Fixed #143 adding a OpenDKIM keys generator and its integration tests

This commit is contained in:
Thomas VIAL 2016-04-20 23:01:32 +02:00
parent c311ef0b5a
commit 4f611eec1d
13 changed files with 124 additions and 36 deletions

1
.gitignore vendored
View file

@ -3,3 +3,4 @@ docker-compose.yml
postfix/ssl/*
letsencrypt/
.idea
config/tmp

View file

@ -47,8 +47,8 @@ ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
# Configures Postfix
ADD target/postfix/main.cf /etc/postfix/main.cf
ADD target/postfix/master.cf /etc/postfix/master.cf
ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
RUN chmod +x /usr/local/bin/generate-ssl-certificate
ADD target/bin/generate-ssl-certificate target/bin/generate-dkim-config /usr/local/bin/
RUN chmod +x /usr/local/bin/*
# Configuring Logs
RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf

View file

@ -15,6 +15,7 @@ run:
# Run containers
docker run -d --name mail \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test/config/test-opendkim":/tmp/docker-mailserver/opendkim \
-v "`pwd`/test":/tmp/docker-mailserver/test \
-e SA_TAG=1.0 \
-e SA_TAG2=2.0 \
@ -60,3 +61,4 @@ tests:
clean:
# Remove running test containers
docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban fail-auth-mailer
rm -rf config/opendkim config/test-opendkim config/tmp

View file

@ -137,6 +137,16 @@ Example:
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
## OpenDKIM
You have prepared your mail accounts? Now you can generate DKIM keys using the following command:
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:v2 generate-dkim-config
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
## SSL
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.

View file

@ -0,0 +1,55 @@
#!/bin/sh
# Getting domains from mail accounts
while IFS=$'|' read login pass
do
domain=$(echo ${login} | cut -d @ -f2)
echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-accounts.cf
# Getting domains from mail aliases
while read from to
do
# Setting variables for better readability
uname=$(echo ${from} | cut -d @ -f1)
domain=$(echo ${from} | cut -d @ -f2)
# if they are equal it means the line looks like: "user1 other@domain.tld"
test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-virtual.cf
# Keeping unique entries
if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
fi
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname
if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname
fi
# Write to KeyTable if necessary
keytableentry="mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" > /tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then
echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
signingtableentry="*@$domainname mail._domainkey.$domainname"
if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then
echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable
fi
fi
done

View file

@ -95,40 +95,8 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
else
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
mkdir -p /etc/opendkim/keys/$domainname
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
pushd /etc/opendkim/keys/$domainname
opendkim-genkey --subdomains --domain=$domainname --selector=mail
popd
echo ""
echo "DKIM PUBLIC KEY ################################################################"
cat /etc/opendkim/keys/$domainname/mail.txt
echo "################################################################################"
fi
# Write to KeyTable if necessary
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
if [ ! -f "/etc/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
else
if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
echo $keytableentry >> /etc/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
signingtableentry="*@$domainname mail._domainkey.$domainname"
if [ ! -f "/etc/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
else
if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
echo $signingtableentry >> /etc/opendkim/SigningTable
fi
fi
done
else
echo "No DKIM key provided. Check the documentation to find how to get your keys."
fi
echo "Changing permissions on /etc/opendkim"

View file

@ -0,0 +1,2 @@
mail._domainkey.localhost.localdomain localhost.localdomain:mail:/tmp/docker-mailserver/opendkim/keys/localhost.localdomain/mail.private
mail._domainkey.otherdomain.tld otherdomain.tld:mail:/tmp/docker-mailserver/opendkim/keys/otherdomain.tld/mail.private

View file

@ -0,0 +1,2 @@
*@localhost.localdomain mail._domainkey.localhost.localdomain
*@otherdomain.tld mail._domainkey.otherdomain.tld

