mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Allow manual domains for dkim generator (#1753)
* Allow manual domains for dkim generator * Document the DKIM manual mode * Remove unnecessary quotes * updating default value usage and "" in [[ ]] * Change parameter expansion * Add test for manual dkim domains * Remove obsolete script * Add manual dkim mode to usage * Move manual dkim guide into quickstart section * Cover case that key for domain already exists * Set default dkim key size to 4096 Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com> Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
This commit is contained in:
parent
23984e3f07
commit
4616894fbf
|
@ -119,6 +119,14 @@ docker-compose up -d mail
|
|||
./setup.sh -Z config dkim
|
||||
```
|
||||
|
||||
If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Therefore `postfix` doesn't know your domain(s) and you need to provide it when configuring `dkim`:
|
||||
|
||||
``` BASH
|
||||
docker-compose up -d mail
|
||||
|
||||
./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
|
||||
```
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
#### DNS - DKIM
|
||||
|
|
6
setup.sh
6
setup.sh
|
@ -142,7 +142,7 @@ SUBCOMMANDS:
|
|||
|
||||
config:
|
||||
|
||||
${0} config dkim <keysize> (default: 2048)
|
||||
${0} config dkim <keysize> (default: 4096) <domain> (optional - for LDAP systems)
|
||||
${0} config ssl <fqdn>
|
||||
|
||||
relay:
|
||||
|
@ -317,13 +317,13 @@ function _main
|
|||
shift ; case ${1:-} in
|
||||
set ) shift ; _docker_image setquota "${@}" ;;
|
||||
del ) shift ; _docker_image delquota "${@}" ;;
|
||||
* ) _usage ;;
|
||||
* ) _usage ;;
|
||||
esac
|
||||
;;
|
||||
|
||||
config)
|
||||
shift ; case ${1:-} in
|
||||
dkim ) _docker_image generate-dkim-config "${2:-2048}" ;;
|
||||
dkim ) _docker_image generate-dkim-config "${2:-4096}" "${3:-}" ;;
|
||||
ssl ) _docker_image generate-ssl-certificate "${2}" ;;
|
||||
* ) _usage ;;
|
||||
esac
|
||||
|
|
|
@ -3,30 +3,37 @@
|
|||
touch /tmp/vhost.tmp
|
||||
|
||||
# if no keysize is provided, 2048 is default.
|
||||
KEYSIZE=${1:-2048}
|
||||
KEYSIZE=${1:-4096}
|
||||
# optional domain names
|
||||
DOMAINS=${2:-}
|
||||
|
||||
# Getting domains FROM mail accounts
|
||||
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
|
||||
if [[ -z ${DOMAINS} ]]
|
||||
then
|
||||
# shellcheck disable=SC2034
|
||||
while IFS=$'|' read -r LOGIN PASS
|
||||
do
|
||||
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
|
||||
echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
|
||||
fi
|
||||
# getting domains FROM mail accounts
|
||||
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
|
||||
then
|
||||
# shellcheck disable=SC2034
|
||||
while IFS=$'|' read -r LOGIN PASS
|
||||
do
|
||||
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
|
||||
echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
|
||||
fi
|
||||
|
||||
# Getting domains FROM mail aliases
|
||||
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
|
||||
then
|
||||
# shellcheck disable=SC2034
|
||||
while read -r FROM TO
|
||||
do
|
||||
UNAME=$(echo "${FROM}" | cut -d @ -f1)
|
||||
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
|
||||
# Getting domains FROM mail aliases
|
||||
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
|
||||
then
|
||||
# shellcheck disable=SC2034
|
||||
while read -r FROM TO
|
||||
do
|
||||
UNAME=$(echo "${FROM}" | cut -d @ -f1)
|
||||
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
|
||||
|
||||
test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
||||
test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
||||
fi
|
||||
else
|
||||
tr ',' '\n' <<<"${DOMAINS}" > /tmp/vhost.tmp
|
||||
fi
|
||||
|
||||
# keeping unique entries
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
#! /bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
if [[ ${#} -ne 1 ]]
|
||||
then
|
||||
echo "${0}: usage: generate-dkim-domain domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DOMAINNAME=${1}
|
||||
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
|
||||
|
||||
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
|
||||
then
|
||||
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
|
||||
opendkim-genkey --subdomains --domain="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
|
||||
fi
|
||||
|
||||
# Write to KeyTable if necessary
|
||||
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
|
||||
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
|
||||
then
|
||||
echo "Creating DKIM KeyTable"
|
||||
echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable
|
||||
else
|
||||
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
|
||||
then
|
||||
echo "${KEYTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/KeyTable
