huan · huan · Feb 13, 2021 · Feb 9, 2021 · Feb 9, 2021 · Feb 9, 2021
diff --git a/README.md b/README.md
@@ -237,6 +237,15 @@ It is highly advised to mount `/var/db/dkim/` folder to host, so generated keypa
 docker run -e SMF_CONFIG="$SMF_CONFIG" -p 25:25 -v $(pwd)/dkim:/var/db/dkim/ zixia/simple-mail-forwarder
 ```
 
+DKIM and multiple domains
+=========================
+
+If `$SMF_DKIM_ALL` is defined (any value will do, including `1`), SMF will generate private/public keypairs for `$SMF_DOMAIN` and for all source domains contained in `SMF_CONFIG`. All keys will be stored in `/var/db/dkim/<domain.ext>/`.
+
+This will enable DKIM for multiple domains and test for their validity on SMF startup.
+
+If a DKIM key was already present for `$SMF_DOMAIN` under `/var/db/dkim/`, it will be copied under `/var/db/dkim/{$SMF_DOMAIN}`.
+
 Helper Scripts
 --------------------
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -19,6 +19,7 @@ Environment Variables:
     SMF_CONFIG - mail forward addresses mapping list.
     SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks
     SMF_RELAYHOST - configure a relayhost
+    SMF_DKIM_ALL - If defined, generate a DKIM key for all domains found in SMF_CONFIG, in addition to the one in SMF_DOMAIN
 
 this creates a new smtp server which listens on port 25,
 forward all email from
@@ -190,8 +191,7 @@ function start_postfix {
 
     postfix start
 
-
-    # DKIM
+    # DKIM only for $HOSTNAME
     if [ ! -f /var/db/dkim/default.private ]; then
         mkdir -p /var/db/dkim
         echo "OpenDKIM: Keys not found, generating..."
@@ -203,8 +203,56 @@ function start_postfix {
         echo "OpenDKIM: Add TXT record to DNS:"
         cat /var/db/dkim/default.txt
     fi
+
 
     sed -n -e '/^Domain\s/!p' -e '$aDomain '$HOSTNAME -i /etc/opendkim/opendkim.conf
+    # DKIM for all virtual domains and $HOSTNAME 
+    if [ "$SMF_DKIM_ALL" != "" ]; then
+        if [ ! -f /var/db/dkim/$HOSTNAME/default.private ]; then
+            echo "Moving ${HOSTNAME} keys to /var/db/dkim/$HOSTNAME/"
+            mkdir -p /var/db/dkim/$HOSTNAME
+            cp /var/db/dkim/default.* /var/db/dkim/$HOSTNAME
+        fi
+            chmod 400 /var/db/dkim/default.private
+            chown opendkim:opendkim /var/db/dkim/default.private
+            echo "Inserting ${HOSTNAME} data to /etc/opendkim/{KeyTable, SigningTable, TrustedHosts}"
+            echo "default._domainkey.${HOSTNAME} ${HOSTNAME}:default:/var/db/dkim/${HOSTNAME}/default.private
+            " >> /etc/opendkim/KeyTable
+
+            echo "${HOSTNAME} default._domainkey.${HOSTNAME}" >> /etc/opendkim/SigningTable
+
+            echo "${HOSTNAME}" >> /etc/opendkim/TrustedHosts
+
+        for virtualDomain in $virtualDomains; do
+            if [ ! -f /var/db/dkim/${virtualDomain}/default.private ]; then
+                mkdir -p /var/db/dkim/${virtualDomain}
+                echo "OpenDKIM: Keys for ${virtualDomain} not found, generating..."
+                opendkim-genkey -b 2048 -d ${virtualDomain} -D /var/db/dkim/${virtualDomain} -s default -v
+            fi
+            chmod 400 /var/db/dkim/${virtualDomain}/default.private
+            chown opendkim:opendkim /var/db/dkim/${virtualDomain}/default.private
+            echo "Inserting ${virtualDomain} data to /etc/opendkim/{KeyTable, SigningTable, TrustedHosts}"
+            echo "default._domainkey.${virtualDomain} ${virtualDomain}:default:/var/db/dkim/${virtualDomain}/default.private
+        " >> /etc/opendkim/KeyTable
+
+            echo "${virtualDomain} default._domainkey.${virtualDomain}" >> /etc/opendkim/SigningTable
+
+            echo "${virtualDomain}" >> /etc/opendkim/TrustedHosts
+
+            echo "OpenDKIM: Add TXT record to DNS for ${virtualDomain}:"
+            cat /var/db/dkim/${virtualDomain}/default.txt  
+
+        done
+        echo "Moving from single DKIM key settings to multiple DKIM key settings."
+        sed -e '/KeyFile/ s/^#*/#/' -i /etc/opendkim/opendkim.conf
+        sed -e '/Selector/ s/^#*/#/' -i /etc/opendkim/opendkim.conf
+        sed -e '/Domain/ s/^#*/#/' -i /etc/opendkim/opendkim.conf
+        echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim/opendkim.conf
+        echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim/opendkim.conf
+        echo "ExternalIgnoreList /etc/opendkim/TrustedHosts" >> /etc/opendkim/opendkim.conf
+        echo "InternalHosts /etc/opendkim/TrustedHosts" >> /etc/opendkim/opendkim.conf
+    fi
+
 }
 
 #

diff --git a/test/simple-mail-forwarder.bats b/test/simple-mail-forwarder.bats
@@ -177,7 +177,13 @@
     if [[ "$SKIP_TEST" == *"DKIM"*  ]]; then
         skip "This test will fail on docker build workflow"
     fi
+    echo "Validating DKIM for $SMF_DOMAIN"
     opendkim-testkey -d $SMF_DOMAIN -s default -vvv
-
+    if [ "$SMF_DKIM_ALL" != "" ]; then
+        cd /var/db/dkim/ && for domain in */ ; do
+            echo "Validating DKIM for ${domain::-1}"
+            opendkim-testkey -d ${domain::-1} -s default -vvv
+        done
+    fi
     [ $? -eq 0 ]
 }