Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 148815 Details for
Bug 216136
mail-filter/dkim-milter-2.5.2 segfaults on startup
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
dkim-filter.conf
dkim-filter.conf (text/plain), 8.56 KB, created by
Craig Andrews
on 2008-04-06 05:03:30 UTC
(
hide
)
Description:
dkim-filter.conf
Filename:
MIME Type:
Creator:
Craig Andrews
Created:
2008-04-06 05:03:30 UTC
Size:
8.56 KB
patch
obsolete
>## >## dkim-filter.conf -- configuration file for DKIM filter >## >## $Id: dkim-filter.conf.sample,v 1.13 2007/12/14 07:22:19 msk Exp $ >## > >## AlwaysSignHeaders header-list >## default (none) >## >## Specifies a list of headers whose names should appear in signatures >## whether or not they were signed, preventing their later addition. > ># AlwaysSignHeaders header1:header2:... > >## AutoRestart { yes | no } >## default "no" >## >## Indicate whether or not the filter should arrange to restart automatically >## if it crashes. > >AutoRestart Yes > >## BodyLengths { yes | no } >## default "no" >## >## Indicate whether or not signatures with body length tags should be >## generated. > ># BodyLengths No > >## Canonicalization hdrcanon[/bodycanon] >## default "simple/simple" >## >## Select canonicalizations to use when signing. If the "bodycanon" is >## omitted, "simple" is used. Valid values for each are "simple" and >## "relaxed". > ># Canonicalization simple/simple > >## ClockDrift n >## default 300 >## >## Specify the tolerance range for expired signatures or signatures >## which appear to have timestamps in the future, allowing for clock >## drift. > ># ClockDrift 300 > >## Diagnostics { yes | no } >## default "no" >## >## Specifies whether or not signatures with header diagnostic tags should >## be generated. > ># Diagnostics No > >## DNSTimeout n >## default 10 >## >## Specify the time in seconds to wait for replies from the nameserver when >## requesting keys or signing policies. > ># DNSTimeout 10 > >## Domain name[,...] >## >## Specify for which domain(s) signing should be done. No default; must >## be specified for signing. > >Domain integralblue.com > >## ExternalIgnoreList filename >## >## Names a file from which a list of externally-trusted hosts is read. >## These are hosts which are allowed to send mail through you for signing. >## Automatically contains 127.0.0.1. See man page for file format. > ># ExternalIgnoreList filename > >## KeyFile filename >## >## Specifies the path to the private key to use when signing. Ignored if >## Keylist is set. No default; must be specified for signing. > >KeyFile /etc/mail/dkim-filter/irrational.private > >## KeyList filename >## >## Specifies the path to the list of keys and signing domains to be applied >## by the signing filter. The entries in this file should be of the form: >## >## pattern:domain:keypath >## >## ...where "pattern" is a pattern of user@host to match, with "*" being >## allowed as a wildcard; "domain" is the signing domain; and "keypath" >## is the path to the private key to use to generate signatures for such >## users. The selector used will be the filename portion of "keypath". >## Blank lines are ignored, and the hash ("#") character is interpreted >## as the beginning of a comment. See dkim-filter.conf(5) for more >## information. > ># KeyList /etc/mail/dkim-filter/keylist > >## InternalHosts filename >## >## Names a file from which a list of internal hosts is read. These are >## hosts from which mail should be signed rather than verified. >## Automatically contains 127.0.0.1. See man page for file format. > ># InternalHosts /etc/mail/dkim-filter/internalhosts > >## MacroList macro[=value][,...] >## >## Gives a set of MTA-provided macros which should be checked to see >## if the sender has been determined to be a local user and therefore >## whether or not signing should be done. See dkim-filter.conf(5) for >## more information. > ># Macrolist foo=bar,baz=blivit > >## MaximumHeaders n >## >## Disallow messages whose header blocks are bigger than "n" bytes. >## Intended to detect and block a denial-of-service attack. The default >## is 65536. A value of 0 disables this test. > ># MaximumHeaders n > >## MaximumSignedBytes n >## >## Don't sign more than "n" bytes of the message. The default is to >## sign the entire message. Setting this implies "BodyLengths". > ># MaximumSignedBytes n > >## Minimum n[% | +] >## default 0 >## >## Sets a minimum signing volume; one of the following formats: >## n at least n bytes (or the whole message, whichever is less) >## must be signed >## n% at least n% of the message must be signed >## n+ if a length limit was presented in the signature, no more than >## n bytes may have