diff --git a/public/fs/etc/opendkim/opendkim.conf b/public/fs/etc/opendkim/opendkim.conf new file mode 100644 index 0000000..609a70b --- /dev/null +++ b/public/fs/etc/opendkim/opendkim.conf @@ -0,0 +1,6 @@ +KeyTable file:/etc/dkimkeys/keytable +SigningTable refile:/etc/dkimkeys/signingtable +InternalHosts refile:/etc/dkimkeys/trustedhosts + +Umask 0002 +Socket local:/var/spool/postfix/opendkim/opendkim.sock diff --git a/public/fs/etc/postfix/main.cf.in b/public/fs/etc/postfix/main.cf.in index 26b9530..7a99be0 100644 --- a/public/fs/etc/postfix/main.cf.in +++ b/public/fs/etc/postfix/main.cf.in @@ -28,6 +28,12 @@ sample_directory = /usr/share/doc/packages/postfix-doc/samples readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES mail_spool_directory = /var/mail +# dkim +smtpd_milters = unix:/opendkim/opendkim.sock +non_smtpd_milters = $smtpd_milters + +milter_default_action = accept +internal_mail_filter_classes = bounce # tls ... tls_random_source = dev:/dev/urandom diff --git a/public/fs/etc/systemd/system/opendkim.service.d/override.conf b/public/fs/etc/systemd/system/opendkim.service.d/override.conf new file mode 100644 index 0000000..24d8bed --- /dev/null +++ b/public/fs/etc/systemd/system/opendkim.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +User=opendkim +Group=postfix diff --git a/public/once/opendkim b/public/once/opendkim new file mode 100755 index 0000000..fb088c8 --- /dev/null +++ b/public/once/opendkim @@ -0,0 +1,20 @@ +#!/bin/sh + +set -eu + +smtphost="$1" + +if [ -f /etc/dkimkeys/mail.private ]; then + printf '%s: %s %s\n' "$0" \ + "dkim key file /etc/dkimkeys/mail.private" \ + "already exists! Aborting..." >&2 + exit 2 +fi + +opendkim-genkey -r -S -v -b 2048 -D /etc/dkimkeys -d $smtphost -s mail +chown -R opendkim:opendkim /srv/etc/dkimkeys + +mkdir -p -m o-rwx /var/spool/postfix/opendkim +chown -R opendkim:opendkim /var/spool/postfix/opendkim + +usermod --group opendkim --append postfix