Bug 230685 - mail/opendkim fails to start when socket directory /var/run/milteropendkim has group write acl
Summary: mail/opendkim fails to start when socket directory /var/run/milteropendkim ha...
Status: Closed DUPLICATE of bug 254762
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-17 06:39 UTC by dewayne
Modified: 2021-04-15 19:19 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (freebsd-ports)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description dewayne 2018-08-17 06:39:06 UTC
The /usr/local/etc/rc.d/milter-opendkim is really very good, thankyou.  However I experience startup failures which sendmail advises via its maillog:
Aug 17 13:47:11 b3 sm-mta[4193]: w7H3lB78004193: Milter (dkim): local socket name /var/run/milteropendkim/sock unsafe

Gasp!

sendmail doesn't like group write permissions on /var/run/milteropendkim/.

FIX
Modifying all instances of "_piddir_perms=" in the startup rc file, to
_piddir_perms="0750"
fixes the issue.  

And for package builds, the same step needs to be applied to 
/usr/ports/mail/opendkim/files/milter-opendkim.in

BACKGROUND
My env is FreeBSD11.2, the rc.conf entries are
milteropendkim_enable="YES"
milteropendkim_uid="dkim"
milteropendkim_cfgfile="/usr/local/etc/opendkim.conf"
milteropendkim_socket="/var/run/milteropendkim/sock"
Comment 1 Chris Rees freebsd_committer 2021-04-15 11:29:50 UTC
I'm sorry that this has been missed Dewayne; the same issue was picked up again recently and I have a fix, so I'll mark this as a duplicate (even though it predates the one I've prioritised).

*** This bug has been marked as a duplicate of bug 254762 ***
Comment 2 dewayne 2021-04-15 19:19:03 UTC
(In reply to Chris Rees from comment #1)
Thanks Chris, I'm glad it was addressed, and what a useful PR :)

Though I've since migrated to using s6 (rather than rc) where I address these setup issues and gain additional "peace of mind" benefits ;)