MDL-69513 email: Add support for email DKIM signatures

moodle · Oct 19, 2020 · 1b47d4b · 1b47d4b
1 parent 149fdcf
commit 1b47d4b
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 1 deletion.
diff --git a/admin/classes/form/testoutgoingmailconf_form.php b/admin/classes/form/testoutgoingmailconf_form.php
@@ -43,7 +43,7 @@ public function definition() {
         $mform = $this->_form;
 
         // Recipient.
-        $options = ['maxlength' => '100', 'size' => '25'];
+        $options = ['maxlength' => '100', 'size' => '25', 'autocomplete' => 'email'];
         $mform->addElement('text', 'recipient', get_string('testoutgoingmailconf_toemail', 'admin'), $options);
         $mform->setType('recipient', PARAM_EMAIL);
         $mform->addRule('recipient', get_string('required'), 'required');

diff --git a/admin/settings/server.php b/admin/settings/server.php
@@ -455,6 +455,15 @@
         new lang_string('divertallemailsexcept_desc', 'admin'),
         '', PARAM_RAW, '50', '4'));
 
+    $noreplyaddress = isset($CFG->noreplyaddress) ? $CFG->noreplyaddress : 'noreply@example.com';
+    $dkimdomain = substr(strrchr($noreplyaddress, "@"), 1);
+    $dkimselector = empty($CFG->emaildkimselector) ? '[selector]' : $CFG->emaildkimselector;
+    $pempath = "{$CFG->dataroot}/dkim/{$dkimdomain}/{$dkimselector}.private";
+    $temp->add(new admin_setting_heading('emaildkim', new lang_string('emaildkim', 'admin'),
+        new lang_string('emaildkiminfo', 'admin', ['path' => $pempath, 'docs' => \get_docs_url('Mail_configuration#DKIM')])));
+    $temp->add(new admin_setting_configtext('emaildkimselector', new lang_string('emaildkimselector', 'admin'),
+        new lang_string('configemaildkimselector', 'admin'), '', PARAM_FILE));
+
     $url = new moodle_url('/admin/testoutgoingmailconf.php');
     $link = html_writer::link($url, get_string('testoutgoingmailconf', 'admin'));
     $temp->add(new admin_setting_heading('testoutgoinmailc', new lang_string('testoutgoingmailconf', 'admin'),

diff --git a/lang/en/admin.php b/lang/en/admin.php
@@ -231,6 +231,7 @@
 $string['configemailfromvia'] = 'Add via information in the "From" section of outgoing email. This informs the recipient from where this email came from and also helps combat recipients accidentally replying to no-reply email addresses.';
 $string['configemailsubjectprefix'] = 'Text to be prefixed to the subject line of all outgoing mail.';
 $string['configemailheaders'] = 'Raw email headers to be added verbatim to all outgoing email.';
+$string['configemaildkimselector'] = 'The DKIM selector is arbitrary and your DNS record(s) must match this.';
 $string['configenablecalendarexport'] = 'Enable exporting or subscribing to calendars.';
 $string['configenablecomments'] = 'Enable comments';
 $string['configenablecourserequests'] = 'If enabled, users with the capability to request new courses (moodle/course:request) will have the option to request a course. This capability is not allowed for any of the default roles. It may be applied in the system or category context.';
@@ -529,6 +530,9 @@
 $string['editorspellinghelp'] = 'Enable or disable spell-checking. When enabled, <strong>aspell</strong> must be installed on the server.';
 $string['editstrings'] = 'Edit words or phrases';
 $string['emailchangeconfirmation'] = 'Email change confirmation';
+$string['emaildkim'] = 'DKIM email signing';
+$string['emaildkimselector'] = 'DKIM selector';
+$string['emaildkiminfo'] = 'If both the DKIM selector is set and a private certificate file is found which matches the emails From domain in sitedata/dkim/[domain]/[selector].private then the email will be signed. In most cases (ie if allowedemaildomains is empty) then only a single certificate is needed in: <code>{$a->path}</code>. For more setup details see <a href="{$a->docs}">{$a->docs}</a>.';
 $string['emailfromvia'] = 'Email via information';
 $string['emailheaders'] = 'Email headers';
 $string['emailsubjectprefix'] = 'Email subject prefix text';

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -6384,6 +6384,19 @@ function email_to_user($user, $from, $subject, $messagetext, $messagehtml = '',
         $mail->addReplyTo($values[0], $values[1]);
     }
 
+    if (!empty($CFG->emaildkimselector)) {
+        $domain = substr(strrchr($mail->From, "@"), 1);
+        $pempath = "{$CFG->dataroot}/dkim/{$domain}/{$CFG->emaildkimselector}.private";
+        if (file_exists($pempath)) {
+            $mail->DKIM_domain      = $domain;
+            $mail->DKIM_private     = $pempath;
+            $mail->DKIM_selector    = $CFG->emaildkimselector;
+            $mail->DKIM_identity    = $mail->From;
+        } else {
+            debugging("Email DKIM selector chosen due to {$mail->From} but no certificate found at $pempath", DEBUG_DEVELOPER);
+        }
+    }
+
     if ($mail->send()) {
         set_send_count($user);
         if (!empty($mail->SMTPDebug)) {

diff --git a/lib/upgrade.txt b/lib/upgrade.txt
@@ -56,6 +56,7 @@ information provided here is intended especially for developers.
   a callback to be provided to determine whether page can be accessed.
 * New setting $CFG->localtempdir overrides which defaults to sys_get_temp_dir()
 * Function redirect() now emits a line of backtrace into the X-Redirect-By header when debugging is on
+* Add support for email DKIM signatures via $CFG->emaildkimselector
 
 === 3.9 ===
 * Following function has been deprecated, please use \core\task\manager::run_from_cli().