github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

docs: improve Rspamd docs about DKIM signing of multiple domains (#3329)

Browse source 
* improve Rspamd docs

See #3326 & #3328

* improve warning message

See #3328
This commit is contained in:
Georg Lauterbach 2023-05-11 18:08:54 +02:00 committed by GitHub
parent 03c0b116c7
commit e4274ef113
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
docs/content/config/best-practices/dkim_dmarc_spf.md
View file

@ -109,6 +109,10 @@ DKIM is currently supported by either OpenDKIM or Rspamd:
will execute the helper script with default parameters. will execute the helper script with default parameters.
??? warning "Using Multiple Domains"
Unlike the current script for OpenDKIM, the Rspamd script will **not** create keys for all domains DMS is managing, but only for the one it assumes to be the main domain (derived from DMS' domain name). Moreover, the default `dkim_signing.conf` configuration file that DMS ships will also only contain one domain. If you have multiple domains, you need to run the command `docker exec -ti <CONTAINER NAME> setup config dkim domain <DOMAIN>` multiple times to create all the keys for all domains, and then provide a custom `dkim_signing.conf` (for which an example is shown below).
!!! info "About the Helper Script" !!! info "About the Helper Script"
The script will persist the keys in `/tmp/docker-mailserver/rspamd/dkim/`. Hence, if you are already using the default volume mounts, the keys are persisted in a volume. The script also restarts Rspamd directly, so changes take effect without restarting DMS. The script will persist the keys in `/tmp/docker-mailserver/rspamd/dkim/`. Hence, if you are already using the default volume mounts, the keys are persisted in a volume. The script also restarts Rspamd directly, so changes take effect without restarting DMS.
@ -148,24 +152,16 @@ DKIM is currently supported by either OpenDKIM or Rspamd:
As shown next: As shown next:
- You can add more domains into the `domain { ... }` section. - You can add more domains into the `domain { ... }` section (in the following example: `example.com` and `example.org`).
- A domain can also be configured with multiple selectors and keys within a `selectors [ ... ]` array. - A domain can also be configured with multiple selectors and keys within a `selectors [ ... ]` array (in the following example, this is done for `example.org`).
```cf ```cf
# ... # ...
domain { domain {
example.com { example.com {
selectors [ path = /tmp/docker-mailserver/rspamd/example.com/ed25519.private";
{ selector = "dkim-ed25519";
path = "/tmp/docker-mailserver/rspamd/dkim/example.com/rsa.private";
selector = "dkim-rsa";
},
{
path = /tmp/docker-mailserver/rspamd/example.com/ed25519.private";
selector = "dkim-ed25519";
}
]
} }
example.org { example.org {
selectors [ selectors [

4
target/scripts/startup/setup.d/security/rspamd.sh
View file

@ -78,11 +78,11 @@ function __rspamd__run_early_setup_and_checks
if [[ -d ${RSPAMD_DMS_OVERRIDE_D} ]] if [[ -d ${RSPAMD_DMS_OVERRIDE_D} ]]
then then
__rspamd__log 'debug' "Found directory '${RSPAMD_DMS_OVERRIDE_D}' - linking it to '${RSPAMD_OVERRIDE_D}'" __rspamd__log 'debug' "Found directory '${RSPAMD_DMS_OVERRIDE_D}' - linking it to '${RSPAMD_OVERRIDE_D}'"
if rmdir "${RSPAMD_OVERRIDE_D}" if rmdir "${RSPAMD_OVERRIDE_D}" 2>/dev/null
then then
ln -s "${RSPAMD_DMS_OVERRIDE_D}" "${RSPAMD_OVERRIDE_D}" ln -s "${RSPAMD_DMS_OVERRIDE_D}" "${RSPAMD_OVERRIDE_D}"
else else
__rspamd__log 'warn' "Could not remove '${RSPAMD_OVERRIDE_D}' (not empty?) - not linking '${RSPAMD_DMS_OVERRIDE_D}'" __rspamd__log 'warn' "Could not remove '${RSPAMD_OVERRIDE_D}' (not empty? not a directory?; did you restart properly?) - not linking '${RSPAMD_DMS_OVERRIDE_D}'"
fi fi
fi fi