From 4f611eec1db6dc2cf90161ec819ec1a14083d792 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Wed, 20 Apr 2016 23:01:32 +0200 Subject: [PATCH] Fixed #143 adding a OpenDKIM keys generator and its integration tests --- .gitignore | 1 + Dockerfile | 4 +- Makefile | 2 + README.md | 10 ++++ target/bin/generate-dkim-config | 55 +++++++++++++++++++ target/start-mailserver.sh | 36 +----------- test/config/test-opendkim/KeyTable | 2 + test/config/test-opendkim/SigningTable | 2 + .../keys/localhost.localdomain/mail.private | 15 +++++ .../keys/localhost.localdomain/mail.txt | 2 + .../keys/otherdomain.tld/mail.private | 15 +++++ .../keys/otherdomain.tld/mail.txt | 2 + test/tests.bats | 14 +++++ 13 files changed, 124 insertions(+), 36 deletions(-) create mode 100644 target/bin/generate-dkim-config create mode 100644 test/config/test-opendkim/KeyTable create mode 100644 test/config/test-opendkim/SigningTable create mode 100644 test/config/test-opendkim/keys/localhost.localdomain/mail.private create mode 100644 test/config/test-opendkim/keys/localhost.localdomain/mail.txt create mode 100644 test/config/test-opendkim/keys/otherdomain.tld/mail.private create mode 100644 test/config/test-opendkim/keys/otherdomain.tld/mail.txt diff --git a/.gitignore b/.gitignore index b7eb58c0..20cfed61 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ docker-compose.yml postfix/ssl/* letsencrypt/ .idea +config/tmp \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c102104d..6689ddb4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,8 +47,8 @@ ADD target/opendmarc/default-opendmarc /etc/default/opendmarc # Configures Postfix ADD target/postfix/main.cf /etc/postfix/main.cf ADD target/postfix/master.cf /etc/postfix/master.cf -ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate -RUN chmod +x /usr/local/bin/generate-ssl-certificate +ADD target/bin/generate-ssl-certificate target/bin/generate-dkim-config /usr/local/bin/ +RUN chmod +x /usr/local/bin/* # Configuring Logs RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf diff --git a/Makefile b/Makefile index f62c1a8b..4d44510c 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ run: # Run containers docker run -d --name mail \ -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test/config/test-opendkim":/tmp/docker-mailserver/opendkim \ -v "`pwd`/test":/tmp/docker-mailserver/test \ -e SA_TAG=1.0 \ -e SA_TAG2=2.0 \ @@ -60,3 +61,4 @@ tests: clean: # Remove running test containers docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban fail-auth-mailer + rm -rf config/opendkim config/test-opendkim config/tmp diff --git a/README.md b/README.md index db9ee69c..89560842 100644 --- a/README.md +++ b/README.md @@ -137,6 +137,16 @@ Example: Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected. +## OpenDKIM + +You have prepared your mail accounts? Now you can generate DKIM keys using the following command: + + docker run --rm \ + -v "$(pwd)/config":/tmp/docker-mailserver \ + -ti tvial/docker-mailserver:v2 generate-dkim-config + +Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. + ## SSL Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information. diff --git a/target/bin/generate-dkim-config b/target/bin/generate-dkim-config new file mode 100644 index 00000000..07e79fe7 --- /dev/null +++ b/target/bin/generate-dkim-config @@ -0,0 +1,55 @@ +#!