From a7ecb0ea8bae6468a7ed5450191fffabb04afc58 Mon Sep 17 00:00:00 2001 From: Astro Date: Mon, 22 Feb 2021 06:05:35 +0900 Subject: [PATCH] feat/enable custom dkim selector (#1811) * let dkim generator accept selector as parameter * test dkim-generator with selector parameter * fix: correct name of domain argument in usage * fix: adapt command to new syntax * tests: use different quotes * tests: use different quotes * tests: remove domains that were never added * style: change test name * refactor: dkim setup * style: remove trailing whitespace * tests: remove test of removed dummy file Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com> --- target/bin/open-dkim | 14 +++--- target/scripts/start-mailserver.sh | 11 ++--- test/open_dkim.bats | 69 ++++++++++++++++++++++-------- 3 files changed, 61 insertions(+), 33 deletions(-) diff --git a/target/bin/open-dkim b/target/bin/open-dkim index 8f2d3036..44e4f611 100755 --- a/target/bin/open-dkim +++ b/target/bin/open-dkim @@ -25,7 +25,7 @@ function __usage \e[94mConfiguration adjustments\e[39m keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default). selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!) - domains Provide the domains for which keys are to be generated. + domain Provide the domain(s) for which keys are to be generated. \e[38;5;214mEXAMPLES\e[39m \e[37m./setup.sh config dkim size 2048\e[39m @@ -147,20 +147,20 @@ while read -r DOMAINNAME do mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" - if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] + if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" ]] then - echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" + echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" opendkim-genkey \ --bits="${KEYSIZE}" \ --subdomains \ --DOMAIN="${DOMAINNAME}" \ - --selector=mail \ + --selector="${SELECTOR}" \ -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" fi # write to KeyTable if necessary - KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" + KEYTABLEENTRY="${SELECTOR}._domainkey.${DOMAINNAME} ${DOMAINNAME}:${SELECTOR}:/etc/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] then echo "Creating DKIM KeyTable" @@ -173,11 +173,11 @@ do fi # write to SigningTable if necessary - SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" + SIGNINGTABLEENTRY="*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] then echo "Creating DKIM SigningTable" - echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable + echo "*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable else if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable then diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index fe69c9ca..907362da 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -1106,9 +1106,9 @@ function _setup_dkim { _notify 'task' 'Setting up DKIM' - mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable + mkdir -p /etc/opendkim - # Check if keys are already available + # Check if any keys are available if [[ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]] then cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/ @@ -1117,12 +1117,9 @@ function _setup_dkim _notify 'inf' "Changing permissions on /etc/opendkim" chown -R opendkim:opendkim /etc/opendkim/ - chmod -R 0700 /etc/opendkim/keys/ # make sure permissions are right + chmod -R 0700 /etc/opendkim/keys/ else - _notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys." - - local KEYTABLE_FILE="/etc/opendkim/KeyTable" - [[ ! -f ${KEYTABLE_FILE} ]] && touch "${KEYTABLE_FILE}" + _notify 'warn' "No DKIM key provided. Check the documentation on how to get your keys." fi # setup nameservers paramater from /etc/resolv.conf if not defined diff --git a/test/open_dkim.bats b/test/open_dkim.bats index ee97bf5d..8e0a5237 100644 --- a/test/open_dkim.bats +++ b/test/open_dkim.bats @@ -45,25 +45,6 @@ function teardown_file # ––– Actual Tests –––––––––––––––––––––––––––––– # ––––––––––––––––––––––––––––––––––––––––––––––– -@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" { - docker run --rm -d \ - --name mail_smtponly_without_config \ - -e SMTP_ONLY=1 \ - -e ENABLE_LDAP=1 \ - -e PERMIT_DOCKER=network \ - -e OVERRIDE_HOSTNAME=mail.mydomain.com \ - -t "${IMAGE_NAME}" - - function teardown - { - docker rm -f mail_smtponly_without_config - } - - run repeat_in_container_until_success_or_timeout 15 \ - mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable" - assert_success -} - @test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" { run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l" assert_success @@ -378,3 +359,53 @@ function teardown_file assert_success assert_output 4 } + +@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided selector name" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" + rm -rf "${PRIVATE_CONFIG}/with-selector" && mkdir -p "${PRIVATE_CONFIG}/with-selector" + + # Generate first key + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/":/tmp/docker-mailserver/ \ + "${IMAGE_NAME:?}" /bin/sh -c "open-dkim keysize 2048 domain 'domain1.tld' selector mailer| wc -l" + assert_success + assert_output 4 + + # Check keys for domain1.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' + assert_success + assert_output 2 + + # Check key names with selector for domain1.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim/keys/domain1.tld | grep -E 'mailer.private|mailer.txt' | wc -l" + assert_success + assert_output 2 + + # Check presence of tables and TrustedHosts + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" + assert_success + assert_output 4 + + # Check valid entries actually present in KeyTable + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c \ + "grep 'domain1.tld' /etc/opendkim/KeyTable | wc -l" + assert_success + assert_output 1 + + # Check valid entries actually present in SigningTable + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c \ + "grep 'domain1.tld' /etc/opendkim/SigningTable | wc -l" + assert_success + assert_output 1 +}