Skip to content

REFERENCE.md

Latest commit

 

History

History
456 lines (261 loc) · 11.7 KB

REFERENCE.md

File metadata and controls

456 lines (261 loc) · 11.7 KB

Reference

Table of Contents

Classes

Public Classes

  • opendkim: This class manages the opendkim service.

Private Classes

  • opendkim::config: Configure opendkim
  • opendkim::install: Managing the opendkim installation
  • opendkim::service: Managing the opendkim service
  • opendkim::user: Managing the opendkim user

Data types

Classes

opendkim

This class manages the opendkim service.

  • See also
    • Please
      • see the README.md

Parameters

The following parameters are available in the opendkim class:

user

Data type: String[1]

Name of the user running the service.

Default value: 'opendkim'

uid

Data type: Optional[Integer[0]]

UserID from the user running the service.

Default value: undef

user_shell

Data type: Stdlib::Absolutepath

Sets the login shell of user running the service.

Default value: '/usr/sbin/nologin'

user_system

Data type: Boolean

Switch if user should be use systemuser uid range or normal user uid range.

Default value: true

homedir

Data type: Stdlib::Absolutepath

Homedir of the user running the service.

Default value: '/run/opendkim'

group

Data type: String[1]

Name of the group running the service. Also also set as primary group of the user running the service.

Default value: 'opendkim'

gid

Data type: Optional[Integer[0]]

GroupID from the group running the service.

Default value: undef

group_system

Data type: Boolean

Switch if group should be use systemgroup gid range or normal group gid range.

Default value: true

configdir

Data type: Stdlib::Absolutepath

Directory where the configurations will be located.

Default value: '/etc/opendkim'

configfile

Data type: Stdlib::Absolutepath

Path of the main config file.

Default value: '/etc/opendkim.conf'

pidfile

Data type: Stdlib::Absolutepath

Path of the process id file of the service.

Default value: '/run/opendkim/opendkim.pid'

rundir_mode

Data type: Pattern[/\A[0-7]{3,4}\z/]

Run directory permission of the service.

Default value: '0755'

sysconfigfile

Data type: Optional[Stdlib::Absolutepath]

Path of the sysconfig file.

Default value: undef

package_name

Data type: String[1]

Name of the package providing opendkim.

Default value: 'opendkim'

service_name

Data type: String[1]

Name of the service

Default value: 'opendkim'

service_ensure

Data type: Stdlib::Ensure::Service

Defines the state of the service.

Default value: 'running'

service_enable

Data type: Boolean

Switch if service should boot at startup.

Default value: true

log_why

Data type: Variant[Boolean,Enum['yes','no']]

If logging is enabled, issues very detailed logging about the logic behind the filter’s decision to either sign a message or verify it.

Default value: 'no'

subdomains

Data type: Variant[Boolean,Enum['yes','no']]

Sign subdomains of those listed by the Domain parameter as well as the actual domains.

Default value: 'yes'

socket

Data type: String

The socket the service should listen on.

Default value: 'inet:8891@127.0.0.1'

umask

Data type: Pattern[/\A[0-7]{3,4}\z/]

Requests a specific permissions mask to be used for file creation. This only really applies to creation of the socket when Socket specifies a UNIX domain socket, and to the PidFile.

Default value: '0022'

nameservers

Data type: Array[Stdlib::IP::Address]

List of IP addresses that are to be used when doing DNS queries to retrieve DKIM keys, VBR records, etc.

Default value: []

mode

Data type: Pattern[/\A[sv]{1,2}\z/]

Selects operating modes. The string is a concatenation of characters that indicate which mode(s) of operation are desired.

Default value: 'sv'

canonicalization

Data type: Pattern[/\A((relaxed|simple)\/)?(relaxed|simple)\z/]

Selects the canonicalization method(s) to be used when signing messages. When verifying, the message’s DKIM-Signature: header field specifies the canonicalization method. The recognized values are relaxed and simple as defined by the DKIM specification. The value may include two different canonicalizations separated by a slash ("/") character, in which case the first will be applied to the header and the second to the body.

Default value: 'relaxed/simple'

removeoldsignatures

Data type: Variant[Boolean,Enum['yes','no']]

Removes all existing signatures when operating in signing mode.

Default value: 'no'

maximum_signed_bytes

Data type: Optional[Integer[1]]

Specifies the maximum number of bytes of message body to be signed. Messages shorter than this limit will be signed in their entirety.

Default value: undef

trustanchorfile

Data type: Optional[Stdlib::Absolutepath]

Specifies a file from which trust anchor data should be read when doing DNS queries and applying the DNSSEC protocol.

Default value: undef

senderheaders

Data type: Optional[Array[String,1]]

Specifies an ordered list of header fields that should be searched to determine the sender of a message. The first header field found is the one whose value is used. This is mainly used when signing for deciding which signing request(s) to make.

Default value: undef

signaturealgorithm

Data type: Optional[String[1]]

Selects the signing algorithm to use when generating signatures.

Default value: undef

minimumkeybits

Data type: Optional[Integer[1]]

Establishes a minimum key size for acceptable signatures. Signatures with smaller key sizes, even if they otherwise pass DKIM validation, will me marked as invalid.

Default value: undef

additional_options

Data type: Hash[String,Variant[Array[String],String,Integer,Boolean]]

These options will be also written into the opendkim config file

Default value: {}

trusted_hosts

Data type: Array[String,1]

Hosts that may send mail through the server as one of the signing domains without credentials and whose mail should be signed rather than verified.

Default value: ['::1', '127.0.0.1', 'localhost']

manage_private_keys

Data type: Boolean

Switch for the mangement of the private key files.

Default value: true

keys

Data type: Array[Opendkim::Key]

Structure of the keys to manage and to generate the configure from.

Default value: []

alldomain

Data type: Boolean

Switch for an alternative mangement mode that only configures one key that will be used to sign all domains.

Default value: false

selector

Data type: Optional[String[1]]

The selector used for signing in alldomain mode.

Default value: undef

publickey

Data type: Optional[String[1]]

The publickey used for signing in alldomain mode.

Default value: undef

publickeyextended

Data type: Optional[String[1]]

Deprecated: Just use publickey. The template will split the in chunks for the dns txt file.

The publickeyextended used for signing in alldomain mode.

Default value: undef

privatekey

Data type: Optional[String[1]]

The privatekey used for signing in alldomain mode.

Default value: undef

key_algorithm

Data type: Optional[String[1]]

The key_algorithm used for signing in alldomain mode.

Default value: undef

hash_algorithms

Data type: Optional[String[1]]

The hash_algorithms used for signing in alldomain mode.

Default value: undef

autorestart

Data type: Optional[Variant[Boolean,Enum['yes','no']]]

Either boolean or yes/no as to whether opendkim should restart on failure

Default value: undef

autorestartrate

Data type: Optional[Pattern[/\A[0-9]+\/[0-9]+[sSmMhHdD]\z/]]

The rate limit on auto restarting

Default value: undef

Data types

Opendkim::Key

Validate an opendkim key struct

Alias of

Struct[{
    domain            => String[1],
    selector          => String[1],
    key_algorithm     => Optional[String[1]],
    hash_algorithms   => Optional[String[1]],
    publickey         => String[1],
    publickeyextended => Optional[String[1]],
    privatekey        => Variant[String[1],Deferred],
    signingdomains    => Array[String[1]],
}]