From 9111a92b1833da350193e08537eac3127722aaee Mon Sep 17 00:00:00 2001 From: Kai Ren Date: Tue, 25 Oct 2016 09:57:08 +0300 Subject: [PATCH] improve OpenDKIM and OpenDMARC milters integration (#361) --- Dockerfile | 1 + target/opendkim/default-opendkim | 2 +- target/opendkim/opendkim.conf | 4 ++-- target/opendmarc/default-opendmarc | 3 ++- target/opendmarc/ignore.hosts | 1 + target/opendmarc/opendmarc.conf | 18 +++++++++++------- target/postfix/main.cf | 8 +++++--- target/postfix/master.cf | 2 +- target/start-mailserver.sh | 13 ------------- test/tests.bats | 16 ---------------- 10 files changed, 24 insertions(+), 44 deletions(-) create mode 100644 target/opendmarc/ignore.hosts diff --git a/Dockerfile b/Dockerfile index 231f03ea..267c86d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -83,6 +83,7 @@ COPY target/opendkim/default-opendkim /etc/default/opendkim # Configure DMARC (opendmarc) COPY target/opendmarc/opendmarc.conf /etc/opendmarc.conf COPY target/opendmarc/default-opendmarc /etc/default/opendmarc +COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts # Configure fetchmail COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general diff --git a/target/opendkim/default-opendkim b/target/opendkim/default-opendkim index 20ead7e4..c7c9b85a 100644 --- a/target/opendkim/default-opendkim +++ b/target/opendkim/default-opendkim @@ -9,4 +9,4 @@ #SOCKET="inet:12345@localhost" # listen on loopback on port 12345 #SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 -SOCKET="inet:12301@localhost" \ No newline at end of file +SOCKET="inet:8891@localhost" diff --git a/target/opendkim/opendkim.conf b/target/opendkim/opendkim.conf index f8c1b6c3..b7190f96 100644 --- a/target/opendkim/opendkim.conf +++ b/target/opendkim/opendkim.conf @@ -4,7 +4,7 @@ UMask 002 Syslog yes SyslogSuccess Yes LogWhy Yes -RemoveOldSignatures Yes +RemoveOldSignatures Yes Canonicalization relaxed/simple @@ -19,4 +19,4 @@ SignatureAlgorithm rsa-sha256 UserID opendkim:opendkim -Socket inet:12301@localhost +Socket inet:8891@localhost diff --git a/target/opendmarc/default-opendmarc b/target/opendmarc/default-opendmarc index 896f5839..b21994ec 100644 --- a/target/opendmarc/default-opendmarc +++ b/target/opendmarc/default-opendmarc @@ -8,4 +8,5 @@ #SOCKET="inet:54321" # listen on all interfaces on port 54321 #SOCKET="inet:12345@localhost" # listen on loopback on port 12345 #SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 -SOCKET="inet:54321@localhost" \ No newline at end of file + +SOCKET="inet:8893@localhost" diff --git a/target/opendmarc/ignore.hosts b/target/opendmarc/ignore.hosts new file mode 100644 index 00000000..2fbb50c4 --- /dev/null +++ b/target/opendmarc/ignore.hosts @@ -0,0 +1 @@ +localhost diff --git a/target/opendmarc/opendmarc.conf b/target/opendmarc/opendmarc.conf index 8ff5ad16..28177eaf 100644 --- a/target/opendmarc/opendmarc.conf +++ b/target/opendmarc/opendmarc.conf @@ -1,8 +1,12 @@ +UserID opendmarc:opendmarc +UMask 0002 +PidFile /var/run/opendmarc.pid +Syslog true -PidFile /var/run/opendmarc.pid -RejectFailures false -Syslog true -UMask 0002 -UserID opendmarc:opendmarc -IgnoreHosts /etc/opendmarc/ignore.hosts -HistoryFile /var/run/opendmarc/opendmarc.dat +RejectFailures false + +IgnoreHosts /etc/opendmarc/ignore.hosts +HistoryFile /var/run/opendmarc/opendmarc.dat + +AuthservID HOSTNAME +TrustedAuthservIDs HOSTNAME diff --git a/target/postfix/main.cf b/target/postfix/main.cf index e76ec01d..ff32f2d2 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -67,7 +67,9 @@ virtual_alias_maps = hash:/etc/postfix/virtual content_filter = smtp-amavis:[127.0.0.1]:10024 # Milters used by DKIM -milter_protocol = 2 +milter_protocol = 6 milter_default_action = accept -smtpd_milters = inet:localhost:12301,inet:localhost:54321 -non_smtpd_milters = inet:localhost:12301,inet:localhost:54321 +dkim_milter = inet:localhost:8891 +dmarc_milter = inet:localhost:8893 +smtpd_milters = $dkim_milter,$dmarc_milter +non_smtpd_milters = $dkim_milter diff --git a/target/postfix/master.cf b/target/postfix/master.cf index dc54f964..f043ec48 100644 --- a/target/postfix/master.cf +++ b/target/postfix/master.cf @@ -93,5 +93,5 @@ smtp-amavis unix - - - - 2 smtp -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o smtp_tls_security_level=none diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 968ad9af..adf47451 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -109,19 +109,6 @@ else echo "No DKIM key provided. Check the documentation to find how to get your keys." fi -# DMARC -# if there is no AuthservID create it -if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then - echo "AuthservID $(hostname)" >> /etc/opendmarc.conf -fi -if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then - echo "TrustedAuthservIDs $(hostname)" >> /etc/opendmarc.conf -fi -if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then - mkdir -p /etc/opendmarc/ - echo "localhost" >> /etc/opendmarc/ignore.hosts -fi - # SSL Configuration case $SSL_TYPE in "letsencrypt" ) diff --git a/test/tests.bats b/test/tests.bats index 875fbf03..6439a27b 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -379,22 +379,6 @@ [ "$output" -eq 4 ] } -# -# opendmarc -# - -@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as AuthservID" { - run docker exec mail grep ^AuthservID /etc/opendmarc.conf - [ "$status" -eq 0 ] - [ "$output" = "AuthservID mail.my-domain.com" ] -} - -@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as TrustedAuthservIDs" { - run docker exec mail grep ^TrustedAuthservID /etc/opendmarc.conf - [ "$status" -eq 0 ] - [ "$output" = "TrustedAuthservIDs mail.my-domain.com" ] -} - # # ssl #