opendkim: added configuration, one-time setup, and postfix integration.

author: root@culturestrings <root@culturestrings> 2020-06-20 09:38:13 +0000
committer: root@culturestrings <root@culturestrings> 2020-06-20 09:38:13 +0000
commit: 065c23e1561fad50c66c30447a4886d2727a47cf (patch)
tree: fb059d4508fae8df620043a485b5c6672cffdabf /public
parent: 281232b3c94181232a350f7162475c6ac9704d43 (diff)
download: culturestrings-065c23e1561fad50c66c30447a4886d2727a47cf.tar.bz2
culturestrings-065c23e1561fad50c66c30447a4886d2727a47cf.tar.xz
4 files changed, 35 insertions, 0 deletions
diff --git a/public/fs/etc/opendkim/opendkim.conf b/public/fs/etc/opendkim/opendkim.conf
new file mode 100644
index 0000000..609a70b
--- /dev/null
+++ b/public/fs/etc/opendkim/opendkim.conf
@@ -0,0 +1,6 @@
+KeyTable            file:/etc/dkimkeys/keytable
+SigningTable        refile:/etc/dkimkeys/signingtable
+InternalHosts       refile:/etc/dkimkeys/trustedhosts
+
+Umask               0002
+Socket              local:/var/spool/postfix/opendkim/opendkim.sock
diff --git a/public/fs/etc/postfix/main.cf.in b/public/fs/etc/postfix/main.cf.in
index 26b9530..7a99be0 100644
--- a/public/fs/etc/postfix/main.cf.in
+++ b/public/fs/etc/postfix/main.cf.in
@@ -28,6 +28,12 @@ sample_directory        = /usr/share/doc/packages/postfix-doc/samples
 readme_directory        = /usr/share/doc/packages/postfix-doc/README_FILES
 mail_spool_directory    = /var/mail
 
+# dkim
+smtpd_milters                   = unix:/opendkim/opendkim.sock
+non_smtpd_milters               = $smtpd_milters
+
+milter_default_action           = accept
+internal_mail_filter_classes    = bounce
 
 # tls ...
 tls_random_source               = dev:/dev/urandom
diff --git a/public/fs/etc/systemd/system/opendkim.service.d/override.conf b/public/fs/etc/systemd/system/opendkim.service.d/override.conf
new file mode 100644
index 0000000..24d8bed
--- /dev/null
+++ b/public/fs/etc/systemd/system/opendkim.service.d/override.conf
@@ -0,0 +1,3 @@
+[Service]
+User=opendkim
+Group=postfix
diff --git a/public/once/opendkim b/public/once/opendkim
new file mode 100755
index 0000000..fb088c8
--- /dev/null
+++ b/public/once/opendkim
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -eu
+
+smtphost="$1"
+
+if [ -f /etc/dkimkeys/mail.private ]; then
+	printf '%s: %s %s\n' "$0"                 \
+	"dkim key file /etc/dkimkeys/mail.private" \
+	"already exists! Aborting..." >&2
+	exit 2
+fi
+
+opendkim-genkey -r -S -v -b 2048 -D /etc/dkimkeys -d $smtphost -s mail
+chown -R opendkim:opendkim /srv/etc/dkimkeys
+
+mkdir -p -m o-rwx          /var/spool/postfix/opendkim
+chown -R opendkim:opendkim /var/spool/postfix/opendkim
+
+usermod --group opendkim --append postfix
author	root@culturestrings <root@culturestrings>	2020-06-20 09:38:13 +0000
committer	root@culturestrings <root@culturestrings>	2020-06-20 09:38:13 +0000
commit	065c23e1561fad50c66c30447a4886d2727a47cf (patch)
tree	fb059d4508fae8df620043a485b5c6672cffdabf /public
parent	281232b3c94181232a350f7162475c6ac9704d43 (diff)
download	culturestrings-065c23e1561fad50c66c30447a4886d2727a47cf.tar.bz2 culturestrings-065c23e1561fad50c66c30447a4886d2727a47cf.tar.xz