update

web/Modules/Email/App/Console/SetupEmailServer.php

@@ -80,6 +80,9 @@ class SetupEmailServer extends Command
         $postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf');
         file_put_contents('/etc/postfix/master.cf', $postfixMasterCf);
 
+        $openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', $mysqlDbDetails);
+        file_put_contents('/etc/opendkim.conf', $openDkimConf);
+
         shell_exec('systemctl restart dovecot');
         shell_exec('systemctl restart postfix');
         shell_exec('systemctl restart opendkim');

web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkim_table.php

@@ -11,7 +11,7 @@ return new class extends Migration
      */
     public function up(): void
     {
-        Schema::create('domain_dkims', function (Blueprint $table) {
+        Schema::create('domain_dkim', function (Blueprint $table) {
             $table->id();
 
             $table->string('domain_name');
@@ -29,6 +29,6 @@ return new class extends Migration
      */
     public function down(): void
     {
-        Schema::dropIfExists('domain_dkims');
+        Schema::dropIfExists('domain_dkim');
     }
 };

web/Modules/Email/resources/views/server/opendkim/opendkim.conf

@@ -0,0 +1,57 @@
+# This is a basic configuration for signing and verifying. It can easily be
+# adapted to suit a basic installation. See opendkim.conf(5) and
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
+# documentation of available configuration parameters.
+
+Syslog			yes
+SyslogSuccess		yes
+#LogWhy			no
+
+# Common signing and verification parameters. In Debian, the "From" header is
+# oversigned, because it is often the identity key used by reputation systems
+# and thus somewhat security sensitive.
+Canonicalization	relaxed/simple
+#Mode			sv
+#SubDomains		no
+OversignHeaders		From
+
+# Signing domain, selector, and key (required). For example, perform signing
+# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
+# using the private key stored in /etc/dkimkeys/example.private. More granular
+# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
+#Domain			example.com
+#Selector		2020
+#KeyFile		/etc/dkimkeys/example.private
+
+# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
+# using a local socket with MTAs that access the socket as a non-privileged
+# user (for example, Postfix). You may need to add user "postfix" to group
+# "opendkim" in that case.
+UserID			opendkim
+UMask			007
+
+# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
+# it must be ensured that the socket is accessible. In Debian, Postfix runs in
+# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
+# configured as shown on the last line below.
+Socket			local:/run/opendkim/opendkim.sock
+#Socket			inet:8891@localhost
+#Socket			inet:8891
+#Socket			local:/var/spool/postfix/opendkim/opendkim.sock
+
+PidFile			/run/opendkim/opendkim.pid
+
+# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
+# OPERATION section of opendkim(8) for more information.
+#InternalHosts		192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
+
+# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
+# by the package dns-root-data.
+TrustAnchorFile		/usr/share/dns/root.key
+#Nameservers		127.0.0.1
+
+# Common verification parameters. This section is used by both the signing and
+SigningTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim_signings?keycol=author?datacol=dkim_id
+KeyTable     dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key
+
+

web/Modules/Email/shell/install.sh

@@ -7,6 +7,7 @@ sudo apt-get --no-install-recommends install opendkim opendkim-tools postfix-pol
 sudo apt-get --no-install-recommends install spamassassin spamc -yq
 sudo apt-get --no-install-recommends install clamav clamav-daemon -yq
 sudo apt-get --no-install-recommends install amavisd-new -yq
+sudo apt-get install libmysqlclient-dev libopendbx1-mysql -yq
 
 # Enable email ports
 ufw allow 25