docker-smtp icon indicating copy to clipboard operation
docker-smtp copied to clipboard

Published 20 hours ago verified publisher icon namshi

add dkim support

Open domdorn opened this issue 8 years ago • 7 comments

awesome image. the only thing missing for me at the moment is DKIM support. I found this article, that describes on how to setup it. Do you have a suggestion what would be the best way to incorporate it into your image? Then I could try to do that during the weekend.

domdorn avatar Feb 23 '17 22:02 domdorn

It's already there

    volumes:
      - ./dkim/config:/etc/exim4/_docker_additional_macros:ro
      - ./dkim/domain.key:/etc/exim4/domain.key:ro

and:

$ cat ./dkim/config
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_KEY_FILE = /etc/exim4/domain.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_KEY_FILE}{DKIM_KEY_FILE}{0}}
DKIM_SELECTOR = mail
DKIM_CANON = simple

Then configure TXT records on DNS server and voila!

avoidik avatar Aug 15 '17 20:08 avoidik

~Hey avoidik, I generated a public/private keys and set up TXT records as described here, but don't understand what to do with your comment. Can you point me in the right direction? Thanks.~

Nevermind, I think I get it. ./dkim/domain.key is my private key, and DKIM_SELECTOR is my selector.

alexaisok avatar Mar 14 '18 01:03 alexaisok

Hi,

Add new file named dkim/config and tune volumes in your docker-compose file as shown above. This way new configuration will be appended to existing one through _docker_additional_macros

avoidik avatar Mar 14 '18 05:03 avoidik

If you're going to have multiple domains (as implied by DKIM_DOMAIN = ${lc:${domain:$h_from:}}) you probably want multiple keys and then DKIM_KEY_FILE = /etc/exim4/$dkim_domain.key to select the correct file (containing the key)

Personally I use DKIM_KEY_FILE = /etc/exim4/$dkim_selector.$dkim_domain.key with DKIM_SELECTOR being a date stamp eg 20200103 so I can rotate keys (you may need to put DKIM_SELECTOR above DKIM_KEY_FILE for it to fully work)

timothyclarke avatar Jan 03 '20 11:01 timothyclarke

It's already there

    volumes:
      - ./dkim/config:/etc/exim4/_docker_additional_macros:ro
      - ./dkim/domain.key:/etc/exim4/domain.key:ro

and:

$ cat ./dkim/config
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_KEY_FILE = /etc/exim4/domain.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_KEY_FILE}{DKIM_KEY_FILE}{0}}
DKIM_SELECTOR = mail
DKIM_CANON = simple

Then configure TXT records on DNS server and voila!

don't know how to thank you. I found nothing except this comment for solving my issue! Thanks a lot!

hanrok avatar Jan 18 '21 21:01 hanrok

This is great indeed, thank you! :)

One addition (maybe this will help someone): Make sure, that the domain.key (e.g ./dkim/domain.key) has at least 644 permissions because the file in docker volume is mounted as root:root, and the exim4 user can't access the file if the permissions are e.g. 600 (which actually would be a “best practice”).

Maybe there's a better solution to solve the permissions issue? Is it possible to change the owner of the file to Debian-exim in the docker-compose.yml file?

wiesys avatar Apr 18 '23 04:04 wiesys

@wiesys I've added a PR at https://github.com/ix-ai/smtp/pull/27 that fixes this issue in a https://github.com/ix-ai/smtp, a more active fork of this repo. I'd love a review.

yanokwa avatar Sep 16 '23 13:09 yanokwa