From 426f87d916c0c95747d603270984d40fc468a1f4 Mon Sep 17 00:00:00 2001
From: bilak <bilaak@gmail.com>
Date: Sat, 23 Jan 2016 18:38:21 +0100
Subject: [PATCH]  - reworked dkim (configuring for all domains based on
 postfix/vhost)

---
 Makefile            |  1 -
 README.md           |  3 +-
 start-mailserver.sh | 87 ++++++++++++++++++++++-----------------------
 3 files changed, 43 insertions(+), 48 deletions(-)

diff --git a/Makefile b/Makefile
index 0d420a4e..521d87e9 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,6 @@ run:
 	    -v "`pwd`/spamassassin":/tmp/spamassassin \
 	    -v "`pwd`/test":/tmp/test \
 	    -h mail.my-domain.com \
-	    -e domainname=my-domain.com \
 	    -t $(NAME):$(VERSION)
 	sleep 25
 
diff --git a/README.md b/README.md
index 69649dae..9e969aa0 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
 - ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
 - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) 
 - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
-- dkim public key will be echoed to log. If you have your previous configuration, you cant mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
+- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
 
 ## installation
 
@@ -48,7 +48,6 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
     -v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
     -p "25:25" -p "143:143" -p "587:587" -p "993:993" \
     -e DMS_SSL=letsencrypt \
-    -e domainname=domain.com \
     -h mail.domain.com \
     -t tvial/docker-mailserver
 
diff --git a/start-mailserver.sh b/start-mailserver.sh
index 042bb764..e470141b 100644
--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@@ -5,51 +5,6 @@ die () {
   exit 1
 }
 
-# DKIM Setup
-mkdir -p /etc/opendkim/keys/$domainname
-if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
-  echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
-  pushd /etc/opendkim/keys/$domainname
-  opendkim-genkey --subdomains --domain=$domainname --selector=mail
-  popd
-  echo ""
-  echo "DKIM PUBLIC KEY ################################################################"
-  cat /etc/opendkim/keys/$domainname/mail.txt
-  echo "################################################################################"
-fi
-# Write to KeyTable if necessary
-if [ ! -f "/etc/opendkim/KeyTable" ]; then
-  echo "Creating DKIM KeyTable"
-  echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
-fi
-# Write to SigningTable if necessary
-if [ ! -f "/etc/opendkim/SigningTable" ]; then
-  echo "Creating DKIM SigningTable"
-  echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
-fi
-echo "Changing permissions on /etc/opendkim"
-# chown entire directory
-chown -R opendkim:opendkim /etc/opendkim/
-# And make sure permissions are right
-chmod -R 0700 /etc/opendkim/keys/
-
-# Opendkim:
-echo ""
-echo "opendkim.conf"
-cat /etc/opendkim.conf
-echo ""
-echo "TrustedHosts"
-cat /etc/opendkim/TrustedHosts
-echo ""
-echo "SigningTable"
-cat /etc/opendkim/SigningTable
-echo ""
-echo "KeyTable"
-cat /etc/opendkim/KeyTable
-echo ""
-
-
-
 if [ -f /tmp/postfix/accounts.cf ]; then
   echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
   echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
@@ -101,6 +56,48 @@ echo "Postfix configurations"
 touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
 touch /etc/postfix/virtual && postmap /etc/postfix/virtual
 
+# DKIM
+grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
+  mkdir -p /etc/opendkim/keys/$domainname
+  if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
+    echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
+    pushd /etc/opendkim/keys/$domainname
+    opendkim-genkey --subdomains --domain=$domainname --selector=mail
+    popd
+    echo ""
+    echo "DKIM PUBLIC KEY ################################################################"
+    cat /etc/opendkim/keys/$domainname/mail.txt
+    echo "################################################################################"
+  fi
+  # Write to KeyTable if necessary
+  keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
+  if [ ! -f "/etc/opendkim/KeyTable" ]; then
+    echo "Creating DKIM KeyTable"
+    echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
+  else
+    if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
+      echo $keytableentry >> /etc/opendkim/KeyTable
+    fi
+  fi
+  # Write to SigningTable if necessary
+  signingtableentry="*@$domainname mail._domainkey.$domainname"
+  if [ ! -f "/etc/opendkim/SigningTable" ]; then
+    echo "Creating DKIM SigningTable"
+    echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
+  else
+    if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
+      echo $signingtableentry >> /etc/opendkim/SigningTable
+    fi
+  fi
+done
+
+echo "Changing permissions on /etc/opendkim"
+# chown entire directory
+chown -R opendkim:opendkim /etc/opendkim/
+# And make sure permissions are right
+chmod -R 0700 /etc/opendkim/keys/
+
+
 # SSL Configuration
 case $DMS_SSL in
   "letsencrypt" )