Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow manual domains for dkim generator (#1753) 

* Allow manual domains for dkim generator

* Document the DKIM manual mode

* Remove unnecessary quotes

* updating default value usage and "" in [[ ]]

* Change parameter expansion

* Add test for manual dkim domains

* Remove obsolete script

* Add manual dkim mode to usage

* Move manual dkim guide into quickstart section

* Cover case that key for domain already exists

* Set default dkim key size to 4096

Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
This commit is contained in:
William Desportes 2021-01-27 14:09:24 +01:00 committed by GitHub
parent 23984e3f07
commit 4616894fbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 93 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -119,6 +119,14 @@ docker-compose up -d mail
./setup.sh -Z config dkim ./setup.sh -Z config dkim
``` ```
If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Therefore `postfix` doesn't know your domain(s) and you need to provide it when configuring `dkim`:
``` BASH
docker-compose up -d mail
./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
```
### Miscellaneous ### Miscellaneous
#### DNS - DKIM #### DNS - DKIM

4
setup.sh
View File

@ -142,7 +142,7 @@ SUBCOMMANDS:
config: config:
${0} config dkim <keysize> (default: 2048) ${0} config dkim <keysize> (default: 4096) <domain> (optional - for LDAP systems)
${0} config ssl <fqdn> ${0} config ssl <fqdn>
relay: relay:
@ -323,7 +323,7 @@ function _main
config) config)
shift ; case ${1:-} in shift ; case ${1:-} in
dkim ) _docker_image generate-dkim-config "${2:-2048}" ;; dkim ) _docker_image generate-dkim-config "${2:-4096}" "${3:-}" ;;
ssl ) _docker_image generate-ssl-certificate "${2}" ;; ssl ) _docker_image generate-ssl-certificate "${2}" ;;
* ) _usage ;; * ) _usage ;;
esac esac

21
target/bin/generate-dkim-config
View File

@ -3,22 +3,26 @@
touch /tmp/vhost.tmp touch /tmp/vhost.tmp
# if no keysize is provided, 2048 is default. # if no keysize is provided, 2048 is default.
KEYSIZE=${1:-2048} KEYSIZE=${1:-4096}
# optional domain names
DOMAINS=${2:-}
# Getting domains FROM mail accounts if [[ -z ${DOMAINS} ]]
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then then
# getting domains FROM mail accounts
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then
# shellcheck disable=SC2034 # shellcheck disable=SC2034
while IFS=$'|' read -r LOGIN PASS while IFS=$'|' read -r LOGIN PASS
do do
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
echo "${DOMAIN}" >>/tmp/vhost.tmp echo "${DOMAIN}" >>/tmp/vhost.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
fi fi
# Getting domains FROM mail aliases # Getting domains FROM mail aliases
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
then then
# shellcheck disable=SC2034 # shellcheck disable=SC2034
while read -r FROM TO while read -r FROM TO
do do
@ -27,6 +31,9 @@ then
test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
fi
else
tr ',' '\n' <<<"${DOMAINS}" > /tmp/vhost.tmp
fi fi
# keeping unique entries # keeping unique entries

44
target/bin/generate-dkim-domain
View File

@ -1,44 +0,0 @@
#! /bin/bash
set -e
if [[ ${#} -ne 1 ]]
then
echo "${0}: usage: generate-dkim-domain domain"
exit 1
fi
DOMAINNAME=${1}
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
opendkim-genkey --subdomains --domain="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
fi
# Write to KeyTable if necessary
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
echo "Creating DKIM KeyTable"
echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
then
echo "${KEYTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
then
echo "Creating DKIM SigningTable"
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" > /tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "${SIGNINGTABLEENTRY}" "/tmp/docker-mailserver/opendkim/SigningTable"
then
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
fi
fi

73
test/tests.bats
View File

@ -461,12 +461,12 @@ EOF
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 511) - which may differ with a different domain names # Instead it tests the file-size (here 861) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage. # This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates default keys size" { @test "checking opendkim: generator creates default keys size" {
local PRIVATE_CONFIG local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)" PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)"
# Prepare default key size 2048 # Prepare default key size 4096
rm -rf "${PRIVATE_CONFIG}/keyDefault" rm -rf "${PRIVATE_CONFIG}/keyDefault"
mkdir -p "${PRIVATE_CONFIG}/keyDefault" mkdir -p "${PRIVATE_CONFIG}/keyDefault"
@ -484,10 +484,36 @@ EOF
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success assert_success
assert_output 511 assert_output 861
} }
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar
# Instead it tests the file-size (here 861) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 4096" {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)"
# Prepare set key size 4096
rm -rf "${PRIVATE_CONFIG}/key4096"
mkdir -p "${PRIVATE_CONFIG}/config/key4096"
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l'
assert_success
assert_output 6
run docker run --rm \
-v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" \
/bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt'
assert_success
assert_output 861
}
# Instead it tests the file-size (here 511) - which may differ with a different domain names # Instead it tests the file-size (here 511) - which may differ with a different domain names
# This test may be re-used as a global test to provide better test coverage. # This test may be re-used as a global test to provide better test coverage.
@test "checking opendkim: generator creates key size 2048" { @test "checking opendkim: generator creates key size 2048" {
@ -633,39 +659,50 @@ EOF
assert_output 4 assert_output 4
} }
@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" { @test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" {
local PRIVATE_CONFIG local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain" rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain"
# Generate first key
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
-v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l'
-v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l'
assert_success assert_success
assert_output 6 assert_output 4
# Generate key using domain name # Generate two additional keys different to the previous one
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l' "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l'
assert_success
assert_output 2
# Generate an additional key whilst providing already existing domains
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \
"${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l'
assert_success assert_success
assert_output 1 assert_output 1
# Check keys for localhost.localdomain # Check keys for domain1.tld
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
assert_success assert_success
assert_output 2 assert_output 2
# Check keys for otherdomain.tld # Check keys for domain2.tld
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l'
assert_success assert_success
assert_output 2 assert_output 2
# Check keys for testdomain.tld # Check keys for domain3.tld
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l' "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l'
assert_success
assert_output 2
# Check keys for domain4.tld
run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l'
assert_success assert_success
assert_output 2 assert_output 2
# Check presence of tables and TrustedHosts # Check presence of tables and TrustedHosts
@ -678,14 +715,14 @@ EOF
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \ "${IMAGE_NAME:?}" /bin/sh -c \
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l" "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l"
assert_success assert_success
assert_output 4 assert_output 4
# Check valid entries actually present in SigningTable # Check valid entries actually present in SigningTable
run docker run --rm \ run docker run --rm \
-v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \
"${IMAGE_NAME:?}" /bin/sh -c \ "${IMAGE_NAME:?}" /bin/sh -c \
"egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l" "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l"
assert_success assert_success
assert_output 4 assert_output 4
} }