View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ7
3cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dt
t1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB
AoGBAKF6dMJoe/Coe+XIP4TXjCq7A17jMaVAh7/+drgvM5DAOVH/5P47Cdl5R2cI
KfkNePtm5aMn0SxrhHUXgE9h1nBp7hrwvDnRwIUB8Ml3yE6f18p3OpHX8txVo1Qg
Ov8LsJ1XUWaCmMnLg95wrUP0yHKjRmxxJjIfkCzqPXo/6HvRAkEA6ZJQffUYfMeo
OrjVg3CpOYKR/deneC2x5ZbqyXgOQBJH010nU3DfFqEg5L+DHwpyiodOco6TRrrM
prp90j3wvQJBAMSIjcLPC/1NxW7QQGnMl9CdnD11bnV17+gMCHJfUYAdKpU9EQDB
dqJYP3GEOJXmC77Yua9P+QhEdZpF2M4yoG8CQEQ5l8di+zcffrVAXiWZl+STjh9O
ib1h44/DiGs25Tqz3EUR9bW6x38tq5UFl8BOZeyu3yw5Fy3WzIZ6/NuXeiUCQDF3
KS8CC8N6gpnMgpnea8uPD9cMKnwX7gUamjmnMg0ryh772r608tYTngxFOjTITOaB
B+NPHp/tEyh8MgBcD7MCQQCT7ABW3W+tekXOP/NvSwYlA0Ty2oQ75p9pPao94Tef
vz8CQFrb3C16789YH9lNyFmbClwpp9x9V2pXS8akyOxW
-----END RSA PRIVATE KEY-----

View file

@ -0,0 +1,2 @@
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ73cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dtt1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB" ) ; ----- DKIM key mail for localhost.localdomain

View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQ
f0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzkt
RCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB
AoGAewyYzdBqqZ9DaPrR5p+t6OJp5Cr0dARbbsv28cQ3+X7KPmO9mowB5CcWEKmR
CbJ4awwb/STHkf+8Y8bPVNsGBs0FO4Y7prLjzqjOWmm/Yw4XYRJyZLb8qkzRMcOT
AIt7AWzxvdUOWB7XkG3MZC7qjmrWnXPUltLJIrdyv/T3ynkCQQDmF7Anqez14gc2
96XfYc1s/5JQFkGyG/kAI8lGqgSHpq3aEMUDv+/YZqtIdFjN8dFwnfhJy1mMiSVN
s2mjhYz1AkEAwlgRKHAMLFbv1Nn9wasJ2crArzHrM8lG90GldRfKXLpv5HNw42GV
yPn48hIvCpxrO+gpZ1DQaX6dlPj0/dze+wJBANc8B2tC+EeV9PvFMyO/wEMa20oR
V8j9g7JOx4RTnEMsdupKz5DPZdP/TnBLbZrQfwOisdSN5SmiTQPfNY1ia1UCQDYV
SAEW3WxhbTCw0XtZ283uLJ0UqT2qH8OjUyY4zqnrgEP1FE9S0toxJmRHRywOx5DO
VOdZiAYzpCrW9WbIVo0CQQDdtJEGYcM0v8N4i6T02VNikz3MzJ65g+kcnqTjsl1t
eqowRyqQbSPlmTEMcAP0MJALg1TWDIlLaAUHd/v+5z06
-----END RSA PRIVATE KEY-----

View file

@ -0,0 +1,2 @@
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQf0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzktRCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB" ) ; ----- DKIM key mail for otherdomain.tld

View file

@ -249,6 +249,20 @@
[ "$output" -eq 2 ]
}
@test "checking opendkim: /etc/opendkim/KeyTable should not exist because not provided" {
run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/KeyTable"
[ "$status" -eq 1 ]
}
@test "checking opendkim: generator works as expected" {
run docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-v "$(pwd)/config/test-opendkim":/tmp/docker-mailserver/opendkim \
-ti tvial/docker-mailserver:v2 generate-dkim-config | wc -l
[ "$status" -eq 0 ]
[ "$output" -eq 4 ]
}
#
# opendmarc
#