summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--public/fs/etc/opendkim/opendkim.conf6
-rw-r--r--public/fs/etc/postfix/main.cf.in6
-rw-r--r--public/fs/etc/systemd/system/opendkim.service.d/override.conf3
-rwxr-xr-xpublic/once/opendkim20
4 files changed, 35 insertions, 0 deletions
diff --git a/public/fs/etc/opendkim/opendkim.conf b/public/fs/etc/opendkim/opendkim.conf
new file mode 100644
index 0000000..609a70b
--- /dev/null
+++ b/public/fs/etc/opendkim/opendkim.conf
@@ -0,0 +1,6 @@
+KeyTable file:/etc/dkimkeys/keytable
+SigningTable refile:/etc/dkimkeys/signingtable
+InternalHosts refile:/etc/dkimkeys/trustedhosts
+
+Umask 0002
+Socket local:/var/spool/postfix/opendkim/opendkim.sock
diff --git a/public/fs/etc/postfix/main.cf.in b/public/fs/etc/postfix/main.cf.in
index 26b9530..7a99be0 100644
--- a/public/fs/etc/postfix/main.cf.in
+++ b/public/fs/etc/postfix/main.cf.in
@@ -28,6 +28,12 @@ sample_directory = /usr/share/doc/packages/postfix-doc/samples
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
mail_spool_directory = /var/mail
+# dkim
+smtpd_milters = unix:/opendkim/opendkim.sock
+non_smtpd_milters = $smtpd_milters
+
+milter_default_action = accept
+internal_mail_filter_classes = bounce
# tls ...
tls_random_source = dev:/dev/urandom
diff --git a/public/fs/etc/systemd/system/opendkim.service.d/override.conf b/public/fs/etc/systemd/system/opendkim.service.d/override.conf
new file mode 100644
index 0000000..24d8bed
--- /dev/null
+++ b/public/fs/etc/systemd/system/opendkim.service.d/override.conf
@@ -0,0 +1,3 @@
+[Service]
+User=opendkim
+Group=postfix
diff --git a/public/once/opendkim b/public/once/opendkim
new file mode 100755
index 0000000..fb088c8
--- /dev/null
+++ b/public/once/opendkim
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -eu
+
+smtphost="$1"
+
+if [ -f /etc/dkimkeys/mail.private ]; then
+ printf '%s: %s %s\n' "$0" \
+ "dkim key file /etc/dkimkeys/mail.private" \
+ "already exists! Aborting..." >&2
+ exit 2
+fi
+
+opendkim-genkey -r -S -v -b 2048 -D /etc/dkimkeys -d $smtphost -s mail
+chown -R opendkim:opendkim /srv/etc/dkimkeys
+
+mkdir -p -m o-rwx /var/spool/postfix/opendkim
+chown -R opendkim:opendkim /var/spool/postfix/opendkim
+
+usermod --group opendkim --append postfix