mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Fixed #143 adding a OpenDKIM keys generator and its integration tests
This commit is contained in:
parent
c311ef0b5a
commit
4f611eec1d
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -3,3 +3,4 @@ docker-compose.yml
|
|||
postfix/ssl/*
|
||||
letsencrypt/
|
||||
.idea
|
||||
config/tmp
|
|
@ -47,8 +47,8 @@ ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
|
|||
# Configures Postfix
|
||||
ADD target/postfix/main.cf /etc/postfix/main.cf
|
||||
ADD target/postfix/master.cf /etc/postfix/master.cf
|
||||
ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
|
||||
RUN chmod +x /usr/local/bin/generate-ssl-certificate
|
||||
ADD target/bin/generate-ssl-certificate target/bin/generate-dkim-config /usr/local/bin/
|
||||
RUN chmod +x /usr/local/bin/*
|
||||
|
||||
# Configuring Logs
|
||||
RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf
|
||||
|
|
2
Makefile
2
Makefile
|
@ -15,6 +15,7 @@ run:
|
|||
# Run containers
|
||||
docker run -d --name mail \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/config/test-opendkim":/tmp/docker-mailserver/opendkim \
|
||||
-v "`pwd`/test":/tmp/docker-mailserver/test \
|
||||
-e SA_TAG=1.0 \
|
||||
-e SA_TAG2=2.0 \
|
||||
|
@ -60,3 +61,4 @@ tests:
|
|||
clean:
|
||||
# Remove running test containers
|
||||
docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban fail-auth-mailer
|
||||
rm -rf config/opendkim config/test-opendkim config/tmp
|
||||
|
|
10
README.md
10
README.md
|
@ -137,6 +137,16 @@ Example:
|
|||
|
||||
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
|
||||
|
||||
## OpenDKIM
|
||||
|
||||
You have prepared your mail accounts? Now you can generate DKIM keys using the following command:
|
||||
|
||||
docker run --rm \
|
||||
-v "$(pwd)/config":/tmp/docker-mailserver \
|
||||
-ti tvial/docker-mailserver:v2 generate-dkim-config
|
||||
|
||||
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
||||
|
||||
## SSL
|
||||
|
||||
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.
|
||||
|
|
55
target/bin/generate-dkim-config
Normal file
55
target/bin/generate-dkim-config
Normal file
|
@ -0,0 +1,55 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Getting domains from mail accounts
|
||||
while IFS=$'|' read login pass
|
||||
do
|
||||
domain=$(echo ${login} | cut -d @ -f2)
|
||||
echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
|
||||
done < /tmp/docker-mailserver/postfix-accounts.cf
|
||||
|
||||
# Getting domains from mail aliases
|
||||
while read from to
|
||||
do
|
||||
# Setting variables for better readability
|
||||
uname=$(echo ${from} | cut -d @ -f1)
|
||||
domain=$(echo ${from} | cut -d @ -f2)
|
||||
# if they are equal it means the line looks like: "user1 other@domain.tld"
|
||||
test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
|
||||
done < /tmp/docker-mailserver/postfix-virtual.cf
|
||||
|
||||
# Keeping unique entries
|
||||
if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
|
||||
cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
|
||||
fi
|
||||
|
||||
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
|
||||
mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname
|
||||
|
||||
if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then
|
||||
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
|
||||
opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname
|
||||
fi
|
||||
|
||||
# Write to KeyTable if necessary
|
||||
keytableentry="mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
|
||||
if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
|
||||
echo "Creating DKIM KeyTable"
|
||||
echo "mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" > /tmp/docker-mailserver/opendkim/KeyTable
|
||||
else
|
||||
if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then
|
||||
echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable
|
||||
fi
|
||||
fi
|
||||
|
||||
# Write to SigningTable if necessary
|
||||
signingtableentry="*@$domainname mail._domainkey.$domainname"
|
||||
if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then
|
||||
echo "Creating DKIM SigningTable"
|
||||
echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable
|
||||
else
|
||||
if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then
|
||||
echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
|
@ -95,40 +95,8 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
|
|||
mkdir -p /etc/opendkim
|
||||
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
||||
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
|
||||
else
|
||||
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
|
||||
mkdir -p /etc/opendkim/keys/$domainname
|
||||
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
|
||||
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
|
||||
pushd /etc/opendkim/keys/$domainname
|
||||
opendkim-genkey --subdomains --domain=$domainname --selector=mail
|
||||
popd
|
||||
echo ""
|
||||
echo "DKIM PUBLIC KEY ################################################################"
|
||||
cat /etc/opendkim/keys/$domainname/mail.txt
|
||||
echo "################################################################################"
|
||||
fi
|
||||
# Write to KeyTable if necessary
|
||||
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
|
||||
if [ ! -f "/etc/opendkim/KeyTable" ]; then
|
||||
echo "Creating DKIM KeyTable"
|
||||
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
|
||||
else
|
||||
if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
|
||||
echo $keytableentry >> /etc/opendkim/KeyTable
|
||||
fi
|
||||
fi
|
||||
# Write to SigningTable if necessary
|
||||
signingtableentry="*@$domainname mail._domainkey.$domainname"
|
||||
if [ ! -f "/etc/opendkim/SigningTable" ]; then
|
||||
echo "Creating DKIM SigningTable"
|
||||
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
|
||||
else
|
||||
if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
|
||||
echo $signingtableentry >> /etc/opendkim/SigningTable
|
||||
fi
|
||||
fi
|
||||
done
|
||||
else
|
||||
echo "No DKIM key provided. Check the documentation to find how to get your keys."
