FreeBSD-11 OpenDKIM uid and gid

[Jim Ohlstein]

Hello,

On 4/7/17 1:04 PM, James B. Byrne via freebsd-questions wrote:
> I am configuring a replacement MX service in a FreeBSD jail.  I have
> installed the Postfix and OpenDKIM packages (among others).  The
> configuration file for OpenDKIM differs somewhat from the version I
> use on CentOS-6 but the problem I have is with a setting common to
> both: UserID.
>
> In the CentOS version the setting is:
>
> UserID opendkim:opendkim
>
> and on CentOS hosts with OpenDKIM installed /etc/passwd contains this:
>
> opendkim:x:488:488:OpenDKIM Milter:/var/run/opendkim:/sbin/nologin
>
> But the version of OpenDKIM I have on FreeBSD creates no entry for a
> user named opendkim in /etc/passwd when the package is installed. My
> question is therefore: What username should I use?  Do I create a user
> named opendkim? And a similarly named group as well?  Or is this
> setting superfluous?
>
>

It's up to you. I only use Postfix/OpenDKIM with Mailman (Mailman and 
Postfix just work so well together), so I don't have a lot of experience 
with that combination. Looking at my setup I have added an unprivileged 
user "opendkim" to the "mail" group, with a home directory of 
/var/db/opendkim. That directory, incidentally, is where I store the 
private key, in a file with 600 permissions.

I then run OpenDKIM under that user with the following in /etc/rc.conf:

milteropendkim_enable="YES"
milteropendkim_uid="opendkim"

You can find more info as to runtime variables in:

/usr/local/etc/rc.d/milter-opendkim

-- 
Jim Ohlstein


"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain