From owner-freebsd-questions@freebsd.org  Sat Apr  8 02:19:43 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 095FED33067
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat,  8 Apr 2017 02:19:43 +0000 (UTC) (envelope-from jim@ohlste.in)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com
 [IPv6:2607:f8b0:400d:c09::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C00AD214
 for <freebsd-questions@freebsd.org>; Sat,  8 Apr 2017 02:19:42 +0000 (UTC)
 (envelope-from jim@ohlste.in)
Received: by mail-qk0-x22a.google.com with SMTP id p68so51181859qke.1
 for <freebsd-questions@freebsd.org>; Fri, 07 Apr 2017 19:19:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ohlste-in.20150623.gappssmtp.com; s=20150623;
 h=subject:to:references:from:cc:message-id:date:user-agent
 :mime-version:in-reply-to:content-transfer-encoding;
 bh=eBuroMx3aT5dHRtRI7PrKVM2wFflXgl07eRBi3tg5AY=;
 b=MikFrQPWyvwOWtNBP4ZZkubjz5ISZVk8cdLUjoZYEDZP8Y8ApcZwtyYKzSvbK100kX
 U2c0QCKB+GqPnb46UzzL9qLT7FSVtiODCu2L+3YAWhb0er/iebOp+9eHQ3imbmx61usE
 Z1OKns+Rlv+S+FgSnNh+PpimiMO9SNYm9i0tuTIRT3Y0t1T3yPPjnqaEQVZnU/V2U0DK
 Aoh36aMGKaPxVvJQ0Sutm4hBbOBWnOPaMbQucVSrBnRoAxpubG4hYXNpKAaYiGBov5t7
 sq9/chlsAkicyGFPnrUo/Vv7NB7DocJzYaVQPJqAY1uQwpZeozySazVbkCFkccl7MICu
 cF0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:from:cc:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding;
 bh=eBuroMx3aT5dHRtRI7PrKVM2wFflXgl07eRBi3tg5AY=;
 b=O486mSFJQaENxV6Yc6rSBv2jRfhV4N/loIyIRhmpYEqJg/jR5jhetNDGjptNCQ14L6
 cKVjyYMjL1sjC336yDie1rieg4tPkXW06/Q23UYoh8/L69Au5yUooLM/qRw8KVPadAOJ
 tp4dYC7aRV45i7vEJBB4DsngUbJXXAH2/DZNVBXR6gqHuzz0baSE5t43z5KFZQbTWPbM
 rE9PIC0YLqvTT8XkD6TChdQERiVH7lpba2Mq0h5Xhbfn4dJOtkasZjFsIG5k0YL05kO8
 rIzbTA+nVw+JMATdnjhL4DQi/vCE2Q65TpDyT08atRKxEixxcoP0TID/c5NQtcb/RuN0
 O2RQ==
X-Gm-Message-State: AN3rC/47bkqpkJkDS5040GuneCAW47ZLLpyXee/p3CYQv0HhwrPDRiRA3J1YMG75jEFNjQ==
X-Received: by 10.55.110.67 with SMTP id j64mr13604007qkc.6.1491617981112;
 Fri, 07 Apr 2017 19:19:41 -0700 (PDT)
Received: from [192.168.1.10] (pool-108-39-64-29.nrflva.fios.verizon.net.
 [108.39.64.29])
 by smtp.googlemail.com with ESMTPSA id v4sm4259525qtg.0.2017.04.07.19.19.39
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 07 Apr 2017 19:19:39 -0700 (PDT)
Subject: Re: FreeBSD-11 OpenDKIM uid and gid
To: byrnejb@harte-lyne.ca
References: <a8aec87a5f6602e469a394ca04c1a4d3.squirrel@webmail.harte-lyne.ca>
From: Jim Ohlstein <jim@ohlste.in>
Cc: freebsd-questions@freebsd.org
Message-ID: <725756aa-6fab-1c68-ab1c-8d903b9cdc6a@ohlste.in>
Date: Fri, 7 Apr 2017 22:19:38 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <a8aec87a5f6602e469a394ca04c1a4d3.squirrel@webmail.harte-lyne.ca>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2017 02:19:43 -0000

Hello,

On 4/7/17 1:04 PM, James B. Byrne via freebsd-questions wrote:
> I am configuring a replacement MX service in a FreeBSD jail.  I have
> installed the Postfix and OpenDKIM packages (among others).  The
> configuration file for OpenDKIM differs somewhat from the version I
> use on CentOS-6 but the problem I have is with a setting common to
> both: UserID.
>
> In the CentOS version the setting is:
>
> UserID opendkim:opendkim
>
> and on CentOS hosts with OpenDKIM installed /etc/passwd contains this:
>
> opendkim:x:488:488:OpenDKIM Milter:/var/run/opendkim:/sbin/nologin
>
> But the version of OpenDKIM I have on FreeBSD creates no entry for a
> user named opendkim in /etc/passwd when the package is installed. My
> question is therefore: What username should I use?  Do I create a user
> named opendkim? And a similarly named group as well?  Or is this
> setting superfluous?
>
>

It's up to you. I only use Postfix/OpenDKIM with Mailman (Mailman and 
Postfix just work so well together), so I don't have a lot of experience 
with that combination. Looking at my setup I have added an unprivileged 
user "opendkim" to the "mail" group, with a home directory of 
/var/db/opendkim. That directory, incidentally, is where I store the 
private key, in a file with 600 permissions.

I then run OpenDKIM under that user with the following in /etc/rc.conf:

milteropendkim_enable="YES"
milteropendkim_uid="opendkim"

You can find more info as to runtime variables in:

/usr/local/etc/rc.d/milter-opendkim

-- 
Jim Ohlstein


"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain