From 984537526a7838710ac169456b0482471b3a2dd7 Mon Sep 17 00:00:00 2001 From: Hannu Shemeikka Date: Sat, 12 Aug 2017 19:09:11 +0300 Subject: [PATCH] New command: generate-dkim-domain This command can be used for generating DKIM key for a domain, which is not included in any configuration files. For example, when using SQL database for transport maps. --- .gitignore | 1 + Makefile | 3 +- README.md | 6 ++++ target/bin/generate-dkim-domain | 39 +++++++++++++++++++++++ test/tests.bats | 55 +++++++++++++++++++++++++++++++++ 5 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 target/bin/generate-dkim-domain diff --git a/.gitignore b/.gitignore index 7f72b1bb..99c99dd0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ docker-compose.yml test/config/empty/ test/config/without-accounts/ test/config/without-virtual/ +test/config/with-domain/ test/config/postfix-accounts.cf test/config/letsencrypt/mail.my-domain.com/combined.pem test/onedir diff --git a/Makefile b/Makefile index 70e656bf..496e18d1 100644 --- a/Makefile +++ b/Makefile @@ -220,4 +220,5 @@ clean: -sudo rm -rf test/onedir \ test/config/empty \ test/config/without-accounts \ - test/config/without-virtual + test/config/without-virtual \ + test/config/with-domain diff --git a/README.md b/README.md index be25c308..0dc32005 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,12 @@ Don't forget to adapt MAIL_USER and MAIL_PASS to your needs -v "$(pwd)/config":/tmp/docker-mailserver \ -ti tvial/docker-mailserver:latest generate-dkim-config +This generates DKIM keys for domains in configuration files. You can also generate DKIM key for a domain by using command + + docker run --rm \ + -v "$(pwd)/config":/tmp/docker-mailserver \ + -ti tvial/docker-mailserver:latest generate-dkim-domain name_of_domain + Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. Note: you can also manage email accounts, DKIM keys and more with the [setup.sh convenience script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh). diff --git a/target/bin/generate-dkim-domain b/target/bin/generate-dkim-domain new file mode 100644 index 00000000..16ef6d5b --- /dev/null +++ b/target/bin/generate-dkim-domain @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +if [ $# -ne 1 ]; then + echo $0: "usage: generate-dkim-domain domain" + exit 1 +fi + +domainname=$1 + +mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname + +if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then + echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" + opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname +fi + +# Write to KeyTable if necessary +keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" +if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then + echo "Creating DKIM KeyTable" + echo $keytableentry > /tmp/docker-mailserver/opendkim/KeyTable +else + if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then + echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable + fi +fi + +# Write to SigningTable if necessary +signingtableentry="*@$domainname mail._domainkey.$domainname" +if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then + echo "Creating DKIM SigningTable" + echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable +else + if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then + echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable + fi +fi \ No newline at end of file diff --git a/test/tests.bats b/test/tests.bats index 0ea4dafc..b729fbf9 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -574,6 +574,61 @@ load 'test_helper/bats-assert/load' assert_output 4 } +@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" { + rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain" + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \ + -v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \ + -v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l' + assert_success + assert_output 6 + # Generate key using domain name + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l' + assert_success + assert_output 1 + # Check keys for localhost.localdomain + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l' + assert_success + assert_output 2 + # Check keys for otherdomain.tld + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l' + assert_success + assert_output 2 + # Check keys for testdomain.tld + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l' + assert_success + assert_output 2 + # Check presence of tables and TrustedHosts + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l" + assert_success + assert_output 4 + # Check valid entries actually present in KeyTable + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \ + "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l" + assert_success + assert_output 4 + # Check valid entries actually present in SigningTable + run docker run --rm \ + -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \ + `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \ + "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l" + assert_success + assert_output 4 +} + # # ssl #