-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds DKIM support for multiple domains #89
Changes from 8 commits
498b549
ae3f4a4
4db0f91
4906208
38e1ec3
3a989e0
0105cf9
05e462e
99f2776
42a7fe7
6686475
926d640
0c4c988
100115e
10a9f9b
9147207
93f3a14
24e4d32
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,6 +19,7 @@ Environment Variables: | |
SMF_CONFIG - mail forward addresses mapping list. | ||
SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks | ||
SMF_RELAYHOST - configure a relayhost | ||
SMF_DKIM_ALL - If defined, generate a DKIM key for all domains found in SMF_CONFIG, in addition to the one in SMF_DOMAIN | ||
|
||
this creates a new smtp server which listens on port 25, | ||
forward all email from | ||
|
@@ -190,8 +191,7 @@ function start_postfix { | |
|
||
postfix start | ||
|
||
|
||
# DKIM | ||
# DKIM only for $HOSTNAME | ||
if [ ! -f /var/db/dkim/default.private ]; then | ||
mkdir -p /var/db/dkim | ||
echo "OpenDKIM: Keys not found, generating..." | ||
|
@@ -203,8 +203,56 @@ function start_postfix { | |
echo "OpenDKIM: Add TXT record to DNS:" | ||
cat /var/db/dkim/default.txt | ||
fi | ||
|
||
|
||
sed -n -e '/^Domain\s/!p' -e '$aDomain '$HOSTNAME -i /etc/opendkim/opendkim.conf | ||
# DKIM for all virtual domains and $HOSTNAME | ||
if [ "$SMF_DKIM_ALL" != "" ]; then | ||
if [ ! -f /var/db/dkim/$HOSTNAME/default.private ]; then | ||
echo "Moving ${HOSTNAME} keys to /var/db/dkim/$HOSTNAME/" | ||
mkdir -p /var/db/dkim/$HOSTNAME | ||
cp /var/db/dkim/default.* /var/db/dkim/$HOSTNAME | ||
fi | ||
chmod 400 /var/db/dkim/default.private | ||
chown opendkim:opendkim /var/db/dkim/default.private | ||
echo "Inserting ${HOSTNAME} data to /etc/opendkim/{KeyTable, SigningTable, TrustedHosts}" | ||
echo "default._domainkey.${HOSTNAME} ${HOSTNAME}:default:/var/db/dkim/${HOSTNAME}/default.private | ||
" >> /etc/opendkim/KeyTable | ||
|
||
echo "${HOSTNAME} default._domainkey.${HOSTNAME}" >> /etc/opendkim/SigningTable | ||
|
||
echo "${HOSTNAME}" >> /etc/opendkim/TrustedHosts | ||
|
||
for virtualDomain in $virtualDomains; do | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. From what I understand from here, In any case, I think that this handles the case of reverting to a single domain (your PR), because HOSTNAME and all forwarded domains are kept separately. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This is my config, based on https://github.com/dgraziotin/docker-simple-mail-forwarder/blob/99f27761e49e131a52b03159d69e7c652d25ffff/entrypoint.sh#L101 And what do you think, is #83 actually needed? Maybe dkim should always use a per-domain path style? Even if there is only one domain? This would mean removing this and removing There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @petslane it was great that you pointed out your case, because it showcases my different use case! Luckily, both seem covered. I think that we are both right: your I do not. My In light of this, I believe that both solutions should stay. #83 is needed for those with a single domain for everything (which I believe will be most people). #89 is for more complex cases. Everything is handled in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
I have only one domain, why shouldn't I use your way of setting DKIM keys? From the user's point of view, it's currently complicated as there are 2 ways to set up DKIM, what option should the user choose? Why not have only one way to set up DKIM for SMF, your way, and there is no difference in how many domains are used (I expect that your way should work also with only 1 domain). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would be OK to have both solutions merged, but I am not sure I could deliver this in short. PR to the PR are welcome, I guess 😄 Edit: I might have some time, after all. |
||
if [ ! -f /var/db/dkim/${virtualDomain}/default.private ]; then | ||
mkdir -p /var/db/dkim/${virtualDomain} | ||
echo "OpenDKIM: Keys for ${virtualDomain} not found, generating..." | ||
opendkim-genkey -b 2048 -d ${virtualDomain} -D /var/db/dkim/${virtualDomain} -s default -v | ||
fi | ||
chmod 400 /var/db/dkim/${virtualDomain}/default.private | ||
chown opendkim:opendkim /var/db/dkim/${virtualDomain}/default.private | ||
echo "Inserting ${virtualDomain} data to /etc/opendkim/{KeyTable, SigningTable, TrustedHosts}" | ||
echo "default._domainkey.${virtualDomain} ${virtualDomain}:default:/var/db/dkim/${virtualDomain}/default.private | ||
" >> /etc/opendkim/KeyTable | ||
|
||
echo "${virtualDomain} default._domainkey.${virtualDomain}" >> /etc/opendkim/SigningTable | ||
|
||
echo "${virtualDomain}" >> /etc/opendkim/TrustedHosts | ||
|
||
echo "OpenDKIM: Add TXT record to DNS for ${virtualDomain}:" | ||
cat /var/db/dkim/${virtualDomain}/default.txt | ||
|
||
done | ||
echo "Moving from single DKIM key settings to multiple DKIM key settings." | ||
sed -e '/KeyFile/ s/^#*/#/' -i /etc/opendkim/opendkim.conf | ||
sed -e '/Selector/ s/^#*/#/' -i /etc/opendkim/opendkim.conf | ||
sed -e '/Domain/ s/^#*/#/' -i /etc/opendkim/opendkim.conf | ||
echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim/opendkim.conf | ||
echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim/opendkim.conf | ||
echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim/opendkim.conf | ||
echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim/opendkim.conf | ||
fi | ||
|
||
} | ||
|
||
# | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the intention. And if you append with
>>
, does it mean that on every SMF restart new lines will be added to/etc/opendkim/{KeyTable, SigningTable, TrustedHosts}
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for checking! Indentation fixed at line 220, unless you meant something else.
The
>>
is required, because for all files{KeyTable, SigningTable, TrustedHosts}
I am inserting infos on multiple occasions:virtualDomain in $virtualDomains
All new files in
/etc/opendkim/
are re-created at eachrestart
ordown/up
. They are dynamic according to the inserted domains, so there is no danger of inserting new lines.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a good fix, same thing on line 234.
But I meant that the whole block of code from lines 216-223
and 231-242is intented:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whops! Thanks for pointing it out. Fixed.