian/libsmdkim-dev.dirs @@ -0,0 +1,2 @@ +usr/include/libsmdkim +usr/lib/libsmdkim --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.default +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.default @@ -0,0 +1,10 @@ +# Command-line options specified here will override the contents of +# /etc/dkim-filter.conf. See dkim-filter(8) for a complete list of options. +#DAEMON_OPTS="" +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in dkim-filter.conf +#SOCKET="local:/var/run/dkim-filter/dkim-filter.sock" # Debian default +#SOCKET="inet:54321" # listen on all interfaces on port 54321 +SOCKET="inet:8891@localhost" # Ubuntu default - listen on loopback on port 8891 +#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.dirs +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.dirs @@ -0,0 +1,7 @@ +etc +usr/bin +usr/sbin +usr/lib +usr/share/man/man5 +usr/share/man/man8 +var/run/dkim-filter --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.init +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.init @@ -0,0 +1,125 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: dkim-filter +# Required-Start: $syslog +# Required-Stop: $syslog +# Should-Start: $local_fs $network +# Should-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the DKIM Milter service +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dkim-filter +NAME=dkim-filter +DESC="DKIM Filter" +RUNDIR=/var/run/$NAME +USER=dkim-filter +GROUP=dkim-filter +SOCKET=local:$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid + +# How long to wait for the process to die on stop/restart +stoptimeout=5 + +test -x $DAEMON || exit 0 + +# Include dkim-filter defaults if available +if [ -f /etc/default/dkim-filter ] ; then + . /etc/default/dkim-filter +fi + +if [ -f /etc/dkim-filter.conf ]; then + CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/dkim-filter.conf` +fi + +# This can be set via Socket option in config file, so it's not required +if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then + DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS" +fi + +DAEMON_OPTS="-x /etc/dkim-filter.conf -u $USER -P $PIDFILE $DAEMON_OPTS" + +start() { + # Create the run directory if it doesn't exist + if [ ! -d "$RUNDIR" ]; then + install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2 + fi + # Clean up stale sockets + if [ -f "$PIDFILE" ]; then + pid=`cat $PIDFILE` + if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then + rm "$PIDFILE" + TMPSOCKET="" + if [ -n "$SOCKET" ]; then + TMPSOCKET="$SOCKET" + elif [ -n "$CONFIG_SOCKET" ]; then + TMPSOCKET="$CONFIG_SOCKET" + fi + if [ -n "$TMPSOCKET" ]; then + # UNIX sockets may be specified with or without the + # local: prefix; handle both + t=`echo $SOCKET | cut -d: -f1` + s=`echo $SOCKET | cut -d: -f2` + if [ -e "$s" -a -S "$s" ]; then + if [ "$t" = "$s" -o "$t" = "local" ]; then + rm "$s" + fi + fi + fi + fi + fi + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS + # Detect exit status 78 (configuration error) + ret=$? + if [ $ret -eq 78 ]; then + echo "See /usr/share/doc/dkim-filter/README.Debian for help" + echo "Starting for DKIM verification only" + DAEMON_OPTS="-b v $DAEMON_OPTS" + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS + exit 0 + elif [ $ret -ne 0 ]; then + exit $ret + fi +} + +stop() { + start-stop-daemon --stop --retry "$stoptimeout" --exec "$DAEMON" +} + +reload() { + start-stop-daemon --stop --signal USR1 --exec "$DAEMON" +} + +case "$1" in + start) + echo -n "Starting $DESC: " + start + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + stop + echo "$NAME." + ;; + restart) + echo -n "Restarting $DESC: " + stop + start + echo "$NAME." + ;; + reload|force-reload) + echo -n "Restarting $DESC: " + reload + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- dkim-milter-2.8.1.dfsg.orig/debian/rules +++ dkim-milter-2.8.1.dfsg/debian/rules @@ -0,0 +1,80 @@ +#!/usr/bin/make -f + +include /usr/share/dpatch/dpatch.make + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +OBJDIR = obj.$(shell uname -s).$(shell uname -r).$(shell uname -m) +LIBSRCS = $(shell (grep bldSOURCES ${CURDIR}/libdkim/Makefile.m4; echo bldSOURCES) | m4 -i) +LIBOBJS = $(patsubst %.c,%.o,$(LIBSRCS)) +LIBVERSION = 2 + +configure: + +build: build-stamp + +build-stamp: $(CURDIR)/debian/site.config.m4 patch-stamp + dh_testdir + ./Build -f $(CURDIR)/debian/site.config.m4 + # Rebuild library file's objects with -fPIC and then build .so + (cd $(OBJDIR)/libdkim; \ + make clean; \ + make $(LIBOBJS) CCOPTS="-D_REENTRANT -fPIC"; \ + gcc -shared -o libdkim.so.$(LIBVERSION) -Wl,-soname,libdkim.so.$(LIBVERSION) $(LIBOBJS)) + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + rm -rf $(OBJDIR) + dh_clean + +allclean: clean + rm -rf obj.* + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs -a -i + + ./Build install DESTDIR=$(CURDIR)/debian/dkim-filter + cp -f $(OBJDIR)/libdkim/libdkim.so.$(LIBVERSION) $(CURDIR)/debian/libsmdkim$(LIBVERSION)/usr/lib/libsmdkim + cp -f $(OBJDIR)/libdkim/dkim.h $(CURDIR)/debian/libsmdkim-dev/usr/include/libsmdkim + sed -e 's/^\( *#include $(CURDIR)/debian/libsmdkim-dev/usr/include/libsmdkim/dkim.h + cp -f $(OBJDIR)/libdkim/libdkim.a $(CURDIR)/debian/libsmdkim-dev/usr/lib/libsmdkim + ln -s libdkim.so.$(LIBVERSION) $(CURDIR)/debian/libsmdkim-dev/usr/lib/libsmdkim/libdkim.so + cp -f $(CURDIR)/debian/dkim-filter.conf $(CURDIR)/debian/dkim-filter/etc/ + -rmdir $(CURDIR)/debian/dkim-filter/usr/lib + +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs -a RELEASE_NOTES + dh_installdocs + dh_installexamples + dh_installinit + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.examples +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.examples @@ -0,0 +1 @@ +dkim-filter/dkim-filter.conf.sample --- dkim-milter-2.8.1.dfsg.orig/debian/site.config.m4 +++ dkim-milter-2.8.1.dfsg/debian/site.config.m4 @@ -0,0 +1,10 @@ +define(`confCC', `gcc')dnl +define(`confMANROOT',`/usr/share/man/man')dnl +define(`confINSTALL_RAWMAN')dnl +define(`confDONT_INSTALL_CATMAN')dnl +define(`confENVDEF',`-D_FFR_REQUIRED_HEADERS -D_FFR_SET_REPLY -D_FFR_STATS -D_FFR_ZTAGS -D_FFR_DNS_UPGRADE -D_FFR_SELECTOR_HEADER')dnl +define(`confNROFF',`/bin/true')dnl +define(`bld_USE_ARLIB', `True')dnl +APPENDDEF(`confLIBS', `-lssl -lcrypto')dnl +APPENDDEF(`confLIBDIRS', `-L/usr/lib/libmilter')dnl +APPENDDEF(`conf_libar_ENVDEF', `-DAR_RES_MANUAL')dnl --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.postrm +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.postrm @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +if [ "$1" = "purge" ]; then + if [ -x /usr/sbin/deluser ] && id -u dkim-filter >/dev/null 2>&1; then + deluser --quiet dkim-filter + fi +fi + +#DEBHELPER# + +exit 0 --- dkim-milter-2.8.1.dfsg.orig/debian/dkim-filter.postinst +++ dkim-milter-2.8.1.dfsg/debian/dkim-filter.postinst @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + if ! id -u dkim-filter >/dev/null 2>&1; then + adduser --quiet --system --group --home /var/run/dkim-filter dkim-filter + elif [ -n "$2" ] && dpkg --compare-versions "$2" lt "1.2.0.dfsg-1"; then + # Versions < 1.2.0.dfsg-1 shipped without the dkim-filter group + addgroup --quiet --system dkim-filter + usermod -g dkim-filter dkim-filter + fi + + # Set ownership if the admin has not overriden it. + if ! dpkg-statoverride --list /var/run/dkim-filter >/dev/null; then + # Build the run directory if it doesn't exist to make sure chown doesn't fail + if [ ! -d ${RUNDIR} ] ; then + install -o ${USER} -g ${GROUP} -m 755 -d ${RUNDIR} || return 2 + fi + chown dkim-filter:dkim-filter /var/run/dkim-filter + fi +fi + +#DEBHELPER# + +exit 0 --- dkim-milter-2.8.1.dfsg.orig/debian/control +++ dkim-milter-2.8.1.dfsg/debian/control @@ -0,0 +1,39 @@ +Source: dkim-milter +Section: mail +Priority: extra +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Mike Markley +Build-Depends: debhelper (>= 4.0.0), m4, libmilter-dev, libssl-dev, libdb4.6-dev, dpatch (>= 2.0) +Standards-Version: 3.7.3 + +Package: dkim-filter +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: DomainKeys Identified Mail (DKIM) Milter implementation + Implements a Sendmail Mail Filter (Milter) for the DomainKeys + Identified Mail (DKIM) standard. DKIM provides a way for senders to + confirm their identity when sending email by adding a cryptographic + signature to the headers of the message. + . + The dkim-milter implements both signing and verification. + +Package: libsmdkim2 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: DomainKeys Identified Mail (DKIM) library implementation + A library for implementing signing and verification of the DomainKeys + Identified Mail (DKIM) standard. This library provides support for + signing and verifying signatures according to RFC 4871, and supports + both DomainKeys signing policy and draft DKIM SSP. + +Package: libsmdkim-dev +Section: libdevel +Architecture: any +Depends: libsmdkim2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Description: DomainKeys Identified Mail (DKIM) library implementation + A library for implementing signing and verification of the DomainKeys + Identified Mail (DKIM) standard. This library provides support for + signing and verifying signatures according to RFC 4871, and supports + both DomainKeys signing policy and draft DKIM SSP. +