feat/enable custom dkim selector (#1811)

* let dkim generator accept selector as parameter

* test dkim-generator with selector parameter

* fix: correct name of domain argument in usage

* fix: adapt command to new syntax

* tests: use different quotes

* tests: use different quotes

* tests: remove domains that were never added

* style: change test name

* refactor: dkim setup

* style: remove trailing whitespace

* tests: remove test of removed dummy file

Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
This commit is contained in:
Astro 2021-02-22 06:05:35 +09:00 committed by GitHub
parent 9efa94ce6f
commit a7ecb0ea8b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 33 deletions

View file

@ -25,7 +25,7 @@ function __usage
\e[94mConfiguration adjustments\e[39m
keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
domains Provide the domains for which keys are to be generated.
domain Provide the domain(s) for which keys are to be generated.
\e[38;5;214mEXAMPLES\e[39m
\e[37m./setup.sh config dkim size 2048\e[39m
@ -147,20 +147,20 @@ while read -r DOMAINNAME
do
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" ]]
then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
opendkim-genkey \
--bits="${KEYSIZE}" \
--subdomains \
--DOMAIN="${DOMAINNAME}" \
--selector=mail \
--selector="${SELECTOR}" \
-D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
fi
# write to KeyTable if necessary
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
KEYTABLEENTRY="${SELECTOR}._domainkey.${DOMAINNAME} ${DOMAINNAME}:${SELECTOR}:/etc/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
echo "Creating DKIM KeyTable"
@ -173,11 +173,11 @@ do
fi
# write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
SIGNINGTABLEENTRY="*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}"
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
then
echo "Creating DKIM SigningTable"
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
echo "*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
then

View file

@ -1106,9 +1106,9 @@ function _setup_dkim
{
_notify 'task' 'Setting up DKIM'
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
mkdir -p /etc/opendkim
# Check if keys are already available
# Check if any keys are available
if [[ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
@ -1117,12 +1117,9 @@ function _setup_dkim
_notify 'inf' "Changing permissions on /etc/opendkim"
chown -R opendkim:opendkim /etc/opendkim/
chmod -R 0700 /etc/opendkim/keys/ # make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
else
_notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
local KEYTABLE_FILE="/etc/opendkim/KeyTable"
[[ ! -f ${KEYTABLE_FILE} ]] && touch "${KEYTABLE_FILE}"
_notify 'warn' "No DKIM key provided. Check the documentation on how to get your keys."
fi
# setup nameservers paramater from /etc/resolv.conf if not defined

View file

@ -45,25 +45,6 @@ function teardown_file
# Actual Tests
#
@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" {
docker run --rm -d \
--name mail_smtponly_without_config \
-e SMTP_ONLY=1 \
-e ENABLE_LDAP=1 \
-e PERMIT_DOCKER=network \
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-t "${IMAGE_NAME}"
function teardown
{
docker rm -f mail_smtponly_without_config
}
run repeat_in_container_until_success_or_timeout 15 \
mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
assert_success
}
@test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" {
run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l"
assert_success
@ -378,3 +359,53 @@ function teardown_file
assert_success
assert_output 4
}
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided selector name" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/with-selector" && mkdir -p "${PRIVATE_CONFIG}/with-selector"
# Generate first key
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c "open-dkim keysize 2048 domain 'domain1.tld' selector mailer| wc -l"
assert_success
assert_output 4
# Check keys for domain1.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
assert_success
assert_output 2
# Check key names with selector for domain1.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim/keys/domain1.tld | grep -E 'mailer.private|mailer.txt' | wc -l"
assert_success
assert_output 2
# Check presence of tables and TrustedHosts
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
assert_success
assert_output 4
# Check valid entries actually present in KeyTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \
"grep 'domain1.tld' /etc/opendkim/KeyTable | wc -l"
assert_success
assert_output 1
# Check valid entries actually present in SigningTable
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \
"grep 'domain1.tld' /etc/opendkim/SigningTable | wc -l"
assert_success
assert_output 1
}