- reworked dkim (configuring for all domains based on postfix/vhost)

2024-01-19 02:48:50 +00:00 · 2016-01-23 18:38:21 +01:00 · 2016-01-23 18:38:21 +01:00 · 426f87d916
parent 5176ac03b5
commit 426f87d916
3 changed files with 43 additions and 48 deletions
--- a/1
+++ b/1
@ -16,7 +16,6 @@ run:
 	    -v "`pwd`/spamassassin":/tmp/spamassassin \
 	    -v "`pwd`/test":/tmp/test \
 	    -h mail.my-domain.com \
-	    -e domainname=my-domain.com \
 	    -t $(NAME):$(VERSION)
 	sleep 25

--- a/README.md
+++ b/README.md
@ -30,7 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
 - ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
 - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) 
 - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
- dkim public key will be echoed to log. If you have your previous configuration, you cant mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
+- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`

 ## installation

@ -48,7 +48,6 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
    -v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
    -p "25:25" -p "143:143" -p "587:587" -p "993:993" \
    -e DMS_SSL=letsencrypt \
-    -e domainname=domain.com \
    -h mail.domain.com \
    -t tvial/docker-mailserver

--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@ -5,51 +5,6 @@ die () {
  exit 1
 }

-# DKIM Setup
-mkdir -p /etc/opendkim/keys/$domainname
-if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
-  echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
-  pushd /etc/opendkim/keys/$domainname
-  opendkim-genkey --subdomains --domain=$domainname --selector=mail
-  popd
-  echo ""
-  echo "DKIM PUBLIC KEY ################################################################"
-  cat /etc/opendkim/keys/$domainname/mail.txt
-  echo "################################################################################"
-fi
-# Write to KeyTable if necessary
-if [ ! -f "/etc/opendkim/KeyTable" ]; then
-  echo "Creating DKIM KeyTable"
-  echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
-fi
-# Write to SigningTable if necessary
-if [ ! -f "/etc/opendkim/SigningTable" ]; then
-  echo "Creating DKIM SigningTable"
-  echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
-fi
-echo "Changing permissions on /etc/opendkim"
-# chown entire directory
-chown -R opendkim:opendkim /etc/opendkim/
-# And make sure permissions are right
-chmod -R 0700 /etc/opendkim/keys/
-
-# Opendkim:
-echo ""
-echo "opendkim.conf"
-cat /etc/opendkim.conf
-echo ""
-echo "TrustedHosts"
-cat /etc/opendkim/TrustedHosts
-echo ""
-echo "SigningTable"
-cat /etc/opendkim/SigningTable
-echo ""
-echo "KeyTable"
-cat /etc/opendkim/KeyTable
-echo ""
-
-
-
 if [ -f /tmp/postfix/accounts.cf ]; then
  echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
  echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
@ -101,6 +56,48 @@ echo "Postfix configurations"
 touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
 touch /etc/postfix/virtual && postmap /etc/postfix/virtual

+# DKIM
+grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
+  mkdir -p /etc/opendkim/keys/$domainname
+  if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
+    echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
+    pushd /etc/opendkim/keys/$domainname
+    opendkim-genkey --subdomains --domain=$domainname --selector=mail
+    popd
+    echo ""
+    echo "DKIM PUBLIC KEY ################################################################"
+    cat /etc/opendkim/keys/$domainname/mail.txt
+    echo "################################################################################"
+  fi
+  # Write to KeyTable if necessary
+  keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
+  if [ ! -f "/etc/opendkim/KeyTable" ]; then
+    echo "Creating DKIM KeyTable"
+    echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
+  else
+    if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
+      echo $keytableentry >> /etc/opendkim/KeyTable
+    fi
+  fi
+  # Write to SigningTable if necessary
+  signingtableentry="*@$domainname mail._domainkey.$domainname"
+  if [ ! -f "/etc/opendkim/SigningTable" ]; then
+    echo "Creating DKIM SigningTable"
+    echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
+  else
+    if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
+      echo $signingtableentry >> /etc/opendkim/SigningTable
+    fi
+  fi
+done
+
+echo "Changing permissions on /etc/opendkim"
+# chown entire directory
+chown -R opendkim:opendkim /etc/opendkim/
+# And make sure permissions are right
+chmod -R 0700 /etc/opendkim/keys/
+
+
 # SSL Configuration
 case $DMS_SSL in
  "letsencrypt" )