#222 Enhance config file element handling for unrecognized tags/parameters

[Kevin San Diego]

Seen in v.2.10.1:

Last an automatic overnight yum update run via cron upgraded opendkim milter to v.2.10.1. This morning I noticed that mail stopped flowing and began to investigate, noticing that the opendkim milter failed to properly restart as it appears that an old "ADSPAction" tag still existed within /etc/opendkim.conf:

$ sudo /etc/init.d/opendkim start
Starting OpenDKIM Milter: opendkim: /etc/opendkim.conf: configuration error at line 82: unrecognized parameter

$ grep -n ADSPAction /etc/opendkim.conf
82:ADSPAction   reject

In order to not impact system performance when a config tag is not understood (i.e. deprecated, malformed, etc.), I'd suggest the application log errors to stdout and to syslog upon daemon startup but otherwise start if the config error is not completely fatal.

[Murray S. Kucherawy]

I think this is a failure of the package maintainer to account for differences between the 2.10.x series and whatever was there before. I might normally agree with your suggestion, but handling this kind of serious change silently might mean you begin accepting messages (the ones that fail ADSP) that you really believe you should be rejecting. The surprise you found might be a lot less dangerous than the surprise you discovered when a lot of malicious stuff started getting in.

I don't believe a change should be made via an automated process that exposes a security situation.

[Steve Jenkins]

What distro was this on?