diff --git a/web/Modules/Email/App/Console/SetupEmailServer.php b/web/Modules/Email/App/Console/SetupEmailServer.php index e1e53be..66db89d 100644 --- a/web/Modules/Email/App/Console/SetupEmailServer.php +++ b/web/Modules/Email/App/Console/SetupEmailServer.php @@ -80,6 +80,9 @@ class SetupEmailServer extends Command $postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf'); file_put_contents('/etc/postfix/master.cf', $postfixMasterCf); + $openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', $mysqlDbDetails); + file_put_contents('/etc/opendkim.conf', $openDkimConf); + shell_exec('systemctl restart dovecot'); shell_exec('systemctl restart postfix'); shell_exec('systemctl restart opendkim'); diff --git a/web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkims_table.php b/web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkim_table.php similarity index 85% rename from web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkims_table.php rename to web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkim_table.php index 8646439..54d8089 100644 --- a/web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkims_table.php +++ b/web/Modules/Email/Database/migrations/2024_09_18_130142_create_domain_dkim_table.php @@ -11,7 +11,7 @@ return new class extends Migration */ public function up(): void { - Schema::create('domain_dkims', function (Blueprint $table) { + Schema::create('domain_dkim', function (Blueprint $table) { $table->id(); $table->string('domain_name'); @@ -29,6 +29,6 @@ return new class extends Migration */ public function down(): void { - Schema::dropIfExists('domain_dkims'); + Schema::dropIfExists('domain_dkim'); } }; diff --git a/web/Modules/Email/resources/views/server/opendkim/opendkim.conf b/web/Modules/Email/resources/views/server/opendkim/opendkim.conf new file mode 100644 index 0000000..c4991a2 --- /dev/null +++ b/web/Modules/Email/resources/views/server/opendkim/opendkim.conf @@ -0,0 +1,57 @@ +# This is a basic configuration for signing and verifying. It can easily be +# adapted to suit a basic installation. See opendkim.conf(5) and +# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete +# documentation of available configuration parameters. + +Syslog yes +SyslogSuccess yes +#LogWhy no + +# Common signing and verification parameters. In Debian, the "From" header is +# oversigned, because it is often the identity key used by reputation systems +# and thus somewhat security sensitive. +Canonicalization relaxed/simple +#Mode sv +#SubDomains no +OversignHeaders From + +# Signing domain, selector, and key (required). For example, perform signing +# for domain "example.com" with selector "2020" (2020._domainkey.example.com), +# using the private key stored in /etc/dkimkeys/example.private. More granular +# setup options can be found in /usr/share/doc/opendkim/README.opendkim. +#Domain example.com +#Selector 2020 +#KeyFile /etc/dkimkeys/example.private + +# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when +# using a local socket with MTAs that access the socket as a non-privileged +# user (for example, Postfix). You may need to add user "postfix" to group +# "opendkim" in that case. +UserID opendkim +UMask 007 + +# Socket for the MTA connection (required). If the MTA is inside a chroot jail, +# it must be ensured that the socket is accessible. In Debian, Postfix runs in +# a chroot in /var/spool/postfix, therefore a Unix socket would have to be +# configured as shown on the last line below. +Socket local:/run/opendkim/opendkim.sock +#Socket inet:8891@localhost +#Socket inet:8891 +#Socket local:/var/spool/postfix/opendkim/opendkim.sock + +PidFile /run/opendkim/opendkim.pid + +# Hosts for which to sign rather than verify, default is 127.0.0.1. See the +# OPERATION section of opendkim(8) for more information. +#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 + +# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided +# by the package dns-root-data. +TrustAnchorFile /usr/share/dns/root.key +#Nameservers 127.0.0.1 + +# Common verification parameters. This section is used by both the signing and +SigningTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim_signings?keycol=author?datacol=dkim_id +KeyTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key + + diff --git a/web/Modules/Email/shell/install.sh b/web/Modules/Email/shell/install.sh index 761e2b7..69e26be 100644 --- a/web/Modules/Email/shell/install.sh +++ b/web/Modules/Email/shell/install.sh @@ -7,6 +7,7 @@ sudo apt-get --no-install-recommends install opendkim opendkim-tools postfix-pol sudo apt-get --no-install-recommends install spamassassin spamc -yq sudo apt-get --no-install-recommends install clamav clamav-daemon -yq sudo apt-get --no-install-recommends install amavisd-new -yq +sudo apt-get install libmysqlclient-dev libopendbx1-mysql -yq # Enable email ports ufw allow 25