From 5cabfd591b64db9422dcf8cbfd60b55818bfffbd Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 23 Feb 2016 09:52:10 -0500 Subject: [PATCH] (re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly This was originally fixed in 143bbf37f425c27632caced8998a3fdbf57a606d (February 16, 2015). Then I broke it in 7a93d219ef598d018676237c0eed7663123c4c07 (November 2015) while doing some refactoring ahead of v0.15. --- CHANGELOG.md | 1 + management/dns_update.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2cc3900..4b3f3f3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Mail: * Roundcube updated to version 1.1.4. * When there's a problem delivering an outgoing message, a new 'warning' bounce will come after 3 hours and the box will stop trying after 2 days (instead of 5). * On multi-homed machines, Postfix now binds to the right network interface when sending outbound mail so that SPF checks on the receiving end will pass. +* Mail sent from addresses on subdomains of other domains hosted by this box would not be DKIM-signed and so would fail DMARC checks by recipients, since version v0.15. Control panel: diff --git a/management/dns_update.py b/management/dns_update.py index d3ef2cbc..6f4de318 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -91,7 +91,7 @@ def do_dns_update(env, force=False): shell('check_call', ["/usr/sbin/service", "nsd", "restart"]) # Write the OpenDKIM configuration tables for all of the domains. - if write_opendkim_tables([domain for domain, zonefile in zonefiles], env): + if write_opendkim_tables(get_mail_domains(env), env): # Settings changed. Kick opendkim. shell('check_call', ["/usr/sbin/service", "opendkim", "restart"]) if len(updated_domains) == 0: