diff --git a/README.md b/README.md index 4a07436f..c6f7a2d4 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,14 @@ docker-compose up -d mail ./setup.sh -Z config dkim ``` +If you are using a LDAP setup the setup looks a bit different as you do not add user accounts directly. Therefore `postfix` doesn't know your domain(s) and you need to provide it when configuring `dkim`: + +``` BASH +docker-compose up -d mail + +./setup.sh config dkim [,] +``` + ### Miscellaneous #### DNS - DKIM diff --git a/setup.sh b/setup.sh index e818e113..df1f041e 100755 --- a/setup.sh +++ b/setup.sh @@ -142,7 +142,7 @@ SUBCOMMANDS: config: - ${0} config dkim (default: 2048) + ${0} config dkim (default: 4096) (optional - for LDAP systems) ${0} config ssl relay: @@ -317,13 +317,13 @@ function _main shift ; case ${1:-} in set ) shift ; _docker_image setquota "${@}" ;; del ) shift ; _docker_image delquota "${@}" ;; - * ) _usage ;; + * ) _usage ;; esac ;; config) shift ; case ${1:-} in - dkim ) _docker_image generate-dkim-config "${2:-2048}" ;; + dkim ) _docker_image generate-dkim-config "${2:-4096}" "${3:-}" ;; ssl ) _docker_image generate-ssl-certificate "${2}" ;; * ) _usage ;; esac diff --git a/target/bin/generate-dkim-config b/target/bin/generate-dkim-config index 6f37e22e..fb289f32 100755 --- a/target/bin/generate-dkim-config +++ b/target/bin/generate-dkim-config @@ -3,30 +3,37 @@ touch /tmp/vhost.tmp # if no keysize is provided, 2048 is default. -KEYSIZE=${1:-2048} +KEYSIZE=${1:-4096} +# optional domain names +DOMAINS=${2:-} -# Getting domains FROM mail accounts -if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] +if [[ -z ${DOMAINS} ]] then - # shellcheck disable=SC2034 - while IFS=$'|' read -r LOGIN PASS - do - DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) - echo "${DOMAIN}" >>/tmp/vhost.tmp - done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) -fi + # getting domains FROM mail accounts + if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] + then + # shellcheck disable=SC2034 + while IFS=$'|' read -r LOGIN PASS + do + DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) + echo "${DOMAIN}" >>/tmp/vhost.tmp + done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) + fi -# Getting domains FROM mail aliases -if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] -then - # shellcheck disable=SC2034 - while read -r FROM TO - do - UNAME=$(echo "${FROM}" | cut -d @ -f1) - DOMAIN=$(echo "${FROM}" | cut -d @ -f2) + # Getting domains FROM mail aliases + if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] + then + # shellcheck disable=SC2034 + while read -r FROM TO + do + UNAME=$(echo "${FROM}" | cut -d @ -f1) + DOMAIN=$(echo "${FROM}" | cut -d @ -f2) - test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp - done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) + test "${UNAME}" != "${DOMAIN}" && echo "${DOMAIN}" >>/tmp/vhost.tmp + done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) + fi +else + tr ',' '\n' <<<"${DOMAINS}" > /tmp/vhost.tmp fi # keeping unique entries diff --git a/target/bin/generate-dkim-domain b/target/bin/generate-dkim-domain deleted file mode 100755 index 4712892b..00000000 --- a/target/bin/generate-dkim-domain +++ /dev/null @@ -1,44 +0,0 @@ -#! /bin/bash - -set -e - -if [[ ${#} -ne 1 ]] -then - echo "${0}: usage: generate-dkim-domain domain" - exit 1 -fi - -DOMAINNAME=${1} -mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" - -if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] -then - echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" - opendkim-genkey --subdomains --domain="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" -fi - -# Write to KeyTable if necessary -KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" -if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] -then - echo "Creating DKIM KeyTable" - echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable -else - if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable" - then - echo "${KEYTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/KeyTable - fi -fi - -# Write to SigningTable if necessary -SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" -if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] -then - echo "Creating DKIM SigningTable" - echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" > /tmp/docker-mailserver/opendkim/SigningTable -else - if ! grep -q "${SIGNINGTABLEENTRY}" "/tmp/docker-mailserver/opendkim/SigningTable" - then - echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable - fi -fi diff --git a/test/tests.bats b/test/tests.bats index 433ed081..ad17e165 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -461,12 +461,12 @@ EOF # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar -# Instead it tests the file-size (here 511) - which may differ with