New command: generate-dkim-domain

This command can be used for generating DKIM key for a domain,
which is not included in any configuration files. For example,
when using SQL database for transport maps.
This commit is contained in:
Hannu Shemeikka 2017-08-12 19:09:11 +03:00 committed by Shemeikka
parent 97e296162f
commit 984537526a
5 changed files with 103 additions and 1 deletions

1
.gitignore vendored
View file

@ -4,6 +4,7 @@ docker-compose.yml
test/config/empty/
test/config/without-accounts/
test/config/without-virtual/
test/config/with-domain/
test/config/postfix-accounts.cf
test/config/letsencrypt/mail.my-domain.com/combined.pem
test/onedir

View file

@ -220,4 +220,5 @@ clean:
-sudo rm -rf test/onedir \
test/config/empty \
test/config/without-accounts \
test/config/without-virtual
test/config/without-virtual \
test/config/with-domain

View file

@ -151,6 +151,12 @@ Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config
This generates DKIM keys for domains in configuration files. You can also generate DKIM key for a domain by using command
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-domain name_of_domain
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
Note: you can also manage email accounts, DKIM keys and more with the [setup.sh convenience script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh).

View file

@ -0,0 +1,39 @@
#!/bin/sh
set -e
if [ $# -ne 1 ]; then
echo $0: "usage: generate-dkim-domain domain"
exit 1
fi
domainname=$1
mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname
if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname
fi
# Write to KeyTable if necessary
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo $keytableentry > /tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then
echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
signingtableentry="*@$domainname mail._domainkey.$domainname"
if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then
echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable
fi
fi

View file

@ -574,6 +574,61 @@ load 'test_helper/bats-assert/load'
assert_output 4
}
@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {
rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain"
run docker run --rm \
-v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
-v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l'
assert_success
assert_output 6
# Generate key using domain name
run docker run --rm \
-v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l'
assert_success
assert_output 1
# Check keys for localhost.localdomain
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
assert_success
assert_output 2
# Check keys for otherdomain.tld
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
assert_success
assert_output 2
# Check keys for testdomain.tld
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l'
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
assert_success
assert_output 4
# Check valid entries actually present in KeyTable
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 4
# Check valid entries actually present in SigningTable
run docker run --rm \
-v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
`docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l"
assert_success
assert_output 4
}
#
# ssl
#