feat/enable custom dkim selector (#1811)
* let dkim generator accept selector as parameter * test dkim-generator with selector parameter * fix: correct name of domain argument in usage * fix: adapt command to new syntax * tests: use different quotes * tests: use different quotes * tests: remove domains that were never added * style: change test name * refactor: dkim setup * style: remove trailing whitespace * tests: remove test of removed dummy file Co-authored-by: Frederic Werner <20406381+wernerfred@users.noreply.github.com>
This commit is contained in:
Astro
GitHub
parent
9efa94ce6f
commit
a7ecb0ea8b
|
|
@ -25,7 +25,7 @@ function __usage
|
|||
\e[94mConfiguration adjustments\e[39m
|
||||
keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
|
||||
selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
|
||||
domains Provide the domains for which keys are to be generated.
|
||||
domain Provide the domain(s) for which keys are to be generated.
|
||||
|
||||
\e[38;5;214mEXAMPLES\e[39m
|
||||
\e[37m./setup.sh config dkim size 2048\e[39m
|
||||
|
|
@ -147,20 +147,20 @@ while read -r DOMAINNAME
|
|||
do
|
||||
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
|
||||
|
||||
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]]
|
||||
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" ]]
|
||||
then
|
||||
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private"
|
||||
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
|
||||
|
||||
opendkim-genkey \
|
||||
--bits="${KEYSIZE}" \
|
||||
--subdomains \
|
||||
--DOMAIN="${DOMAINNAME}" \
|
||||
--selector=mail \
|
||||
--selector="${SELECTOR}" \
|
||||
-D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
|
||||
fi
|
||||
|
||||
# write to KeyTable if necessary
|
||||
KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private"
|
||||
KEYTABLEENTRY="${SELECTOR}._domainkey.${DOMAINNAME} ${DOMAINNAME}:${SELECTOR}:/etc/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
|
||||
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
|
||||
then
|
||||
echo "Creating DKIM KeyTable"
|
||||
|
|
@ -173,11 +173,11 @@ do
|
|||
fi
|
||||
|
||||
# write to SigningTable if necessary
|
||||
SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}"
|
||||
SIGNINGTABLEENTRY="*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}"
|
||||
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
|
||||
then
|
||||
echo "Creating DKIM SigningTable"
|
||||
echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
|
||||
echo "*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
|
||||
else
|
||||
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
|
||||
then
|
||||
|
|
|
|||
|
|
@ -1106,9 +1106,9 @@ function _setup_dkim
|
|||
{
|
||||
_notify 'task' 'Setting up DKIM'
|
||||
|
||||
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
|
||||
mkdir -p /etc/opendkim
|
||||
|
||||
# Check if keys are already available
|
||||
# Check if any keys are available
|
||||
if [[ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]]
|
||||
then
|
||||
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
||||
|
|
@ -1117,12 +1117,9 @@ function _setup_dkim
|
|||
_notify 'inf' "Changing permissions on /etc/opendkim"
|
||||
|
||||
chown -R opendkim:opendkim /etc/opendkim/
|
||||
chmod -R 0700 /etc/opendkim/keys/ # make sure permissions are right
|
||||
chmod -R 0700 /etc/opendkim/keys/
|
||||
else
|
||||
_notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
|
||||
|
||||
local KEYTABLE_FILE="/etc/opendkim/KeyTable"
|
||||
[[ ! -f ${KEYTABLE_FILE} ]] && touch "${KEYTABLE_FILE}"
|
||||
_notify 'warn' "No DKIM key provided. Check the documentation on how to get your keys."
|
||||
fi
|
||||
|
||||
# setup nameservers paramater from /etc/resolv.conf if not defined
|
||||
|
|
|
|||
|
|
@ -45,25 +45,6 @@ function teardown_file
|
|||
# ––– Actual Tests ––––––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
|
||||
@test "${TEST_FILE}/etc/opendkim/KeyTable dummy file generated without keys provided" {
|
||||
docker run --rm -d \
|
||||
--name mail_smtponly_without_config \
|
||||
-e SMTP_ONLY=1 \
|
||||
-e ENABLE_LDAP=1 \
|
||||
-e PERMIT_DOCKER=network \
|
||||
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
|
||||
-t "${IMAGE_NAME}"
|
||||
|
||||
function teardown
|
||||
{
|
||||
docker rm -f mail_smtponly_without_config
|
||||
}
|
||||
|
||||
run repeat_in_container_until_success_or_timeout 15 \
|
||||
mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "${TEST_FILE}/etc/opendkim/KeyTable should contain 2 entries" {
|
||||
run docker exec "${CONTAINER_NAME}" /bin/bash -c "cat /etc/opendkim/KeyTable | wc -l"
|
||||
assert_success
|
||||
|
|
@ -378,3 +359,53 @@ function teardown_file
|
|||
assert_success
|
||||
assert_output 4
|
||||
}
|
||||
|
||||
@test "${TEST_FILE}generator creates keys, tables and TrustedHosts using manual provided selector name" {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG="$(duplicate_config_for_container . "${BATS_TEST_NAME}")"
|
||||
rm -rf "${PRIVATE_CONFIG}/with-selector" && mkdir -p "${PRIVATE_CONFIG}/with-selector"
|
||||
|
||||
# Generate first key
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/":/tmp/docker-mailserver/ \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c "open-dkim keysize 2048 domain 'domain1.tld' selector mailer| wc -l"
|
||||
assert_success
|
||||
assert_output 4
|
||||
|
||||
# Check keys for domain1.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c 'ls -1 /etc/opendkim/keys/domain1.tld/ | wc -l'
|
||||
assert_success
|
||||
assert_output 2
|
||||
|
||||
# Check key names with selector for domain1.tld
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim/keys/domain1.tld | grep -E 'mailer.private|mailer.txt' | wc -l"
|
||||
assert_success
|
||||
assert_output 2
|
||||
|
||||
# Check presence of tables and TrustedHosts
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
|
||||
assert_success
|
||||
assert_output 4
|
||||
|
||||
# Check valid entries actually present in KeyTable
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c \
|
||||
"grep 'domain1.tld' /etc/opendkim/KeyTable | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
|
||||
# Check valid entries actually present in SigningTable
|
||||
run docker run --rm \
|
||||
-v "${PRIVATE_CONFIG}/with-selector/opendkim":/etc/opendkim \
|
||||
"${IMAGE_NAME:?}" /bin/sh -c \
|
||||
"grep 'domain1.tld' /etc/opendkim/SigningTable | wc -l"
|
||||
assert_success
|
||||
assert_output 1
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue