This role configures DKIM mail signing service in a hosts that works as a Mail Transport Agent (MTA).
- installs and configures opendkim,
- creates private and public dkim keys for the domains it has to sign, declared in the
- installs postfix and configures it to pass all the messages of the configured domains to be signed by opendkim,
- shows the DNS records with the public keys that must be defined in the public DNS of the domains we sign.
The role requires that you configure all the rest of the mail management and you will need to have access to the DNS configuration of the domains you are requesting to sign. At the end, the role will give you the DNS records with the public keys of the domains that you will have to publish in the global DNS system.
See also comments and default values in role's file
Opendkim package parameters
||/etc/default/opendkim||Opendkim default values configuration file|
||/etc/opendkim||Opendkim configuration directory|
||opendkim||linux user that runs Opendkim|
||opendkim||linux group that runs Opendkim|
Opendkim configuration parameters
||DKIM Public Key DNS record's selector. The definition of a value specific to the MTA server allows to associate the same domain several DKIM Public Keys as DNS records, one for each server that manages and signs mail of the domain.|
||none||e-mail address that manages Opendkim. You must define either
||none||List of domains that Opendkim must be configured to sign the mails of. A yaml list of DNS.|
||true||Whether Opendkim must generate and use the same key for all domains or one specific key for each domain.|
||2048||RSA keylength when generating keys with
Postfix configuration variables
||/etc/postfix/main.cf||Postfix main configuration file|
||List of parameters to be defined in Postfix configuration. Default configuration ensures opendkim is set up as a milter of Postfix to sign mails. You can define additional Postfix parameters using a list union.|
--- - hosts: myserver roles: - role: sunfoxcz.dkim # if admin_email variable is present, will be used as default for dkim_admin_email dkim_admin_email: email@example.com dkim_selector: mail dkim_domains: - domain1.tld - domain2.tld dkim_same_key: false
Licensed under MIT license. See LICENSE for details.