--- opendkim-2.4.2/INSTALL 2011-07-12 22:53:43.000000000 -0700
+++ opendkim-2.4.2-patches/INSTALL 2011-08-22 21:15:28.535480182 -0700
@@ -6,11 +6,11 @@
In order to install the opendkim as a milter to an MTA you will need to
perform the following steps:
-* Compile the opendkim program itself.
+* Install the RPMs for libopendkim and opendkim.
-* Configure the opendkim for signing and/or verification.
+* Configure opendkim for signing and/or verification.
-* Install the opendkim and configure your MTA to use it.
+* Configure your MTA to use opendkim.
Note that there is a difference between "OpenDKIM" and "opendkim".
"OpenDKIM" is a package containing a library, a filter and some tools to
@@ -23,167 +23,100 @@
The opendkim filter program incorporates the libopendkim library and works
with recent versions of sendmail and Postfix or any other MTA that supports
-"milter". For more information about milter, see <http://www.milter.org>.
+"milter". For more information about milter, see <http://www.milter.org/>.
Sendmail is available at <http://www.sendmail.org> and Postfix is available
-at <http://www.postfix.org>.
+at <http://www.postfix.org/>.
-OPTIONAL PACKAGES
-=================
+REQUIREMENTS
+============
-OpenDKIM supports a few optional packages that can be included in the build
-to provide additional services. A few of these become mandatory when
-enabling certain features below. Specifying only the "--with-xxx" parameter
-to the "configure" command (described below) enables the package and makes a
-guess at where it might be installed on your system. If the configure script
-doesn't find it, you will need to specify the location with
-"--with-xxx=location".
+The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later
+for required milter protocol enhancements. For more information on milters:
---with-db BerkeleyDB include file and library. If enabled without
- a specific path, the /usr/local/BerkeleyDB, /usr/local and
- /usr directories will be searched for both the required
- includes and the required libraries. Required for the
- following features: query_cache, stats
+Postfix users, see: http://www.postfix.org/MILTER_README.html
---with-db-incdir
---with-db-libdir
---with-db-lib
- These provide a finer control over the location of BerkeleyDB
- include, library path and libary name where the default
- locations of --with-db are not enough.
+Sendmail users, see: http://www.sendmail.com/sm/partners/milter_partners/
---with-domainkeys
- Sendmail's "libdk" include file and library for verifying
- messages signed with the older DomainKeys specification.
---with-libgcrypt
- Location of GNU's libgcrypt includes and library.
- If not specified, "--with-openssl" is assumed.
+CONFIGURING OPENDKIM
+====================
---with-lua Lua interpreter library. Enables fine-grained policy control
- via Lua script hooks, and also enables building of the
- "miltertest" test tool.
+For a step-by-step How-To on installing and configuring OpenDKIM with Postfix
+or Sendmail on RedHat systems, see:
---with-milter Sendmail's "milter" include file and library. Required
- unless compilation fo the filter is disabled (see below).
- Enabled by default.
+http://packages.stevejenkins.com/opendkim/
---with-odbx Location of the OpenDBX installation on your system.
- Optional; enables use of a number of SQL and ODBC databases
- for configuration information. Version 1.3.7 or later is
- required.
+For general installation and configuration instructions for all supported
+operating systems, refer to the official documentation at:
---with-openldap Location of the OpenLDAP installation on your system.
+http://opendkim.org/docs.html
---with-openssl Location of the OpenSSL installation on your system.
- Either this or libgcrypt required, and this one is assumed
- if libgcrypt is not enabled. If no specific location is
- provided, several common install locations will be searched for
- the required includes and libraries.
+After installing opendkim, you must do the following:
---with-sasl Location of the Cyrus SASL include file definitions. This is
- used for authenticating against LDAP servers.
+* Configure your MTA (Postfix, Sendmail, etc.) to use OpenDKIM.
---with-tre Location of the TRE installation on your system. This
- is required if you are using the "diffheaders" feature.
- If no specific location is provided, the /usr/local and
- /usr directories will be searched for the required includes
- and libraries.
+Postfix users will need to add/edit the smtpd_milters, non_smtpd_milters, and
+milter_default_action parameters in their main.cf file. Generally, adding the
+following lines to main.cf will be enough to get opendkim working with Postfix:
---with-unbound Location of the Unbound DNSSEC capable asynchronous resolver
- library and include file.
-
+smtpd_milters = inet:127.0.0.1:8891
+non_smtpd_milters = inet:127.0.0.1:8891
+milter_default_action = accept
+If you are using a version of Postfix prior to 2.6, you may also need to set
+the milter_protocol parameter in main.cf to "2" with:
-FEATURES
-========
+milter_protocol = 2
-There are several compile-time features you may select. Some of these
-are present but unsupported while others are fully-supported. Read the
-FEATURES file for a description of the unsupported features.
+Sendmail users will need to add the following line to the .mc configuration
+file that was used to build your current sendmail.cf file:
-The supported features are as follows. The can be turned on at compile
-time by adding "--enable-xxx" to the "configure" command line (described
-below), where "xxx" is the name of the feature.
+INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')
-arlib Use the provided asynchronous resolver library.
+Then you will need to build and install a new sendmail.cf from the .mc file.
+Remember to make backups of your sendmail.cf and .mc files before attempting
+any changes.
-debug Produce debug-enabled libraries and executables.
+* Configure opendkim for signing and/or verification.
-filter Compile the opendkim filter. Requires libmilter (see
- "--with-milter" above). This is on by default; if you
- don't want the filter, specify "--disable-filter".
+By default, opendkim is configured for DKIM signature verification of incoming
+mail only. Before you can sign outgoing mail with a DKIM signature, you must:
-maxverify Allow limitation of the number of signatures verified per
- message.
+- generate a set of private and public keys
+- configure opendkim for signing
+- publish your public key via DNS
-oversign Enable optional header field over-signing.
+A default set of keys based on your system's fully qualified domain name
+(FQDN) and using the selector "default" will be generated in
+/etc/opendkim/keys the first time you run:
-popauth Enable POP-before-SMTP support.
+service opendkim start
-query_cache Cache DNS replies in a local database. Requires the
- BerkeleyDB database. (See "--with-db" above.)
+You can also generate your own keys using the opendkim-genkey command.
-stats Produce a filter and tools used for statistics collection,
- analysis and submission.
+After generating your keys, you must edit opendkim.conf and verify that your
+domain name is correct, change the Mode to "s" for signing or "sv" for signing
+and verifying, and configure the KeyFile and Selector parameters. Additional
+options are available for signing for multiple users and/or multiple domains.
+For more information, consult the online documentation or do:
-xtags Support for signature extension tags.
+man opendkim.conf
+You must also publish your public key(s) via DNS before remote mail servers
+can verify your outdoing DKIM signature. Consult your DNS provider's
+documentation on how to do this.
-COMPILING
+MORE INFO
=========
-The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later
-for required milter protocol enhancements.
-
-To build this package you must first have installed or at least have available
-the OpenSSL package and libmilter. The former is available from
-<http://www.openssl.org> or in package form from your vendor. At a minimum
-version 0.9.8 is required to meet DKIM requirements. The application library
-libmilter is part of the sendmail Open Source distribution and can be built
-and installed from there (ftp://ftp.sendmail.org).
-
-As Postfix currently does not provide milter library, you need to have
-sendmail sources or development package installed. See
-http://www.postfix.org/MILTER_README.html
-
-You can view the configuration options with the following command:
-
- ./configure --help
-
-The commands shown below assume a UNIX system with standard build tools
-installed.
-
-Steps to compiling the library and the milter:
+For a step-by-step How-To on installing and configuring OpenDKIM with Postfix
+or Sendmail on RedHat systems, see:
-(1) Download the source from OpenDKIM (http://www.opendkim.org).
-
-(2) Unpack the tarball:
- tar -xzvf opendkim-<version>.tar.gz
-
- Note: Use <version> as the version number that you downloaded.
-
-(3) Change directories to the release directory (opendkim-<version>) that
- was created in step 2.
- cd opendkim-<version>
-
-(4) Run the "configure" script to configure the package for your operating
- system.
- ./configure
-
-(5) Compile the package.
- make
-
-(6) Install the output of the build. You probably need to become the
- superuser to run this step.
- make install
-
-
-CONFIGURING OPENDKIM
-====================
+http://packages.stevejenkins.com/opendkim/
-The README document (in the opendkim directory) covers the installation and
-configuration of opendkim.
+For more information about the OpenDKIM Project, including official
+documentation and support, visit:
-$Id: INSTALL,v 1.22 2010/09/13 01:39:48 cm-msk Exp $
+http://opendkim.org/