been added > ># Minimum n > >## Mode [sv] >## default sv >## >## Indicates which mode(s) of operation should be provided. "s" means >## "sign", "v" means "verify". > ># Mode sv > >## MTA mtaname[,...] >## >## Specifies a list of MTAs whos mail should always be signed rather than >## verified. The "mtaname" is extracted from the DaemonPortOptions line >## in effect. > ># MTA name > >## OmitHeaders >## default (none) >## >## Specifies a list of headers that should always be omitted when signing. >## Header names should be separated by commas. > ># OmitHeaders header1,header2,... > >## On-... >## >## Specifies what to do when certain error conditions are encountered. >## >## See dkim-filter.conf(5) for more information. > ># On-Default ># On-BadSignature ># On-DNSError ># On-InternalError ># On-NoSignature ># On-Security ># On-SignatureMissing > >## PeerList filename >## >## Contains a list of IP addresses, CIDR blocks, hostnames or domain names >## whose mail should be neither signed nor verified by this filter. See man >## page for file format. > ># PeerList filename > >## Quarantine { yes | no } >## default "no" >## >## Indicates whether or not the filter should arrange to quarantine mail >## which fails verification. Intended for diagnostic use only. > ># Quarantine No > >## RemoveARAll { yes | no } >## default "no" >## >## Remove all Authentication-Results: headers on all arriving mail. > ># RemoveARAll No > >## RemoveARFrom list >## default (none) >## >## Remove all Authentication-Results: headers on all arriving mail that >## claim to have been added by hosts listed in this parameter. The list >## should be comma-separated. Entire domains may be specified by preceding >## the dopmain name by a single dot (".") character. > ># RemoveARFrom host1,host2,.domain1,.domain2,... > >## RemoveOldSignatures { yes | no } >## default "no" >## >## Remove old signatures on messages, if any, when generating a signature. > ># RemoveOldSignatures No > >## Selector name >## >## The name of the selector to use when signing. No default; must be >## specified for signing. > >Selector irrational > >## SendReports { yes | no } >## default "no" >## >## Specifies whether or not the filter should generate report mail back >## to senders when verification fails and an address for such a purpose >## is provided. See dkim-filter.conf(5) for details. > ># SendReports No > >## SignatureAlgorithm signalg >## default "rsa-sha256" >## >## Signature algorithm to use when generating signatures. Must be either >## "rsa-sha1" or "rsa-sha256". > ># SignatureAlgorithm rsa-sha256 > >## SignatureTTL seconds >## default "0" >## >## Specifies the lifetime in seconds of signatures generated by the >## filter. A value of 0 means no expiration time is included in the >## signature. > ># SignatureTTL 0 > >## Socket socketspec >## >## Names the socket where this filter should listen for milter connections >## from the MTA. Required. Should be in one of these forms: >## >## inet:port@address to listen on a specific interface >## inet:port to listen on all interfaces >## local:/path/to/socket to listen on a UNIX domain socket > >Socket local:/var/run/dkim-filter/dkim-filter.sock > >## SubDomains { yes | no } >## default "no" >## >## Sign for subdomains as well? > ># SubDomains No > >## Syslog { yes | no } >## default "no" >## >## Log informational and error activity to syslog? > ># Syslog No > >## SyslogSuccess { yes | no } >## default "no" >## >## Log success activity to syslog? > ># SyslogSuccess No > >## UMask mask >## default (none) >## >## Change the process umask for file creation to the specified value. >## The system has its own default which will be used (usually 022). >## See the umask(2) man page for more information. > >UMask 002 > >## Userid userid >## default (none) >## >## Change to user "userid" before starting normal operation? May include >## a group ID as well, separated from the userid by a colon. > >UserID milter > >## UseSSPDeny { yes | no } >## default "no" >## >## Reject messages which are determined to be "suspicious" according to the >## sending domain's published signing procedure (SSP) record if that record >## also recommends rejection of such messages. > ># UseSSPDeny No > >## X-Header { yes | no } >## default "no" >## >## Add an X- header to messages passing through this filter to identify >## messages it has processed. > >X-Header Yes > >## Statistics filename >## >## Names a file to which useful statistics will be saved. >## See man dkim-stats page > >Statistics /var/run/dkim-filter/dkim-filter.stats
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=148815">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 216136
: 148815
