improve OpenDKIM and OpenDMARC milters integration (#361)

This commit is contained in:
Kai Ren 2016-10-25 09:57:08 +03:00 committed by Thomas VIAL
parent a62062c382
commit 9111a92b18
10 changed files with 24 additions and 44 deletions

View file

@ -83,6 +83,7 @@ COPY target/opendkim/default-opendkim /etc/default/opendkim
# Configure DMARC (opendmarc)
COPY target/opendmarc/opendmarc.conf /etc/opendmarc.conf
COPY target/opendmarc/default-opendmarc /etc/default/opendmarc
COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts
# Configure fetchmail
COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general

View file

@ -9,4 +9,4 @@
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:12301@localhost"
SOCKET="inet:8891@localhost"

View file

@ -4,7 +4,7 @@ UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
RemoveOldSignatures Yes
RemoveOldSignatures Yes
Canonicalization relaxed/simple
@ -19,4 +19,4 @@ SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
Socket inet:8891@localhost

View file

@ -8,4 +8,5 @@
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:54321@localhost"
SOCKET="inet:8893@localhost"

View file

@ -0,0 +1 @@
localhost

View file

@ -1,8 +1,12 @@
UserID opendmarc:opendmarc
UMask 0002
PidFile /var/run/opendmarc.pid
Syslog true
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
UMask 0002
UserID opendmarc:opendmarc
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat
RejectFailures false
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat
AuthservID HOSTNAME
TrustedAuthservIDs HOSTNAME

View file

@ -67,7 +67,9 @@ virtual_alias_maps = hash:/etc/postfix/virtual
content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:12301,inet:localhost:54321
non_smtpd_milters = inet:localhost:12301,inet:localhost:54321
dkim_milter = inet:localhost:8891
dmarc_milter = inet:localhost:8893
smtpd_milters = $dkim_milter,$dmarc_milter
non_smtpd_milters = $dkim_milter

View file

@ -93,5 +93,5 @@ smtp-amavis unix - - - - 2 smtp
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o smtp_tls_security_level=none

View file

@ -109,19 +109,6 @@ else
echo "No DKIM key provided. Check the documentation to find how to get your keys."
fi
# DMARC
# if there is no AuthservID create it
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
echo "AuthservID $(hostname)" >> /etc/opendmarc.conf
fi
if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then
echo "TrustedAuthservIDs $(hostname)" >> /etc/opendmarc.conf
fi
if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
mkdir -p /etc/opendmarc/
echo "localhost" >> /etc/opendmarc/ignore.hosts
fi
# SSL Configuration
case $SSL_TYPE in
"letsencrypt" )

View file

@ -379,22 +379,6 @@
[ "$output" -eq 4 ]
}
#
# opendmarc
#
@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as AuthservID" {
run docker exec mail grep ^AuthservID /etc/opendmarc.conf
[ "$status" -eq 0 ]
[ "$output" = "AuthservID mail.my-domain.com" ]
}
@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as TrustedAuthservIDs" {
run docker exec mail grep ^TrustedAuthservID /etc/opendmarc.conf
[ "$status" -eq 0 ]
[ "$output" = "TrustedAuthservIDs mail.my-domain.com" ]
}
#
# ssl
#