This commit is contained in:
Bozhidar 2024-09-30 14:31:30 +03:00
parent 5fd2460aa2
commit 5799c99f10
4 changed files with 63 additions and 2 deletions

View file

@ -80,6 +80,9 @@ class SetupEmailServer extends Command
$postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf'); $postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf');
file_put_contents('/etc/postfix/master.cf', $postfixMasterCf); file_put_contents('/etc/postfix/master.cf', $postfixMasterCf);
$openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', $mysqlDbDetails);
file_put_contents('/etc/opendkim.conf', $openDkimConf);
shell_exec('systemctl restart dovecot'); shell_exec('systemctl restart dovecot');
shell_exec('systemctl restart postfix'); shell_exec('systemctl restart postfix');
shell_exec('systemctl restart opendkim'); shell_exec('systemctl restart opendkim');

View file

@ -11,7 +11,7 @@ return new class extends Migration
*/ */
public function up(): void public function up(): void
{ {
Schema::create('domain_dkims', function (Blueprint $table) { Schema::create('domain_dkim', function (Blueprint $table) {
$table->id(); $table->id();
$table->string('domain_name'); $table->string('domain_name');
@ -29,6 +29,6 @@ return new class extends Migration
*/ */
public function down(): void public function down(): void
{ {
Schema::dropIfExists('domain_dkims'); Schema::dropIfExists('domain_dkim');
} }
}; };

View file

@ -0,0 +1,57 @@
# This is a basic configuration for signing and verifying. It can easily be
# adapted to suit a basic installation. See opendkim.conf(5) and
# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
# documentation of available configuration parameters.
Syslog yes
SyslogSuccess yes
#LogWhy no
# Common signing and verification parameters. In Debian, the "From" header is
# oversigned, because it is often the identity key used by reputation systems
# and thus somewhat security sensitive.
Canonicalization relaxed/simple
#Mode sv
#SubDomains no
OversignHeaders From
# Signing domain, selector, and key (required). For example, perform signing
# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
# using the private key stored in /etc/dkimkeys/example.private. More granular
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
#Domain example.com
#Selector 2020
#KeyFile /etc/dkimkeys/example.private
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group
# "opendkim" in that case.
UserID opendkim
UMask 007
# Socket for the MTA connection (required). If the MTA is inside a chroot jail,
# it must be ensured that the socket is accessible. In Debian, Postfix runs in
# a chroot in /var/spool/postfix, therefore a Unix socket would have to be
# configured as shown on the last line below.
Socket local:/run/opendkim/opendkim.sock
#Socket inet:8891@localhost
#Socket inet:8891
#Socket local:/var/spool/postfix/opendkim/opendkim.sock
PidFile /run/opendkim/opendkim.pid
# Hosts for which to sign rather than verify, default is 127.0.0.1. See the
# OPERATION section of opendkim(8) for more information.
#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
# by the package dns-root-data.
TrustAnchorFile /usr/share/dns/root.key
#Nameservers 127.0.0.1
# Common verification parameters. This section is used by both the signing and
SigningTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim_signings?keycol=author?datacol=dkim_id
KeyTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key

View file

@ -7,6 +7,7 @@ sudo apt-get --no-install-recommends install opendkim opendkim-tools postfix-pol
sudo apt-get --no-install-recommends install spamassassin spamc -yq sudo apt-get --no-install-recommends install spamassassin spamc -yq
sudo apt-get --no-install-recommends install clamav clamav-daemon -yq sudo apt-get --no-install-recommends install clamav clamav-daemon -yq
sudo apt-get --no-install-recommends install amavisd-new -yq sudo apt-get --no-install-recommends install amavisd-new -yq
sudo apt-get install libmysqlclient-dev libopendbx1-mysql -yq
# Enable email ports # Enable email ports
ufw allow 25 ufw allow 25