Document DKIM support and fix permissions bug #27
Conversation
yanokwa
force-pushed
the
add-dkim
branch
2 times, most recently
from
d5266ed
to
c661e86
Compare
|
Thank you for the pull request. I particularly appreciate the enrichment of the documentation. I would prefer however, instead of changing permissions on the fly, to have the file directly with the right permissions. For this to work, the file should have group id My suggestion, therefore, is to add two extra steps to the documentation (after generating the keys): chown :101 rsa.private
chmod 640 rsa.private |
|
Thanks for the fast review and for maintaining this useful container! I had considered the approach you suggested and decided against it because openssl writes rsa.private with 600 (as recommended at http://linuxcommand.org/lc3_man_pages/ssh1.html). Given that, weakening the permissions outside the container seems unnecessarily less secure, no? |
|
Hi again, Thinking about this:
The approach with the bind mount will actually change the permissions of the file on disk, if implemented like this. I'll make a suggestion to the code, to handle this differently. Basically, if a certain file exists at start, to copy it with the right permissions inside the container. |
README.md
Outdated
| image: "ixdotai/smtp" | ||
| volumes: | ||
| - ./config/ixdotai-smtp/config:/etc/exim4/_docker_additional_macros:ro | ||
| - ./config/ixdotai-smtp/rsa.private:/etc/exim4/domain.key |
There was a problem hiding this comment.
| - ./config/ixdotai-smtp/rsa.private:/etc/exim4/domain.key | |
| - ./config/ixdotai-smtp/rsa.private:/etc/exim4/private.key |
entrypoint.sh
Outdated
| if [ -f /etc/exim4/domain.key ]; then | ||
| chgrp Debian-exim /etc/exim4/domain.key | ||
| chmod 640 /etc/exim4/domain.key | ||
| fi |
There was a problem hiding this comment.
| if [ -f /etc/exim4/domain.key ]; then | |
| chgrp Debian-exim /etc/exim4/domain.key | |
| chmod 640 /etc/exim4/domain.key | |
| fi | |
| if [ -f /etc/exim4/private.key ]; then | |
| cp /etc/exim4/private.key /etc/exim4/domain.key | |
| chown :101 /etc/exim4/domain.key | |
| chmod 640 /etc/exim4/domain.key | |
| fi |
|
I've force pushed some further changes to make it easier for users to implement. Just one mount and one ENV variable. I don't love appending |
|
Thank you again, I'm quite happy with the solution. |
|
Released in v0.5.0 |
Closes #26.
I've confirmed that the instructions and bash if block works on my container, but I have not tested a fresh end-to-end configuration.