crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ajout d'OpenDKIM aux trois MX publics

Browse source
This commit is contained in:
Pierre-Elliott Bécue 2015-10-01 21:56:08 +02:00
parent 75433020b7
commit 116e36c232
12 changed files with 120 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Bundler/dkim.xml Normal file
View file

@ -0,0 +1,13 @@
<Bundle name="dkim" version="2.0">
<Package name="opendkim"/>
<Service name="opendkim"/>
<Path name="/etc/opendkim/opendkim.conf"/>
<Path name="/etc/opendkim/KeyTable"/>
<Path name="/etc/opendkim/SigningTable"/>
<Path name="/etc/opendkim/TrustedHosts"/>
<Path type="directory" name="/etc/opendkim/"/>
<Path type="directory" name="/etc/opendkim/keys"/>
</Bundle>

3
Cfg/etc/opendkim.conf/info.xml Normal file
View file

@ -0,0 +1,3 @@
<FileInfo>
<Info owner='opendkim' group='opendkim' mode='0644'/>
</FileInfo>

51
Cfg/etc/opendkim.conf/opendkim.conf Normal file
View file

@ -0,0 +1,51 @@
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
AutoRestart Yes
AutoRestartRate 10/1h
# Log to syslog
Syslog yes
SyslogSuccess Yes
LogWhy Yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/mail/dkim.key
#Selector 2007
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
#SubDomains no
#ADSPDiscard no
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)
#ATPSDomains example.com
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost

1
Cfg/etc/opendkim/KeyTable/KeyTable Normal file
View file

@ -0,0 +1 @@
mail._domainkey.crans.org crans.org:mail:/etc/opendkim/keys/crans.org/mail.private

3
Cfg/etc/opendkim/KeyTable/info.xml Normal file
View file

@ -0,0 +1,3 @@
<FileInfo>
<Info owner='opendkim' group='opendkim' mode='0644'/>
</FileInfo>

2
Cfg/etc/opendkim/SigningTable/SigningTable Normal file
View file

@ -0,0 +1,2 @@
*@crans.org mail._domainkey.crans.org
*@crans.eu mail._domainkey.crans.org

3
Cfg/etc/opendkim/SigningTable/info.xml Normal file
View file

@ -0,0 +1,3 @@
<FileInfo>
<Info owner='opendkim' group='opendkim' mode='0644'/>
</FileInfo>

11
Cfg/etc/opendkim/TrustedHosts/TrustedHosts Normal file
View file

@ -0,0 +1,11 @@
127.0.0.1
localhost
138.231.136.0/21
138.231.144.0/21
10.231.136.0/24
10.2.9.0/24
*.crans.org
*.crans.fr
*.crans.eu

3
Cfg/etc/opendkim/TrustedHosts/info.xml Normal file
View file

@ -0,0 +1,3 @@
<FileInfo>
<Info owner='opendkim' group='opendkim' mode='0644'/>
</FileInfo>

5
Metadata/groups.xml
View file

@ -1131,6 +1131,11 @@
<Group name="mail-mx-public"> <Group name="mail-mx-public">
<!-- serveur MX publique (principal ou secondaire mais pas interne) --> <!-- serveur MX publique (principal ou secondaire mais pas interne) -->
<Group name="greylisting"/> <Group name="greylisting"/>
<Group name="dkim"/>
</Group>
<Group name="dkim">
<Bundle name="dkim"/>
</Group> </Group>
<!-- *** Base de donnee *** --> <!-- *** Base de donnee *** -->

9
Python/etc/postfix/main.cf
View file

@ -275,6 +275,15 @@ if mx:
@slow_destination_recipient_limit = 20 @slow_destination_recipient_limit = 20
@slow_destination_concurrency_limit = 2 @slow_destination_concurrency_limit = 2
if has("dkim"):
@
@# Filtrage mail
@milter_protocol = 2
@milter_default_action = accept
@smtpd_milters = inet:localhost:12301
@non_smtpd_milters = inet:localhost:12301
@
if not secondary: if not secondary:
@# +----------------------+ @# +----------------------+
@# | Connexion de secours | @# | Connexion de secours |

16
Rules/dkim.xml Normal file
View file

@ -0,0 +1,16 @@
<!-- Règles concernant postfix //-->
<Rules priority="1">
<Service type="deb" name="opendkim" status="on"/>
<Path name="/etc/opendkim/opendkim.conf"/>
<Path name="/etc/opendkim/KeyTable"/>
<Path name="/etc/opendkim/SigningTable"/>
<Path name="/etc/opendkim/TrustedHosts"/>
<Path type="directory" name="/etc/opendkim/" owner="dkim" group="dkim" mode="0775"/>
<Path type="directory" name="/etc/opendkim/keys" owner="dkim" group="dkim" mode="0750"/>
<Action name="dkim-echo" timing="post"
when="modified" status="check"
command="bash -c 'echo Vous devez mettre en place la clef publique et la clef privée pour opendkim. Pensez à les chmod/chown correctement, et n'oubliez pas de vérifier que tout est bon côté DNS. Appuyez sur entree quand vous avez fini. && read'"/>
</Rules>