46 lines
1.3 KiB
Bash
46 lines
1.3 KiB
Bash
|
# Install OpenDKIM.
|
||
|
|
#
|
||
|
|
# After this, you'll still need to run dns_update to get the DKIM
|
||
|
|
# signature in the DNS zones.
|
||
|
|
|
||
|
|
apt-get install -q -y opendkim opendkim-tools
|
||
|
|
|
||
|
|
mkdir -p /etc/opendkim;
|
||
|
|
mkdir -p $STORAGE_ROOT/mail/dkim
|
||
|
|
|
||
|
|
echo "127.0.0.1" > /etc/opendkim/TrustedHosts
|
||
|
|
|
||
|
|
if grep -q "ExternalIgnoreList" /etc/opendkim.conf; then
|
||
|
|
true; # already done
|
||
|
|
else
|
||
|
|
cat >> /etc/opendkim.conf << EOF;
|
||
|
|
MinimumKeyBits 1024
|
||
|
|
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
||
|
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||
|
|
KeyTable refile:/etc/opendkim/KeyTable
|
||
|
|
SigningTable refile:/etc/opendkim/SigningTable
|
||
|
|
Socket inet:8891@localhost
|
||
|
|
RequireSafeKeys false
|
||
|
|
EOF
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Create a new DKIM key if we don't have one already.
|
||
|
|
if [ ! -z "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
|
||
|
|
# Should we specify -h rsa-sha256?
|
||
|
|
opendkim-genkey -r -s mail -D $STORAGE_ROOT/mail/dkim
|
||
|
|
fi
|
||
|
|
|
||
|
|
chown -R opendkim:opendkim $STORAGE_ROOT/mail/dkim
|
||
|
|
chmod go-rwx $STORAGE_ROOT/mail/dkim
|
||
|
|
|
||
|
|
# add OpenDKIM as a milter to postfix. Be careful. If we add other milters
|
||
|
|
# later, it needs to be concatenated on the smtpd_milters line.
|
||
|
|
tools/editconf.py /etc/postfix/main.cf \
|
||
|
|
smtpd_milters=inet:127.0.0.1:8891 \
|
||
|
|
non_smtpd_milters=\$smtpd_milters \
|
||
|
|
milter_default_action=accept
|
||
|
|
|
||
|
|
service opendkim restart
|
||
|
|
service postfix restart
|
||
|
|
|