This module provides a simplified way of creating configurations to manage your OpenDKIM
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
manifests
spec
templates
tests
.fixtures.yml
.gitignore
.kitchen.yml
.nodeset.yml
.puppet-lint.rc
.rspec
.travis.yml
Gemfile
LICENSE
Modulefile
Puppetfile
README.md
Rakefile
metadata.json

README.md

Build Status

opendkim

Table of Contents

  1. Overview
  2. Module Description
  3. Setup - The basics of getting started with opendkim
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

The opendkim module allows you to set up mail signing and manage DKIM services with minimal effort.

Module Description

OpenDKIM is a widely-used DKIM service, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different domain, as well as a streamlined way to install and configure OpenDKIM service.

Setup

What opendkim affects

  • configuration files and directories (created and written to)
  • package/service/configuration files for OpenDKIM
  • signing domains list
  • trusted hosts list
  • replace headers list
  • replace rules list

Beginning with opendkim

To install OpenDKIM with the default parameters

include opendkim

Add domains for signing

opendkim::domain{['example.com', 'example.org']:}

Add allowed hosts

opendkim::trusted{['10.0.0.0/8', '203.0.113.0/24']:}

Add replace rules

# replace_rules_domain should NOT be defined as the title of a resource body
# if it's an array (i.e. if you have multiple domains to rewrite)
opendkim::replace { 'rewrite-multiple-domains':
  replace_rules_domain => ['example.com', 'example.org'],
  replace_rules_array => ['example.net', 'example.biz'],
}

Usage

For example. There is internal ip 10.3.3.80 and external ip 203.0.113.100 on our mail-relay host with OpenDKIM. This host signs all mails for domains example.com and example.org.

# Postfix-relay
class{ 'postfix::server':
    inet_interfaces              => '10.3.3.80, localhost',
    mynetworks                   => '10.0.0.0/8, 203.0.113.0/24',
    smtpd_recipient_restrictions => 'permit_mynetworks, reject_unauth_destination',
    smtpd_client_restrictions    => 'permit_mynetworks, reject',
    mydestination                => '$myhostname',
    myhostname                   => 'relay-site.example.com',
    smtpd_banner                 => 'Hello',
    extra_main_parameters        => {
        smtp_bind_address     => '203.0.113.100',
        smtpd_milters         => 'inet:127.0.0.1:8891',
        non_smtpd_milters     => '$smtpd_milters',
        milter_default_action => 'accept',
        milter_protocol       => '2',
    },
}

# OpenDKIM
include opendkim
opendkim::domain{['example.com', 'example.org']:}
opendkim::trusted{['10.0.0.0/8', '203.0.113.0/24']:}
opendkim::replace {'example.com': replace_rules_array => ['example.net', 'example.biz'],}

After puppet-run you need to copy contents of /etc/opendkim/keys/example.com/relay-site.txt and paste into corresponding DNS-zone as TXT. Then repeat this action for example.org

Puppet module for postfix in this example is thias/postfix v0.3.3

Reference

Puppetlabs are working on automating this section.

Limitations

This module is tested on:

  • CentOS 6
  • Ubuntu 12.04
  • Ubuntu 14.04

Development

Fork me on github and make pull request.