|
||||
fi
|
||||
|
||||
echo "Changing permissions on /etc/opendkim"
|
||||
|
|
2
test/config/test-opendkim/KeyTable
Normal file
2
test/config/test-opendkim/KeyTable
Normal file
|
@ -0,0 +1,2 @@
|
|||
mail._domainkey.localhost.localdomain localhost.localdomain:mail:/tmp/docker-mailserver/opendkim/keys/localhost.localdomain/mail.private
|
||||
mail._domainkey.otherdomain.tld otherdomain.tld:mail:/tmp/docker-mailserver/opendkim/keys/otherdomain.tld/mail.private
|
2
test/config/test-opendkim/SigningTable
Normal file
2
test/config/test-opendkim/SigningTable
Normal file
|
@ -0,0 +1,2 @@
|
|||
*@localhost.localdomain mail._domainkey.localhost.localdomain
|
||||
*@otherdomain.tld mail._domainkey.otherdomain.tld
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ7
|
||||
3cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dt
|
||||
t1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB
|
||||
AoGBAKF6dMJoe/Coe+XIP4TXjCq7A17jMaVAh7/+drgvM5DAOVH/5P47Cdl5R2cI
|
||||
KfkNePtm5aMn0SxrhHUXgE9h1nBp7hrwvDnRwIUB8Ml3yE6f18p3OpHX8txVo1Qg
|
||||
Ov8LsJ1XUWaCmMnLg95wrUP0yHKjRmxxJjIfkCzqPXo/6HvRAkEA6ZJQffUYfMeo
|
||||
OrjVg3CpOYKR/deneC2x5ZbqyXgOQBJH010nU3DfFqEg5L+DHwpyiodOco6TRrrM
|
||||
prp90j3wvQJBAMSIjcLPC/1NxW7QQGnMl9CdnD11bnV17+gMCHJfUYAdKpU9EQDB
|
||||
dqJYP3GEOJXmC77Yua9P+QhEdZpF2M4yoG8CQEQ5l8di+zcffrVAXiWZl+STjh9O
|
||||
ib1h44/DiGs25Tqz3EUR9bW6x38tq5UFl8BOZeyu3yw5Fy3WzIZ6/NuXeiUCQDF3
|
||||
KS8CC8N6gpnMgpnea8uPD9cMKnwX7gUamjmnMg0ryh772r608tYTngxFOjTITOaB
|
||||
B+NPHp/tEyh8MgBcD7MCQQCT7ABW3W+tekXOP/NvSwYlA0Ty2oQ75p9pPao94Tef
|
||||
vz8CQFrb3C16789YH9lNyFmbClwpp9x9V2pXS8akyOxW
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,2 @@
|
|||
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ73cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dtt1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB" ) ; ----- DKIM key mail for localhost.localdomain
|
15
test/config/test-opendkim/keys/otherdomain.tld/mail.private
Normal file
15
test/config/test-opendkim/keys/otherdomain.tld/mail.private
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQ
|
||||
f0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzkt
|
||||
RCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB
|
||||
AoGAewyYzdBqqZ9DaPrR5p+t6OJp5Cr0dARbbsv28cQ3+X7KPmO9mowB5CcWEKmR
|
||||
CbJ4awwb/STHkf+8Y8bPVNsGBs0FO4Y7prLjzqjOWmm/Yw4XYRJyZLb8qkzRMcOT
|
||||
AIt7AWzxvdUOWB7XkG3MZC7qjmrWnXPUltLJIrdyv/T3ynkCQQDmF7Anqez14gc2
|
||||
96XfYc1s/5JQFkGyG/kAI8lGqgSHpq3aEMUDv+/YZqtIdFjN8dFwnfhJy1mMiSVN
|
||||
s2mjhYz1AkEAwlgRKHAMLFbv1Nn9wasJ2crArzHrM8lG90GldRfKXLpv5HNw42GV
|
||||
yPn48hIvCpxrO+gpZ1DQaX6dlPj0/dze+wJBANc8B2tC+EeV9PvFMyO/wEMa20oR
|
||||
V8j9g7JOx4RTnEMsdupKz5DPZdP/TnBLbZrQfwOisdSN5SmiTQPfNY1ia1UCQDYV
|
||||
SAEW3WxhbTCw0XtZ283uLJ0UqT2qH8OjUyY4zqnrgEP1FE9S0toxJmRHRywOx5DO
|
||||
VOdZiAYzpCrW9WbIVo0CQQDdtJEGYcM0v8N4i6T02VNikz3MzJ65g+kcnqTjsl1t
|
||||
eqowRyqQbSPlmTEMcAP0MJALg1TWDIlLaAUHd/v+5z06
|
||||
-----END RSA PRIVATE KEY-----
|
2
test/config/test-opendkim/keys/otherdomain.tld/mail.txt
Normal file
2
test/config/test-opendkim/keys/otherdomain.tld/mail.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
||||
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQf0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzktRCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB" ) ; ----- DKIM key mail for otherdomain.tld
|
|
@ -249,6 +249,20 @@
|
|||
[ "$output" -eq 2 ]
|
||||
}
|
||||
|
||||
@test "checking opendkim: /etc/opendkim/KeyTable should not exist because not provided" {
|
||||
run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/KeyTable"
|
||||
[ "$status" -eq 1 ]
|
||||
}
|
||||
|
||||
@test "checking opendkim: generator works as expected" {
|
||||
run docker run --rm \
|
||||
-v "$(pwd)/config":/tmp/docker-mailserver \
|
||||
-v "$(pwd)/config/test-opendkim":/tmp/docker-mailserver/opendkim \
|
||||
-ti tvial/docker-mailserver:v2 generate-dkim-config | wc -l
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" -eq 4 ]
|
||||
}
|
||||
|
||||
#
|
||||
# opendmarc
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue