Submitted by danblack on Fri, 12/14/2012 - 23:38
after using the opendkim version in virtualmin (and tweaking to use it on debian6). opendkim cannot start.
The reason is its parser supports a maximum line size of 1023 bytes. When virtualmin generates a config file the Domain line is a join of all domains with comma separation which easily can exceed 1023 bytes.
I've written an upstream opendkim patch, it only extends the buffer however. (https://sourceforge.net/tracker/?func=detail&aid=3596147&group_id=269812...).
A simpler option is to have opendkim.conf contain:
Domains /etc/opendkim-domains.txt KeyFile /etc/dkim.key
and /etc/opendkim-domains.txt to contain the raw list of domains each on its own line.
Patch attached
Status:
Closed (fixed)
Comments
Submitted by danblack on Fri, 12/14/2012 - 23:59 Comment #1
Domain /etc/opendkim-domains.txt (not domains)
Submitted by JamieCameron on Sat, 12/15/2012 - 12:45 Comment #2
That's an excellent suggestion!
Do all OpenDKIM versions support use of a filename in the Domains line though? I don't see any mention of it in what looks like the official man page at http://www.opendkim.org/opendkim.conf.5.html
Submitted by danblack on Sun, 12/16/2012 - 03:26 Comment #3
looks like was introduced in commit id 961fa0e0e611bb9577a66eb7c3c4974e8929bd16 Wed Oct 28 03:30:27 2009 in preparation for 1.2.0 release.
Scary. Looks like I as an active opendkim dev then.
Definitely works in opendkim_2.0.1 on debian stable.
On the man page it says Domain (dataset) (not "Domains" as I previously typed). Dataset is defined http://www.opendkim.org/opendkim.8.html and it comes under i) , files beginning with /.
Just to clarify the right syntax is:
Selector 2012a
Domain /etc/opendkim-domains.txt
KeyFile /etc/dkim.key
Submitted by danblack on Sun, 12/16/2012 - 04:04 Comment #4
another useful default setting in the opendkim.conf:
Canonicalization relaxed/relaxed
This is in all opendkim versions. It causes the signing to occur in such a way that the header and the body can undergo a limited types of whitespace changes and header wrapping.
https://tools.ietf.org/html/rfc6376#section-3.4
Submitted by danblack on Sun, 12/16/2012 - 05:49 Comment #5
note even in a file opendkim needs to be reloaded if domains are added.
Submitted by JamieCameron on Sun, 12/16/2012 - 18:33 Comment #6
Thanks - the next release of Virtualmin (version 3.98) will use a file in the Domain directive, to avoid this line length issue.
Submitted by Issues on Sun, 12/30/2012 - 18:46 Comment #7
Automatically closed -- issue fixed for 2 weeks with no activity.