|
||||
fi
|
||||
fi
|
||||
|
||||
# Write to SigningTable if necessary
|
||||
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
|
||||
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
|
||||
then
|
||||
echo "Creating DKIM SigningTable"
|
||||
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" > /tmp/docker-mailserver/opendkim/SigningTable
|
||||
else
|
||||
if ! grep -q "${SIGNINGTABLEENTRY}" "/tmp/docker-mailserver/opendkim/SigningTable"
|
||||
then
|
||||
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
|
||||
fi
|
||||
fi
|
|
@ -461,12 +461,12 @@ EOF
|
|||
|
||||
|
||||
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
|
||||
# Instead it tests the file-size (here 511) - which may differ with a different domain names
|
||||
# Instead it tests the file-size (here 861) - which may differ with a different domain names
|
||||
# This test may be re-used as a global test to provide better test coverage.
|
||||
@test "checking opendkim: generator creates default keys size" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
|
||||
# Prepare default key size 2048
|
||||
# Prepare default key size 4096
|
||||
rm -rf "${PRIVATE_CONFIG}/keyDefault"
|
||||
mkdir -p "${PRIVATE_CONFIG}/keyDefault"
|
||||
|
||||
|
@ -484,10 +484,36 @@ EOF
|
|||
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
|
||||
|
||||
assert_success
|
||||
assert_output 511
|
||||
assert_output 861
|
||||
}
|
||||
|
||||
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
|
||||
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
|
||||
# Instead it tests the file-size (here 861) - which may differ with a different domain names
|
||||
# This test may be re-used as a global test to provide better test coverage.
|
||||
@test "checking opendkim: generator creates key size 4096" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
|
||||
# Prepare set key size 4096
|
||||
rm -rf "${PRIVATE_CONFIG}/key4096"
|
||||
mkdir -p "${PRIVATE_CONFIG}/config/key4096"
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
|
||||
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
|
||||
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l'
|
||||
assert_success
|
||||
assert_output 6
|
||||
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" \
|
||||
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
|
||||
|
||||
assert_success
|
||||
assert_output 861
|
||||
}
|
||||
|
||||
# Instead it tests the file-size (here 511) - which may differ with a different domain names
|
||||
# This test may be re-used as a global test to provide better test coverage.
|
||||
@test "checking opendkim: generator creates key size 2048" {
|
||||
|
@ -633,39 +659,50 @@ EOF
|
|||
assert_output 4
|
||||
}
|
||||
|
||||
@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {
|
||||
@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
|
||||
rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
|
||||
# Generate first key
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
|
||||
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
|
||||
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l'
|
||||
assert_success
|
||||
assert_output 6
|
||||
# Generate key using domain name
|
||||
assert_output 4
|
||||
# Generate two additional keys different to the previous one
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l'
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
# Generate an additional key whilst providing already existing domains
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l'
|
||||
assert_success
|
||||
assert_output 1
|
||||
# Check keys for localhost.localdomain
|
||||
# Check keys for domain1.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
# Check keys for otherdomain.tld
|
||||
# Check keys for domain2.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
# Check keys for testdomain.tld
|
||||
# Check keys for domain3.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l'
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
# Check keys for domain4.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
# Check presence of tables and TrustedHosts
|
||||
|
@ -678,14 +715,14 @@ EOF
|
|||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c \
|
||||
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l"
|
||||
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
|
||||
assert_success
|
||||
assert_output 4
|
||||
# Check valid entries actually present in SigningTable
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c \
|
||||
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l"
|
||||
"egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
|
||||
assert_success
|
||||
assert_output 4
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue