Fixed #143 adding a OpenDKIM keys generator and its integration tests

.gitignore

@@ -3,3 +3,4 @@ docker-compose.yml
 postfix/ssl/*
 letsencrypt/
 .idea
+config/tmp

Dockerfile

@@ -47,8 +47,8 @@ ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
 # Configures Postfix
 ADD target/postfix/main.cf /etc/postfix/main.cf
 ADD target/postfix/master.cf /etc/postfix/master.cf
-ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
+ADD target/bin/generate-ssl-certificate target/bin/generate-dkim-config /usr/local/bin/
-RUN chmod +x /usr/local/bin/generate-ssl-certificate
+RUN chmod +x /usr/local/bin/*
 
 # Configuring Logs
 RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf

Makefile

@@ -15,6 +15,7 @@ run:
 	# Run containers
 	docker run -d --name mail \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
+		-v "`pwd`/test/config/test-opendkim":/tmp/docker-mailserver/opendkim \
 		-v "`pwd`/test":/tmp/docker-mailserver/test \
 		-e SA_TAG=1.0 \
 		-e SA_TAG2=2.0 \
@@ -60,3 +61,4 @@ tests:
 clean:
 	# Remove running test containers
 	docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban fail-auth-mailer
+	rm -rf config/opendkim config/test-opendkim config/tmp

README.md

@@ -137,6 +137,16 @@ Example:
 
 Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.  
 
+## OpenDKIM
+
+You have prepared your mail accounts? Now you can generate DKIM keys using the following command:
+
+    docker run --rm \
+      -v "$(pwd)/config":/tmp/docker-mailserver \
+      -ti tvial/docker-mailserver:v2 generate-dkim-config 
+
+Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
+
 ## SSL
 
 Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.

target/bin/generate-dkim-config

@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Getting domains from mail accounts
+while IFS=$'|' read login pass
+do
+	domain=$(echo ${login} | cut -d @ -f2)
+	echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
+done < /tmp/docker-mailserver/postfix-accounts.cf
+
+# Getting domains from mail aliases
+while read from to
+do
+	# Setting variables for better readability
+	uname=$(echo ${from} | cut -d @ -f1)
+	domain=$(echo ${from} | cut -d @ -f2)
+	# if they are equal it means the line looks like: "user1     other@domain.tld"
+	test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
+done < /tmp/docker-mailserver/postfix-virtual.cf
+
+# Keeping unique entries
+if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
+	cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
+fi
+
+grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
+	mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname
+
+	if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then
+		echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
+		opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname
+	fi
+
+	# Write to KeyTable if necessary
+	keytableentry="mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
+	if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
+		echo "Creating DKIM KeyTable"
+	 	echo "mail._domainkey.$domainname $domainname:mail:/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" > /tmp/docker-mailserver/opendkim/KeyTable
+	else
+		if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then
+	    	echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable
+		fi
+	fi
+
+	# Write to SigningTable if necessary
+	signingtableentry="*@$domainname mail._domainkey.$domainname"
+	if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then
+		echo "Creating DKIM SigningTable"
+		echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable
+	else
+		if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then
+	    	echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable
+		fi
+	fi
+done
+

target/start-mailserver.sh

@@ -96,39 +96,7 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
   cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
   echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
 else
-  grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
+  echo "No DKIM key provided. Check the documentation to find how to get your keys."
-    mkdir -p /etc/opendkim/keys/$domainname
-    if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
-      echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
-      pushd /etc/opendkim/keys/$domainname
-      opendkim-genkey --subdomains --domain=$domainname --selector=mail
-      popd
-      echo ""
-      echo "DKIM PUBLIC KEY ################################################################"
-      cat /etc/opendkim/keys/$domainname/mail.txt
-      echo "################################################################################"
-    fi
-    # Write to KeyTable if necessary
-    keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
-    if [ ! -f "/etc/opendkim/KeyTable" ]; then
-      echo "Creating DKIM KeyTable"
-      echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
-    else
-      if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
-        echo $keytableentry >> /etc/opendkim/KeyTable
-      fi
-    fi
-    # Write to SigningTable if necessary
-    signingtableentry="*@$domainname mail._domainkey.$domainname"
-    if [ ! -f "/etc/opendkim/SigningTable" ]; then
-      echo "Creating DKIM SigningTable"
-      echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
-    else
-      if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
-        echo $signingtableentry >> /etc/opendkim/SigningTable
-      fi
-    fi
-  done
 fi
 
 echo "Changing permissions on /etc/opendkim"

test/config/test-opendkim/KeyTable

@@ -0,0 +1,2 @@
+mail._domainkey.localhost.localdomain localhost.localdomain:mail:/tmp/docker-mailserver/opendkim/keys/localhost.localdomain/mail.private
+mail._domainkey.otherdomain.tld otherdomain.tld:mail:/tmp/docker-mailserver/opendkim/keys/otherdomain.tld/mail.private

test/config/test-opendkim/SigningTable

@@ -0,0 +1,2 @@
+*@localhost.localdomain mail._domainkey.localhost.localdomain
+*@otherdomain.tld mail._domainkey.otherdomain.tld

test/config/test-opendkim/keys/localhost.localdomain/mail.private

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ7
+3cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dt
+t1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB
+AoGBAKF6dMJoe/Coe+XIP4TXjCq7A17jMaVAh7/+drgvM5DAOVH/5P47Cdl5R2cI
+KfkNePtm5aMn0SxrhHUXgE9h1nBp7hrwvDnRwIUB8Ml3yE6f18p3OpHX8txVo1Qg
+Ov8LsJ1XUWaCmMnLg95wrUP0yHKjRmxxJjIfkCzqPXo/6HvRAkEA6ZJQffUYfMeo
+OrjVg3CpOYKR/deneC2x5ZbqyXgOQBJH010nU3DfFqEg5L+DHwpyiodOco6TRrrM
+prp90j3wvQJBAMSIjcLPC/1NxW7QQGnMl9CdnD11bnV17+gMCHJfUYAdKpU9EQDB
+dqJYP3GEOJXmC77Yua9P+QhEdZpF2M4yoG8CQEQ5l8di+zcffrVAXiWZl+STjh9O
+ib1h44/DiGs25Tqz3EUR9bW6x38tq5UFl8BOZeyu3yw5Fy3WzIZ6/NuXeiUCQDF3
+KS8CC8N6gpnMgpnea8uPD9cMKnwX7gUamjmnMg0ryh772r608tYTngxFOjTITOaB
+B+NPHp/tEyh8MgBcD7MCQQCT7ABW3W+tekXOP/NvSwYlA0Ty2oQ75p9pPao94Tef
+vz8CQFrb3C16789YH9lNyFmbClwpp9x9V2pXS8akyOxW
+-----END RSA PRIVATE KEY-----

test/config/test-opendkim/keys/localhost.localdomain/mail.txt

@@ -0,0 +1,2 @@
+mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
+	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzUJyyhq+TeT1wlIth5Z0yr7Ohd62n4rL5X3vRJO4EDyOEicJ73cjuaU4JLTYhbqmbNalOyXE9btS9I55Gv3RyomVBD1JpVTKdjVBUQug2L/ggw2dtt1FAn99svQWMs1XxmxiTR+sCEVkgKMmLSkCJuDCIfY/Bc9nlcng9+juB8wIDAQAB" )  ; ----- DKIM key mail for localhost.localdomain

test/config/test-opendkim/keys/otherdomain.tld/mail.private

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQ
+f0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzkt
+RCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB
+AoGAewyYzdBqqZ9DaPrR5p+t6OJp5Cr0dARbbsv28cQ3+X7KPmO9mowB5CcWEKmR
+CbJ4awwb/STHkf+8Y8bPVNsGBs0FO4Y7prLjzqjOWmm/Yw4XYRJyZLb8qkzRMcOT
+AIt7AWzxvdUOWB7XkG3MZC7qjmrWnXPUltLJIrdyv/T3ynkCQQDmF7Anqez14gc2
+96XfYc1s/5JQFkGyG/kAI8lGqgSHpq3aEMUDv+/YZqtIdFjN8dFwnfhJy1mMiSVN
+s2mjhYz1AkEAwlgRKHAMLFbv1Nn9wasJ2crArzHrM8lG90GldRfKXLpv5HNw42GV
+yPn48hIvCpxrO+gpZ1DQaX6dlPj0/dze+wJBANc8B2tC+EeV9PvFMyO/wEMa20oR
+V8j9g7JOx4RTnEMsdupKz5DPZdP/TnBLbZrQfwOisdSN5SmiTQPfNY1ia1UCQDYV
+SAEW3WxhbTCw0XtZ283uLJ0UqT2qH8OjUyY4zqnrgEP1FE9S0toxJmRHRywOx5DO
+VOdZiAYzpCrW9WbIVo0CQQDdtJEGYcM0v8N4i6T02VNikz3MzJ65g+kcnqTjsl1t
+eqowRyqQbSPlmTEMcAP0MJALg1TWDIlLaAUHd/v+5z06
+-----END RSA PRIVATE KEY-----

test/config/test-opendkim/keys/otherdomain.tld/mail.txt

@@ -0,0 +1,2 @@
+mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
+	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurRsOh4NyTOqDnpPlPLGlQDuoQl32Gdkfzw7BBRKDcelIZBmQf0uhXKSZVKe5Q596w/3ESJ9WOlB03SISnHy8lq/ZJ1+vhSZQfHvp0cHQl4BgNzktRCARdPY+5nVerF8aUSsT3bG2O+2r09AY4okLCVfkiwg6Nz2Eo7j4Z7mqNwIDAQAB" )  ; ----- DKIM key mail for otherdomain.tld

test/tests.bats

@@ -249,6 +249,20 @@
   [ "$output" -eq 2 ]
 }
 
+@test "checking opendkim: /etc/opendkim/KeyTable should not exist because not provided" {
+  run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/KeyTable"
+  [ "$status" -eq 1 ]
+}
+
+@test "checking opendkim: generator works as expected" {
+  run docker run --rm \
+  -v "$(pwd)/config":/tmp/docker-mailserver \
+  -v "$(pwd)/config/test-opendkim":/tmp/docker-mailserver/opendkim \
+  -ti tvial/docker-mailserver:v2 generate-dkim-config | wc -l
+  [ "$status" -eq 0 ]
+  [ "$output" -eq 4 ]
+}
+
 #
 # opendmarc
 #