/bin/sh + +# Getting domains from mail accounts +while IFS=$'|' read login pass +do + domain=$(echo ${login} | cut -d @ -f2) + echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp +done < /tmp/docker-mailserver/postfix-accounts.cf + +# Getting domains from mail aliases +while read from to +do + # Setting variables for better readability + uname=$(echo ${from} | cut -d @ -f1) + domain=$(echo ${from} | cut -d @ -f2) + # if they are equal it means the line looks like: "user1 other@domain.tld" + test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp +done < /tmp/docker-mailserver/postfix-virtual.cf + +# Keeping unique entries +if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then + cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp +fi + +grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do + mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname + + if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then + echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" + opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname + fi + + # Write to KeyTable if necessary + keytableentry="mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" + if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then + echo "Creating DKIM KeyTable" + echo "mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" > /tmp/docker-mailserver/opendkim/KeyTable + else + if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then + echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable + fi + fi + + # Write to SigningTable if necessary + signingtableentry="*@$domainname mail._domainkey.$domainname" + if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then + echo "Creating DKIM SigningTable" + echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable + else + if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then + echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable + fi + fi +done + diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 096cb043..cf36403e 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -95,40 +95,8 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then mkdir -p /etc/opendkim cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/ echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`" -else - grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do - mkdir -p /etc/opendkim/keys/$domainname - if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then - echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private" - pushd /etc/opendkim/keys/$domainname - opendkim-genkey --subdomains --domain=$domainname --selector=mail - popd - echo "" - echo "DKIM PUBLIC KEY ################################################################" - cat /etc/opendkim/keys/$domainname/mail.txt - echo "################################################################################" - fi - # Write to KeyTable if necessary - keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" - if [ ! -f "/etc/opendkim/KeyTable" ]; then - echo "Creating DKIM KeyTable" - echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable - else - if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then - echo $keytableentry >> /etc/opendkim/KeyTable - fi - fi - # Write to SigningTable if necessary - signingtableentry="*@$domainname mail._domainkey.$domainname" - if [ ! -f "/etc/opendkim/SigningTable" ]; then - echo "Creating DKIM SigningTable" - echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable - else - if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then - echo $signingtableentry >> /etc/opendkim/SigningTable - fi - fi - done +else + echo "No DKIM key provided. Check the documentation to find how to get your keys." fi echo "Changing permissions on /etc/opendkim" diff --git a/test/config/test-opendkim/KeyTable b/test/config/test-opendkim/KeyTable new file mode 100644 index 00000000..6bac0098 --- /dev/null +++ b/test/config/test-opendkim/KeyTable @@ -0,0 +1,2 @@ +mail._domainkey.localhost.localdomain localhost.localdomain:mail:/tmp/docker-mailserver/opendkim/keys/localhost.localdomain/mail.private +mail._domainkey.otherdomain.tld otherdomain.tld:mail:/tmp/docker-mailserver/opendkim/keys/otherdomain.tld/mail.private diff --git a/test/config/test-opendkim/SigningTable b/test/config/test-opendkim/SigningTable new file mode 100644 index 00000000..f1001574 --- /dev/null +++ b/test/config/test-opendkim/SigningTable @@ -0,0 +1,2 @@ +*@localhost.localdomain mail._domainkey.localhost.localdomain +*@otherdomain.tld