Merge 6e2c6534b6 into e931e103fe

2025-09-14 11:10:53 +00:00 · 2024-01-10 10:20:37 -08:00 · 2024-01-10 10:20:37 -08:00 · 69a8e60da2
commit 69a8e60da2
parent e931e103fe 6e2c6534b6
3 changed files with 39 additions and 39 deletions
--- a/management/dns_update.py
+++ b/management/dns_update.py
@ -297,7 +297,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 		# Append the DKIM TXT record to the zone as generated by OpenDKIM.
 		# Skip if the user has set a DKIM record already.
-		opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt')
+		opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/' + env['DKIM_SELECTOR'] + '.txt')
 		with open(opendkim_record_file) as orf:
 			m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
 			val = "".join(re.findall(r'"([^"]+)"', m.group(2)))
@ -764,7 +764,7 @@ def write_opendkim_tables(domains, env):
 	# Append a record to OpenDKIM's KeyTable and SigningTable for each domain
 	# that we send mail from (zones and all subdomains).
-	opendkim_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.private')
+	opendkim_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/' + env['DKIM_SELECTOR'] + '.private')
 	if not os.path.exists(opendkim_key_file):
 		# Looks like OpenDKIM is not installed.
@ -789,7 +789,7 @@ def write_opendkim_tables(domains, env):
 		# signing domain must match the sender's From: domain.
 		"KeyTable":
 			"".join(
-				"{domain} {domain}:mail:{key_file}\n".format(domain=domain, key_file=opendkim_key_file)
+				"{domain} {domain}:{selector}:{key_file}\n".format(domain=domain, selector=env['DKIM_SELECTOR'], key_file=opendkim_key_file)
 				for domain in domains
 			),
 	}
--- a/setup/dkim.sh
+++ b/setup/dkim.sh
@ -14,7 +14,7 @@ echo Installing OpenDKIM/OpenDMARC...
 apt_install opendkim opendkim-tools opendmarc
 # Make sure configuration directories exist.
-mkdir -p /etc/opendkim;
+mkdir -p /etc/opendkim
 mkdir -p $STORAGE_ROOT/mail/dkim
 # Used in InternalHosts and ExternalIgnoreList configuration directives.
@ -30,7 +30,7 @@ if grep -q "ExternalIgnoreList" /etc/opendkim.conf; then
 	true # already done #NODOC
 else
 	# Add various configuration options to the end of `opendkim.conf`.
-	cat >> /etc/opendkim.conf << EOF;
+	cat >>/etc/opendkim.conf <<EOF
 Canonicalization		relaxed/simple
 MinimumKeyBits          1024
 ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
@ -52,8 +52,8 @@ fi
 # A 1024-bit key is seen as a minimum standard by several providers
 # such as Google. But they and others use a 2048 bit key, so we'll
 # do the same. Keys beyond 2048 bits may exceed DNS record limits.
-if [ ! -f "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
+if [ ! -f "$STORAGE_ROOT/mail/dkim/$DKIM_SELECTOR.private" ]; then
-	opendkim-genkey -b 2048 -r -s mail -D $STORAGE_ROOT/mail/dkim
+	opendkim-genkey -b 2048 -r -s $DKIM_SELECTOR -D $STORAGE_ROOT/mail/dkim
 fi
 # Ensure files are owned by the opendkim user and are private otherwise.
@ -121,4 +121,3 @@ hide_output systemctl enable opendmarc
 restart_service opendkim
 restart_service opendmarc
 restart_service postfix
--- a/setup/start.sh
+++ b/setup/start.sh
@ -44,7 +44,7 @@ fi
 # Put a start script in a global location. We tell the user to run 'mailinabox'
 # in the first dialog prompt, so we should do this before that starts.
-cat > /usr/local/bin/mailinabox << EOF;
+cat >/usr/local/bin/mailinabox <<EOF
 #!/bin/bash
 cd $(pwd)
 source setup/start.sh
@ -82,7 +82,10 @@ if [ ! -d $STORAGE_ROOT ]; then
 	mkdir -p $STORAGE_ROOT
 fi
 f=$STORAGE_ROOT
-while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
+while [[ $f != / ]]; do
 	chmod a+rx "$f"
 	f=$(dirname "$f")
 done
 if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
 	setup/migrate.py --current >$STORAGE_ROOT/mailinabox.version
 	chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version
@ -92,7 +95,7 @@ fi
 # tools know where to look for data. The default MTA_STS_MODE setting
 # is blank unless set by an environment variable, but see web.sh for
 # how that is interpreted.
-cat > /etc/mailinabox.conf << EOF;
+cat >/etc/mailinabox.conf <<EOF
 STORAGE_USER=$STORAGE_USER
 STORAGE_ROOT=$STORAGE_ROOT
 PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME
@ -101,6 +104,7 @@ PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
 MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
 DKIM_SELECTOR=${DEFAULT_DKIM_SELECTOR:-mail}
 EOF
 # Start service configuration.
@ -120,8 +124,7 @@ source setup/management.sh
 source setup/munin.sh
 # Wait for the management daemon to start...
-until nc -z -w 4 127.0.0.1 10222
+until nc -z -w 4 127.0.0.1 10222; do
 do
 	echo Waiting for the Mail-in-a-Box management daemon to start...
 	sleep 2
 done
@ -166,16 +169,14 @@ if management/status_checks.py --check-primary-hostname; then
 	echo
 	echo "If you have a DNS problem put the box's IP address in the URL"
 	echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
-	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
+	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256 | sed "s/SHA256 Fingerprint=//i"
        	| sed "s/SHA256 Fingerprint=//i"
 else
 	echo https://$PUBLIC_IP/admin
 	echo
 	echo You will be alerted that the website has an invalid certificate. Check that
 	echo the certificate fingerprint matches:
 	echo
-	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
+	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256 | sed "s/SHA256 Fingerprint=//i"
        	| sed "s/SHA256 Fingerprint=//i"
 	echo
 	echo Then you can confirm the security exception and continue.
 	echo