Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: open-dkim config generator refactor

This commit is contained in:
Brennan Kinney 2025-02-15 21:23:14 +13:00 committed by GitHub
parent 466602c66d
commit 523f5b8fbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 58 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
target/bin/open-dkim
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
# shellcheck source=../scripts/helpers/index.sh # shellcheck source=../scripts/helpers/index.sh
source /usr/local/bin/helpers/index.sh source /usr/local/bin/helpers/index.sh
@ -16,7 +16,7 @@ function _main() {
# Default parameters (updated by `_parse_arguments()`): # Default parameters (updated by `_parse_arguments()`):
local KEYSIZE=2048 local KEYSIZE=2048
local SELECTOR=mail local SELECTOR=mail
local DOMAINS= local DMS_DOMAINS=
_require_n_parameters_or_print_usage 0 "${@}" _require_n_parameters_or_print_usage 0 "${@}"
_parse_arguments "${@}" _parse_arguments "${@}"
@ -95,8 +95,8 @@ function _parse_arguments() {
( 'domain' ) ( 'domain' )
if [[ -n ${2+set} ]]; then if [[ -n ${2+set} ]]; then
DOMAINS="${2}" DMS_DOMAINS="${2}"
_log 'debug' "Domain(s) set to '${DOMAIN}'" _log 'debug' "Domain(s) set to '${DMS_DOMAINS}'"
else else
_exit_with_error "No domain(s) provided after 'domain' argument" _exit_with_error "No domain(s) provided after 'domain' argument"
fi fi
@ -125,43 +125,60 @@ function _generate_dkim_keys() {
exit 0 exit 0
fi fi
# Generate the keypairs and associated OpenDKIM config files: # Initialize OpenDKIM configs if necessary:
OPENDKIM_BASE_DIR='/tmp/docker-mailserver/opendkim' _create_opendkim_configs
# Generate a keypair per domain and add reference to OpenDKIM configs:
local ENTRY_KEY KEY_TABLE_ENTRY SIGNING_TABLE_ENTRY
while read -r DKIM_DOMAIN; do while read -r DKIM_DOMAIN; do
_create_dkim_key "${DKIM_DOMAIN}" _create_dkim_key "${DKIM_DOMAIN}"
# Create / Update OpenDKIM configs with new DKIM key: # Create / Update OpenDKIM configs with new DKIM key:
KEY_TABLE_ENTRY="${SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private" ENTRY_KEY="${SELECTOR}._domainkey.${DKIM_DOMAIN}"
_update_keytable "${KEY_TABLE_ENTRY}" KEY_TABLE_ENTRY="${ENTRY_KEY} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private"
SIGNING_TABLE_ENTRY="*@${DKIM_DOMAIN} ${ENTRY_KEY}"
SIGNING_TABLE_ENTRY="*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" # If no existing entry, add one:
_update_signingtable "${SIGNING_TABLE_ENTRY}" if ! grep -q "${KEY_TABLE_ENTRY}" "${KEY_TABLE_FILE}"; then
echo "${KEY_TABLE_ENTRY}" >> "${KEY_TABLE_FILE}"
fi
if ! grep -q "${SIGNING_TABLE_ENTRY}" "${SIGNING_TABLE_FILE}"; then
echo "${SIGNING_TABLE_ENTRY}" >> "${SIGNING_TABLE_FILE}"
fi
done < <(_get_valid_lines_from_file "${DATABASE_VHOST}") done < <(_get_valid_lines_from_file "${DATABASE_VHOST}")
# Create TrustedHosts if missing: # No longer needed, remove:
_create_trustedhosts rm "${DATABASE_VHOST}"
# Ensure ownership is consistent for all content belonging to the base directory,
# During container startup, an internal copy will be made via `_setup_opendkim()`
# with ownership we expect, while this chown is for the benefit of the users ownership.
chown -R "$(stat -c '%U:%G' "${OPENDKIM_BASE_DIR}")" "${OPENDKIM_BASE_DIR}"
} }
# Prepare a file with one domain per line: # Prepare a file with one domain per line (iterated via while loop as DKIM_DOMAIN):
# Depends on methods from `scripts/helpers/postfix.sh`: # Depends on methods from `scripts/helpers/postfix.sh`:
DATABASE_VHOST='/tmp/vhost.dkim' DATABASE_VHOST='/tmp/vhost.dkim'
function _generate_domains_config() { function _generate_domains_config() {
local TMP_VHOST='/tmp/vhost.dkim.tmp' local TMP_VHOST='/tmp/vhost.dkim.tmp'
# Generate the default vhost (equivalent to /etc/postfix/vhost), # Generate the default vhost (equivalent to /etc/postfix/vhost),
# unless CLI arg DOMAINS provided an alternative list to use instead: # unless CLI arg DMS_DOMAINS provided an alternative list to use instead:
if [[ -z ${DOMAINS} ]]; then if [[ -z ${DMS_DOMAINS} ]]; then
_obtain_hostname_and_domainname _obtain_hostname_and_domainname
# uses TMP_VHOST: # uses TMP_VHOST:
_vhost_collect_postfix_domains _vhost_collect_postfix_domains
else else
tr ',' '\n' <<< "${DOMAINS}" >"${TMP_VHOST}" tr ',' '\n' <<< "${DMS_DOMAINS}" >"${TMP_VHOST}"
fi fi
# Uses DATABASE_VHOST + TMP_VHOST: # Uses DATABASE_VHOST + TMP_VHOST:
_create_vhost _create_vhost
} }
# `opendkim-genkey` generates two files at the configured `--directory`:
# - <selector>.private (Private key, PEM encoded)
# - <selector>.txt (Public key, formatted as a TXT record for a RFC 1035 DNS Zone file)
function _create_dkim_key() { function _create_dkim_key() {
DKIM_DOMAIN=${1?Expected to be provided a domain} DKIM_DOMAIN=${1?Expected to be provided a domain}
@ -172,6 +189,11 @@ function _create_dkim_key() {
if [[ ! -f "${DKIM_KEY_FILE}" ]]; then if [[ ! -f "${DKIM_KEY_FILE}" ]]; then
_log 'info' "Creating DKIM private key '${DKIM_KEY_FILE}'" _log 'info' "Creating DKIM private key '${DKIM_KEY_FILE}'"
# NOTE:
# --domain only affects a comment in the generated DNS Zone file
# --subdomains is the default,
# --nosubdomains would add `t=s` to the DNS TXT record generated
# http://www.opendkim.org/opendkim-genkey.8.html
opendkim-genkey \ opendkim-genkey \
--bits="${KEYSIZE}" \ --bits="${KEYSIZE}" \
--subdomains \ --subdomains \
@ -179,45 +201,31 @@ function _create_dkim_key() {
--selector="${SELECTOR}" \ --selector="${SELECTOR}" \
--directory="${OPENDKIM_DOMAINKEY_DIR}" --directory="${OPENDKIM_DOMAINKEY_DIR}"
fi fi
# Ensure permissions match the user:group of the base directory:
chown -R "$(stat -c '%U:%G' "${OPENDKIM_BASE_DIR}")" "${OPENDKIM_DOMAINKEY_DIR}"
} }
function _update_keytable() { OPENDKIM_BASE_DIR='/tmp/docker-mailserver/opendkim'
KEY_TABLE_ENTRY=${1?Expected to be provided an entry}
KEY_TABLE_FILE="${OPENDKIM_BASE_DIR}/KeyTable" KEY_TABLE_FILE="${OPENDKIM_BASE_DIR}/KeyTable"
if [[ ! -f "${KEY_TABLE_FILE}" ]]; then
_log 'debug' 'Creating DKIM KeyTable'
echo "${KEY_TABLE_ENTRY}" > "${KEY_TABLE_FILE}"
else
# If no existing entry, add one:
if ! grep -q "${KEY_TABLE_ENTRY}" "${KEY_TABLE_FILE}"; then
echo "${KEY_TABLE_ENTRY}" >> "${KEY_TABLE_FILE}"
fi
fi
}
function _update_signingtable() {
SIGNING_TABLE_ENTRY=${1?Expected to be provided an entry}
SIGNING_TABLE_FILE="${OPENDKIM_BASE_DIR}/SigningTable" SIGNING_TABLE_FILE="${OPENDKIM_BASE_DIR}/SigningTable"
if [[ ! -f "${SIGNING_TABLE_FILE}" ]]; then
_log 'debug' 'Creating DKIM SigningTable'
echo "*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" > "${SIGNING_TABLE_FILE}"
else
# If no existing entry, add one:
if ! grep -q "${SIGNING_TABLE_ENTRY}" "${SIGNING_TABLE_FILE}"; then
echo "${SIGNING_TABLE_ENTRY}" >> "${SIGNING_TABLE_FILE}"
fi
fi
}
function _create_trustedhosts() {
TRUSTED_HOSTS_FILE="${OPENDKIM_BASE_DIR}/TrustedHosts" TRUSTED_HOSTS_FILE="${OPENDKIM_BASE_DIR}/TrustedHosts"
if [[ -d "${OPENDKIM_BASE_DIR}" ]] && [[ ! -f "${TRUSTED_HOSTS_FILE}" ]]; then # Create configs if missing:
_log 'debug' 'Creating DKIM TrustedHosts' function _create_opendkim_configs() {
_log 'debug' 'Creating any missing OpenDKIM configs'
mkdir -p "${OPENDKIM_BASE_DIR}"
local OPENDKIM_CONFIGS=(
"${KEY_TABLE_FILE}"
"${SIGNING_TABLE_FILE}"
"${TRUSTED_HOSTS_FILE}"
)
# Only create if the file doesn't exist (avoids modifying mtime):
for FILE in ${OPENDKIM_CONFIGS[@]}; do
[[ ! -f "${FILE}" ]] && touch "${FILE}"
done
# If file exists but is empty, add default hosts to trust:
if [[ ! -s "${TRUSTED_HOSTS_FILE}" ]]; then
_log 'debug' 'Adding default trust to OpenDKIM TrustedHosts config'
echo "127.0.0.1" > "${TRUSTED_HOSTS_FILE}" echo "127.0.0.1" > "${TRUSTED_HOSTS_FILE}"
echo "localhost" >> "${TRUSTED_HOSTS_FILE}" echo "localhost" >> "${TRUSTED_HOSTS_FILE}"
fi fi