- reworked dkim (configuring for all domains based on postfix/vhost)

This commit is contained in:
bilak 2016-01-23 18:38:21 +01:00
parent 5176ac03b5
commit 426f87d916
3 changed files with 43 additions and 48 deletions

View file

@ -16,7 +16,6 @@ run:
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-h mail.my-domain.com \
-e domainname=my-domain.com \
-t $(NAME):$(VERSION)
sleep 25

View file

@ -30,7 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
- dkim public key will be echoed to log. If you have your previous configuration, you cant mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
## installation
@ -48,7 +48,6 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
-v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
-p "25:25" -p "143:143" -p "587:587" -p "993:993" \
-e DMS_SSL=letsencrypt \
-e domainname=domain.com \
-h mail.domain.com \
-t tvial/docker-mailserver

View file

@ -5,51 +5,6 @@ die () {
exit 1
}
# DKIM Setup
mkdir -p /etc/opendkim/keys/$domainname
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
pushd /etc/opendkim/keys/$domainname
opendkim-genkey --subdomains --domain=$domainname --selector=mail
popd
echo ""
echo "DKIM PUBLIC KEY ################################################################"
cat /etc/opendkim/keys/$domainname/mail.txt
echo "################################################################################"
fi
# Write to KeyTable if necessary
if [ ! -f "/etc/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
fi
# Write to SigningTable if necessary
if [ ! -f "/etc/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
fi
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# Opendkim:
echo ""
echo "opendkim.conf"
cat /etc/opendkim.conf
echo ""
echo "TrustedHosts"
cat /etc/opendkim/TrustedHosts
echo ""
echo "SigningTable"
cat /etc/opendkim/SigningTable
echo ""
echo "KeyTable"
cat /etc/opendkim/KeyTable
echo ""
if [ -f /tmp/postfix/accounts.cf ]; then
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
@ -101,6 +56,48 @@ echo "Postfix configurations"
touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
touch /etc/postfix/virtual && postmap /etc/postfix/virtual
# DKIM
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
mkdir -p /etc/opendkim/keys/$domainname
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
pushd /etc/opendkim/keys/$domainname
opendkim-genkey --subdomains --domain=$domainname --selector=mail
popd
echo ""
echo "DKIM PUBLIC KEY ################################################################"
cat /etc/opendkim/keys/$domainname/mail.txt
echo "################################################################################"
fi
# Write to KeyTable if necessary
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
if [ ! -f "/etc/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
else
if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
echo $keytableentry >> /etc/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
signingtableentry="*@$domainname mail._domainkey.$domainname"
if [ ! -f "/etc/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
else
if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
echo $signingtableentry >> /etc/opendkim/SigningTable
fi
fi
done
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# SSL Configuration
case $DMS_SSL in
"letsencrypt" )