From 12b93b0cd2464a6753138673d63b5a99531f37a6 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Fri, 10 Dec 2021 16:04:48 +0100
Subject: [PATCH] Add multi domain dkim

---
 docker-compose.yml                        |  2 +
 docker/postfix/Dockerfile                 |  2 +-
 docker/postfix/etc/postfix/main.cf.append |  2 +-
 docker/postfix/etc/service/opendkim/run   | 47 +++++++++++++++++------
 docker/sympa/entrypoint.sh                |  9 ++---
 5 files changed, 42 insertions(+), 20 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4e08463..4032968 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,6 +3,7 @@ version: "3"
 services:
   sympa:
     build: ./docker/sympa
+    hostname: sympa
     restart: always
     volumes:
       - "./sympa/sympa:/etc/sympa"
@@ -32,6 +33,7 @@ services:
 
   postfix:
     build: ./docker/postfix
+    hostname: postfix
     volumes:
       - "./sympa/sympa/shared:/etc/sympa/shared"
       - "./postfix/rsyslog:/etc/rsyslog.d1/"
diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
index f372d1a..91ed027 100644
--- a/docker/postfix/Dockerfile
+++ b/docker/postfix/Dockerfile
@@ -4,7 +4,7 @@ FROM tozd/postfix:ubuntu-focal
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser openssh-client opendkim opendkim-tools --yes --force-yes && \
+ apt-get install adduser dnsutils openssh-client opendkim opendkim-tools --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index de9ce85..792b7c4 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -23,6 +23,6 @@ sympabouncedomain_destination_recipient_limit = 1
 
 # DKIM
 milter_default_action = accept
-milter_protocol = 2
+milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
diff --git a/docker/postfix/etc/service/opendkim/run b/docker/postfix/etc/service/opendkim/run
index e4f580d..5a793b9 100755
--- a/docker/postfix/etc/service/opendkim/run
+++ b/docker/postfix/etc/service/opendkim/run
@@ -1,14 +1,37 @@
 #!/bin/bash
 sed -i.bak \
-	-e 's/^#Domain.*/Domain */' \
-	-e 's/^#Selector.*/Selector mail/' \
-	-e 's@^#KeyFile.*@KeyFile /etc/dkimkeys/dkim.key@' \
-	-e 's/^\(Socket.*local.*$\)/#\1/' \
-	-e 's/^#\(Socket.*inet\)/\1/' \
-	/etc/opendkim.conf
-if [ ! -f "/etc/dkimkeys/dkim.key" ]; then
-	cd /etc/dkimkeys/
-	opendkim-genkey -s mail mail -d $MAILNAME
-	mv mail.private dkim.key
-fi
-exec /usr/sbin/opendkim -x /etc/opendkim.conf
+    -e 's/^\(Socket.*local.*$\)/#\1/' \
+    -e 's/^#\(Socket.*inet\)/\1/' \
+    /etc/opendkim.conf
+
+cat >> /etc/opendkim.conf <<EOF
+KeyTable                /etc/opendkim/KeyTable
+SigningTable            /etc/opendkim/SigningTable
+ExternalIgnoreList      /etc/opendkim/TrustedHosts
+InternalHosts           /etc/opendkim/TrustedHosts
+SenderHeaders             Sender,From,Return-Path
+Syslog yes
+SyslogSuccess Yes
+LogWhy Yes
+EOF
+mkdir -p /etc/opendkim
+
+# Add docker trusted hosts
+echo "sympa" >> /etc/opendkim/TrustedHosts
+# Give some time to sympa to be up and running
+sleep 10
+dig +short sympa >> /etc/opendkim/TrustedHosts
+
+for domain in $MAILNAME $POSTFIX_VIRTUAL_DOMAINS; do
+	keydir="/etc/dkimkeys/$domain"
+	mkdir -p $keydir
+	cd $keydir
+    if [ ! -f 'mail.private' ]; then
+	    opendkim-genkey -s mail -d $domain
+	    chown opendkim:opendkim mail.private
+    fi
+	echo "mail._domainkey.$domain $domain:mail:$keydir/mail.private" >> /etc/opendkim/KeyTable
+	echo "$domain mail._domainkey.$domain" >> /etc/opendkim/SigningTable
+	echo "$domain" >> /etc/opendkim/TrustedHosts
+done
+exec /usr/sbin/opendkim -f -x /etc/opendkim.conf
diff --git a/docker/sympa/entrypoint.sh b/docker/sympa/entrypoint.sh
index 421cc52..36a17b6 100755
--- a/docker/sympa/entrypoint.sh
+++ b/docker/sympa/entrypoint.sh
@@ -74,16 +74,13 @@ fi
 chown mail:root /var/spool/nullmailer/trigger
 chmod 0622 /var/spool/nullmailer/trigger
 
-if [ -n "$ADMINADDR" ]; then
-  echo "$ADMINADDR" > /etc/nullmailer/adminaddr
-fi
-
 if [ -n "$REMOTES" ]; then
   echo "$REMOTES" > /etc/nullmailer/remotes
 fi
 
-if [ -n "$HOSTNAME" ]; then
-  echo "$HOSTNAME" > /etc/mailname
+if [ -n "$SYMPA_DOMAIN" ]; then
+  echo "$SYMPA_DOMAIN" > /etc/mailname
+  echo "$SYMPA_DOMAIN" > /etc/nullmailer/defaultdomain
 fi
 
 mkdir -p /var/log/supervisor/
-- 
GitLab