feat/enable custom dkim selector (#1811)

* let dkim generator accept selector as parameter

* test dkim-generator with selector parameter

* fix: correct name of domain argument in usage

* fix: adapt command to new syntax

* tests: use different quotes

* tests: use different quotes

* tests: remove domains that were never added

* style: change test name

* refactor: dkim setup

* style: remove trailing whitespace

* tests: remove test of removed dummy file

Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>

target/bin/open-dkim

@@ -25,7 +25,7 @@ function __usage
     \e[94mConfiguration adjustments\e[39m
         keysize    Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
         selector   Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
-        domains    Provide the domains for which keys are to be generated.
+        domain     Provide the domain(s) for which keys are to be generated.
 
 \e[38;5;214mEXAMPLES\e[39m
     \e[37m./setup.sh config dkim size 2048\e[39m
@@ -147,20 +147,20 @@ while read -r DOMAINNAME
 do
   mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
 
-  if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
+  if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" ]]
   then
-    echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
+    echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
 
     opendkim-genkey \
       --bits="${KEYSIZE}" \
       --subdomains \
       --DOMAIN="${DOMAINNAME}" \
-      --selector=mail \
+      --selector="${SELECTOR}" \
       -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
   fi
 
   # write to KeyTable if necessary
-  KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
+  KEYTABLEENTRY="${SELECTOR}._domainkey.${DOMAINNAME} ${DOMAINNAME}:${SELECTOR}:/etc/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
   if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
   then
     echo "Creating DKIM KeyTable"
@@ -173,11 +173,11 @@ do
   fi
 
   # write to SigningTable if necessary
-  SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
+  SIGNINGTABLEENTRY="*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}"
   if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
   then
     echo "Creating DKIM SigningTable"
-    echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
+    echo "*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
   else
     if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
     then

target/scripts/start-mailserver.sh

@@ -1106,9 +1106,9 @@ function _setup_dkim
 {
   _notify 'task' 'Setting up DKIM'
 
-  mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
+  mkdir -p /etc/opendkim
 
-  # Check if keys are already available
+  # Check if any keys are available
   if [[ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]]
   then
     cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
@@ -1117,12 +1117,9 @@ function _setup_dkim
     _notify 'inf' "Changing permissions on /etc/opendkim"
 
     chown -R opendkim:opendkim /etc/opendkim/
-    chmod -R 0700 /etc/opendkim/keys/ # make sure permissions are right
+    chmod -R 0700 /etc/opendkim/keys/
   else
-    _notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
+    _notify 'warn' "No DKIM key provided. Check the documentation on how to get your keys."
-
-    local KEYTABLE_FILE="/etc/opendkim/KeyTable"
-    [[ ! -f ${KEYTABLE_FILE} ]] && touch "${KEYTABLE_FILE}"
   fi
 
   # setup nameservers paramater from /etc/resolv.conf if not defined

test/open_dkim.bats

@@ -45,25 +45,6 @@ function teardown_file
 # ––– Actual Tests ––––––––––––––––––––––––––––––
 # –––––––––––––––––––––––––––––––––––––––––––––––
 
-@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" {
-  docker run --rm -d \
-    --name mail_smtponly_without_config \
-		-e SMTP_ONLY=1 \
-		-e ENABLE_LDAP=1 \
-		-e PERMIT_DOCKER=network \
-		-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-		-t "${IMAGE_NAME}"
-
-  function teardown
-  {
-    docker rm -f mail_smtponly_without_config
-  }
-
-  run repeat_in_container_until_success_or_timeout 15 \
-    mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
-  assert_success
-}
-
 @test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" {
   run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l"
   assert_success
@@ -378,3 +359,53 @@ function teardown_file
   assert_success
   assert_output 4
 }
+
+@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided selector name" {
+  local PRIVATE_CONFIG
+  PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
+  rm -rf "${PRIVATE_CONFIG}/with-selector" && mkdir -p "${PRIVATE_CONFIG}/with-selector"
+
+  # Generate first key
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/":/tmp/docker-mailserver/ \
+    "${IMAGE_NAME:?}" /bin/sh -c "open-dkim keysize 2048 domain 'domain1.tld' selector mailer| wc -l"
+  assert_success
+  assert_output 4
+
+  # Check keys for domain1.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
+    "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
+  assert_success
+  assert_output 2
+
+  # Check key names with selector for domain1.tld
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
+    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim/keys/domain1.tld | grep -E 'mailer.private|mailer.txt' | wc -l"
+  assert_success
+  assert_output 2
+
+  # Check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
+    "${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
+  assert_success
+  assert_output 4
+
+  # Check valid entries actually present in KeyTable
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
+    "${IMAGE_NAME:?}" /bin/sh -c \
+    "grep 'domain1.tld' /etc/opendkim/KeyTable | wc -l"
+  assert_success
+  assert_output 1
+  
+  # Check valid entries actually present in SigningTable
+  run docker run --rm \
+    -v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
+    "${IMAGE_NAME:?}" /bin/sh -c \
+    "grep 'domain1.tld' /etc/opendkim/SigningTable | wc -l"
+  assert_success
+  assert_output 1
+}