diff --git a/web/Modules/Email/App/Console/SetupEmailServer.php b/web/Modules/Email/App/Console/SetupEmailServer.php index 66db89d..a5ea216 100644 --- a/web/Modules/Email/App/Console/SetupEmailServer.php +++ b/web/Modules/Email/App/Console/SetupEmailServer.php @@ -80,7 +80,11 @@ class SetupEmailServer extends Command $postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf'); file_put_contents('/etc/postfix/master.cf', $postfixMasterCf); - $openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', $mysqlDbDetails); + $openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', [ + 'hostName' => setting('email.hostname'), + 'domain' => setting('email.domain'), + 'mysqlConnectionUrl'=> $mysqlDbDetails["username"].':'.$mysqlDbDetails['password'].'@'.$mysqlDbDetails['host'].'/'.$mysqlDbDetails['database'], + ]); file_put_contents('/etc/opendkim.conf', $openDkimConf); shell_exec('systemctl restart dovecot'); @@ -89,17 +93,4 @@ class SetupEmailServer extends Command } - public function checkDNSValidation() - { - - // exec: dig @1.1.1.1 +short MX allsidepixels.com - // output: 10 mail.allsidepixels.com - - // exec: dig @1.1.1.1 +short A mail.allsidepixels.com - // output: 49.13.13.211 - - // exec: dig @1.1.1.1 +short -x 49.13.13.211 - // output: mail.allsidepixels.com - - } } diff --git a/web/Modules/Email/resources/views/server/opendkim/opendkim.conf b/web/Modules/Email/resources/views/server/opendkim/opendkim.conf index c4991a2..b5be67b 100644 --- a/web/Modules/Email/resources/views/server/opendkim/opendkim.conf +++ b/web/Modules/Email/resources/views/server/opendkim/opendkim.conf @@ -3,26 +3,16 @@ # /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete # documentation of available configuration parameters. -Syslog yes -SyslogSuccess yes -#LogWhy no +LogWhy yes +Syslog yes +SyslogSuccess yes # Common signing and verification parameters. In Debian, the "From" header is # oversigned, because it is often the identity key used by reputation systems # and thus somewhat security sensitive. Canonicalization relaxed/simple -#Mode sv -#SubDomains no OversignHeaders From -# Signing domain, selector, and key (required). For example, perform signing -# for domain "example.com" with selector "2020" (2020._domainkey.example.com), -# using the private key stored in /etc/dkimkeys/example.private. More granular -# setup options can be found in /usr/share/doc/opendkim/README.opendkim. -#Domain example.com -#Selector 2020 -#KeyFile /etc/dkimkeys/example.private - # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when # using a local socket with MTAs that access the socket as a non-privileged # user (for example, Postfix). You may need to add user "postfix" to group @@ -51,7 +41,18 @@ TrustAnchorFile /usr/share/dns/root.key #Nameservers 127.0.0.1 # Common verification parameters. This section is used by both the signing and -SigningTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim_signings?keycol=author?datacol=dkim_id -KeyTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key - +SigningTable dsn:mysql://{{$mysqlConnectionUrl}}/table=domain_dkim_signings?keycol=author?datacol=dkim_id +KeyTable dsn:mysql://{{$mysqlConnectionUrl}}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key +# This is a set of internal hosts whose mail should be signed by this filter. +Domain {{$domain}} +KeyFile /etc/opendkim/keys/{{$domain}}/mail.private +Selector dkim +SOCKET inet:8891@127.0.0.1 +Mode sv +SubDomains no +AutoRestart yes +AutoRestartRate 10/1M +Background yes +DNSTimeout 5 +SignatureAlgorithm rsa-sha256