a different domain names +# Instead it tests the file-size (here 861) - which may differ with a different domain names # This test may be re-used as a global test to provide better test coverage. @test "checking opendkim: generator creates default keys size" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . mail_default_key_size)" - # Prepare default key size 2048 + # Prepare default key size 4096 rm -rf "${PRIVATE_CONFIG}/keyDefault" mkdir -p "${PRIVATE_CONFIG}/keyDefault" @@ -484,10 +484,36 @@ EOF /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' assert_success - assert_output 511 + assert_output 861 } # this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar +# this set of tests is of low quality. It does not test the RSA-Key size properly via openssl or similar +# Instead it tests the file-size (here 861) - which may differ with a different domain names +# This test may be re-used as a global test to provide better test coverage. +@test "checking opendkim: generator creates key size 4096" { + local PRIVATE_CONFIG + PRIVATE_CONFIG="$(duplicate_config_for_container . mail_key_size_4096)" + # Prepare set key size 4096 + rm -rf "${PRIVATE_CONFIG}/key4096" + mkdir -p "${PRIVATE_CONFIG}/config/key4096" + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/":/tmp/docker-mailserver/ \ + -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 4096 | wc -l' + assert_success + assert_output 6 + + run docker run --rm \ + -v "${PRIVATE_CONFIG}/key2048/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" \ + /bin/sh -c 'stat -c%s /etc/opendkim/keys/localhost.localdomain/mail.txt' + + assert_success + assert_output 861 +} + # Instead it tests the file-size (here 511) - which may differ with a different domain names # This test may be re-used as a global test to provide better test coverage. @test "checking opendkim: generator creates key size 2048" { @@ -633,39 +659,50 @@ EOF assert_output 4 } -@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" { +@test "checking opendkim: generator creates keys, tables and TrustedHosts using manual provided domain name" { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")" rm -rf "${PRIVATE_CONFIG}/with-domain" && mkdir -p "${PRIVATE_CONFIG}/with-domain" + # Generate first key run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ - -v "${PRIVATE_CONFIG}/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ - -v "${PRIVATE_CONFIG}/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config | wc -l' + "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 domain1.tld| wc -l' assert_success - assert_output 6 - # Generate key using domain name + assert_output 4 + # Generate two additional keys different to the previous one run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ - "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l' + "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain2.tld,domain3.tld' | wc -l' + assert_success + assert_output 2 + # Generate an additional key whilst providing already existing domains + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/":/tmp/docker-mailserver/ \ + "${IMAGE_NAME:?}" /bin/sh -c 'generate-dkim-config 2048 'domain3.tld,domain4.tld' | wc -l' assert_success assert_output 1 - # Check keys for localhost.localdomain + # Check keys for domain1.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' + "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l' assert_success assert_output 2 - # Check keys for otherdomain.tld + # Check keys for domain2.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' + "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain2.tld | wc -l' assert_success assert_output 2 - # Check keys for testdomain.tld + # Check keys for domain3.tld run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ - "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l' + "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain3.tld | wc -l' + assert_success + assert_output 2 + # Check keys for domain4.tld + run docker run --rm \ + -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ + "${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain4.tld | wc -l' assert_success assert_output 2 # Check presence of tables and TrustedHosts @@ -678,14 +715,14 @@ EOF run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c \ - "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l" + "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/KeyTable | wc -l" assert_success assert_output 4 # Check valid entries actually present in SigningTable run docker run --rm \ -v "${PRIVATE_CONFIG}/with-domain/opendkim":/etc/opendkim \ "${IMAGE_NAME:?}" /bin/sh -c \ - "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l" + "egrep 'domain1.tld|domain2.tld|domain3.tld|domain4.tld' /etc/opendkim/SigningTable | wc -l" assert_success assert_output 4 }