mail._domainkey.otherdomain.tld diff --git a/test/config/test-opendkim/keys/localhost.localdomain/mail.private b/test/config/test-opendkim/keys/localhost.localdomain/mail.private new file mode 100644 index 00000000..de96b029 --- /dev/null +++ b/test/config/test-opendkim/keys/localhost.localdomain/mail.private @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ7 +3cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dt +t1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB +AoGBAKF6dMJoe/Coe+XIP4TXjCq7A17jMaVAh7/+drgvM5DAOVH/5P47Cdl5R2cI +KfkNePtm5aMn0SxrhHUXgE9h1nBp7hrwvDnRwIUB8Ml3yE6f18p3OpHX8txVo1Qg +Ov8LsJ1XUWaCmMnLg95wrUP0yHKjRmxxJjIfkCzqPXo/6HvRAkEA6ZJQffUYfMeo +OrjVg3CpOYKR/deneC2x5ZbqyXgOQBJH010nU3DfFqEg5L+DHwpyiodOco6TRrrM +prp90j3wvQJBAMSIjcLPC/1NxW7QQGnMl9CdnD11bnV17+gMCHJfUYAdKpU9EQDB +dqJYP3GEOJXmC77Yua9P+QhEdZpF2M4yoG8CQEQ5l8di+zcffrVAXiWZl+STjh9O +ib1h44/DiGs25Tqz3EUR9bW6x38tq5UFl8BOZeyu3yw5Fy3WzIZ6/NuXeiUCQDF3 +KS8CC8N6gpnMgpnea8uPD9cMKnwX7gUamjmnMg0ryh772r608tYTngxFOjTITOaB +B+NPHp/tEyh8MgBcD7MCQQCT7ABW3W+tekXOP/NvSwYlA0Ty2oQ75p9pPao94Tef +vz8CQFrb3C16789YH9lNyFmbClwpp9x9V2pXS8akyOxW +-----END RSA PRIVATE KEY----- diff --git a/test/config/test-opendkim/keys/localhost.localdomain/mail.txt b/test/config/test-opendkim/keys/localhost.localdomain/mail.txt new file mode 100644 index 00000000..ccc08dc0 --- /dev/null +++ b/test/config/test-opendkim/keys/localhost.localdomain/mail.txt @@ -0,0 +1,2 @@ +mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ73cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dtt1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB" ) ; ----- DKIM key mail for localhost.localdomain diff --git a/test/config/test-opendkim/keys/otherdomain.tld/mail.private b/test/config/test-opendkim/keys/otherdomain.tld/mail.private new file mode 100644 index 00000000..dd6feef4 --- /dev/null +++ b/test/config/test-opendkim/keys/otherdomain.tld/mail.private @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQ +f0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzkt +RCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB +AoGAewyYzdBqqZ9DaPrR5p+t6OJp5Cr0dARbbsv28cQ3+X7KPmO9mowB5CcWEKmR +CbJ4awwb/STHkf+8Y8bPVNsGBs0FO4Y7prLjzqjOWmm/Yw4XYRJyZLb8qkzRMcOT +AIt7AWzxvdUOWB7XkG3MZC7qjmrWnXPUltLJIrdyv/T3ynkCQQDmF7Anqez14gc2 +96XfYc1s/5JQFkGyG/kAI8lGqgSHpq3aEMUDv+/YZqtIdFjN8dFwnfhJy1mMiSVN +s2mjhYz1AkEAwlgRKHAMLFbv1Nn9wasJ2crArzHrM8lG90GldRfKXLpv5HNw42GV +yPn48hIvCpxrO+gpZ1DQaX6dlPj0/dze+wJBANc8B2tC+EeV9PvFMyO/wEMa20oR +V8j9g7JOx4RTnEMsdupKz5DPZdP/TnBLbZrQfwOisdSN5SmiTQPfNY1ia1UCQDYV +SAEW3WxhbTCw0XtZ283uLJ0UqT2qH8OjUyY4zqnrgEP1FE9S0toxJmRHRywOx5DO +VOdZiAYzpCrW9WbIVo0CQQDdtJEGYcM0v8N4i6T02VNikz3MzJ65g+kcnqTjsl1t +eqowRyqQbSPlmTEMcAP0MJALg1TWDIlLaAUHd/v+5z06 +-----END RSA PRIVATE KEY----- diff --git a/test/config/test-opendkim/keys/otherdomain.tld/mail.txt b/test/config/test-opendkim/keys/otherdomain.tld/mail.txt new file mode 100644 index 00000000..d132a31c --- /dev/null +++ b/test/config/test-opendkim/keys/otherdomain.tld/mail.txt @@ -0,0 +1,2 @@ +mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQf0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzktRCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB" ) ; ----- DKIM key mail for otherdomain.tld diff --git a/test/tests.bats b/test/tests.bats index f24b44f6..63d0690f 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -249,6 +249,20 @@ [ "$output" -eq 2 ] } +@test "checking opendkim: /etc/opendkim/KeyTable should not exist because not provided" { + run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/KeyTable" + [ "$status" -eq 1 ] +} + +@test "checking opendkim: generator works as expected" { + run docker run --rm \ + -v "$(pwd)/config":/tmp/docker-mailserver \ + -v "$(pwd)/config/test-opendkim":/tmp/docker-mailserver/opendkim \ + -ti tvial/docker-mailserver:v2 generate-dkim-config | wc -l + [ "$status" -eq 0 ] + [ "$output" -eq 4 ] +} + # # opendmarc #