iredmail-docker
iredmail-docker copied to clipboard
lejmr
DKIM management needs to be improved
Usecase: A new domain is added, so a pem and config portions need to be added so that this change is persistent even between restarts.
At the moment, only the default domain can have DKIM
When you modify /etc/amavis/conf.d/50-user and change:
# Add dkim_key here.
dkim_key('DOMAIN', 'dkim', '/var/lib/dkim/DOMAIN.pem');
@dkim_signature_options_bysender_maps = ({
# 'd' defaults to a domain of an author/sender address,
# 's' defaults to whatever selector is offered by a matching key
# Per-domain dkim key
#"domain.com" => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
# catch-all (one dkim key for all domains)
'.' => {d => 'DOMAIN',
a => 'rsa-sha256',
c => 'relaxed/simple',
ttl => 30*24*3600 },
});
to
# Add dkim_key here.
dkim_key('*', 'dkim', '/var/lib/dkim/DOMAIN.pem');
@dkim_signature_options_bysender_maps = ({
# 'd' defaults to a domain of an author/sender address,
# 's' defaults to whatever selector is offered by a matching key
# Per-domain dkim key
#"domain.com" => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
# catch-all (one dkim key for all domains)
'.' => {a => 'rsa-sha256',
c => 'relaxed/simple',
ttl => 30*24*3600 },
});
you can use one DKIM-Key for all domains.
However, there's a warning: dkim: wildcard in signing domain (key#1, *), may produce unverifiable signatures with no published public key, avoid!
Hello,
Is it possible to mount /etc/amavisd to host machine to save settings for different DKIM domain?
I checked this way
-v /srv/etc/amavisd:/etc/amavisd \
but docker rewrite empty folder on host machine and an error in container appears.
In general I can use
one DKIM-Key for all domains.
But even in this case when I recreate container, amavisd recreate DKIM RSA, so I need change it in all my domains. I think /var/lib/dkim/ and /etc/amavisd should be persistent.
