[opendmarc-users] new Ubuntu config questions

Michael Fox news at mefox.org
Sun Jul 29 23:20:06 PDT 2018 

Thanks Juri,  Some follow-up below...

> > 1)  PidFile:
> > opendmarc.conf came pre-configured with "PidFile
> /var/run/opendmarc.pid".
> > But when I look in the /var/run directory, the PID file is actually in
> > /var/run/opendmarc/opendmarc.pid.
> > And when I look in /var/log/mail.log, I see it was started with the -P
> > option:
> > ... opendmarc[11740]: OpenDMARC Filter v1.3.1 starting (args: -c
> > /etc/opendmarc.conf -u opendmarc -P /var/run/opendmarc/opendmarc.pid)
> > Question:  The actual location (/var/run/opendmarc/opendmarc.pid) is
> fine
> > with me.  But why isn't the PidFile value in the config file being used?
> 
> Because command line options take precedence over config file options -
> most programs work like this.

OK, technically, command line may override config file.  BUT, the command
line arguments are set by the init script, not by the user.  Editing init
scripts is generally frowned upon, especially since they may be updated the
next time the package is updated.

For configuring the socket, the init script checks the config file for a
configured socket and, if configured, doesn't issue the command line
argument for the socket.  It seems it should do the same for the PidFile
(and any other command line option).  Or else, what's the point of offering
the PidFile option in the config file?  Right?  Perhaps this is a package
maintainer issue (whoever rights the init script)?

For now, I'll just set the opendmarc.conf PidFile value to the same as what
the init script sets on the command line, simply as a reminder of where the
file actually is.

 
> > 2)  Public Suffix list:
> > opendmarc.conf came pre-configured with "PublicSuffixList
> > /usr/share/publicsuffix/"
> > But I see the file is actually at
> > "/usr/share/publicsuffix/public_suffic_list.dat"
> > The text in the config file says "Specifies the path to a file", not to
> a
> > directory.
> > Question:  Again, the actual location is fine with me.  But why isn't
> the
> > PublicSuffixList value in the config file being used?
> 
> It is used, but it looks like you found a little bug - error logging
> should
> trigger here, but didn't. Will look into it.

More Info:

Value in opendmarc.conf as supplied in Ubuntu package:
PublicSuffixList /usr/share/publicsuffix/

$ ls -l /usr/share/publicsuffix
total 180
lrwxrwxrwx 1 root root     22 Feb  4  2016 effective_tld_names.dat ->
public_suffix_list.dat
-rw-r--r-- 1 root root 180969 Jan 30  2016 public_suffix_list.dat

I tried configuring "PublicSuffixList
/usr/share/publicsuffix/public_suffix_list.dat"
But then startup failed:

Jul 29 22:18:31 ... opendmarc[31811]: OpenDMARC Filter: mi_stop=1
Jul 29 22:18:31 ... opendmarc[31811]: OpenDMARC Filter v1.3.1 terminating
with status 0, errno = 0
Jul 29 22:18:32 ... opendmarc[32128]: opendmarc_policy_library_init() failed

I set it back to the directory name and startup worked:

Jul 29 22:21:24 ... opendmarc[32387]: OpenDMARC Filter v1.3.1 starting
(args: -c /etc/opendmarc.conf -u opendmarc -P
/var/run/opendmarc/opendmarc.pid)
Jul 29 22:21:24 ... opendmarc[32387]: additional trusted authentication
services: (none)

So ... maybe the comment in the config file sample is incorrect and it
really is supposed to the directory name and not a path to a file?

 
> > 3)  History File:
> > I tried to turn on the history file.
> > In opendmarc.conf, I uncommented "HistoryFile /var/run/opendmarc.dat"
> > After restarting opendmarc and receiving some mail, there is still no
> > history file.
> > Since /var/run is owned by root, I tried setting "HistoryFile
> > /var/run/opendmarc/opendmarc.dat" to match the actual PID file path.
> > After restarting opendmarc and receiving some mail, still no history
> file.
> > Question:  Why isn't the HistoryFile value in the config file being
> used?
> 
> It is used, but per default mails are only logged to the HistoryFile if
> the
> From-domain has a DMARC entry (can be changed with RecordAllMessages).
> I recommend to use /var/lib/opendmarc to store the HistoryFile as this
> location is preserved across reboots.

OK.  Thanks.
So, here's what I did that appears to be working (Ubuntu package maintainer
please take note):
$ sudo mkdir /var/lib/opendmarc
$ sudo chown opendmarc:opendmarc /var/lib/opendmarc
opendmarc.conf:
  HistoryFile /var/lib/opendmarc/opendmarc.dat
  RecordAllMessages true    (for now, while I'm testing)
Add logrotate config to rotate the file weekly


> > Lastly, is there a way to display all of the values of all config
> variables
> > known by opendmarc?  It would help in understanding if opendmarc is
> using
> > the same value as in the config file.
> 
> Maybe if you turn on debugging, but I'm not sure about that, but usually
> it
> is not needed as the options from the config file and the command line are
> used - they are not silently ignored.

Not needed ... except when you're trying to run down problems like above.
;-)
The "environment" (total of all config options), is a combination of the
command line options set by the init script and /etc/default/opendmarc and
/etc/opendmarc.conf.  So it would be helpful to be able to see the merged
result as opendmarc understands them to be.

If you're familiar with Postfix, I'm thinking of something like "postconf
-p" to spit out all options and values so we can see what opendmarc thinks
they are. In this case, maybe "opendmarc -e" could spit out the
"environment".

Thanks!
Michael

More information about the opendmarc-users mailing list