This commit is contained in:
Bozhidar 2024-09-30 15:09:56 +03:00
parent 5799c99f10
commit ce62ec5ab1
2 changed files with 22 additions and 30 deletions

View file

@ -80,7 +80,11 @@ class SetupEmailServer extends Command
$postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf'); $postfixMasterCf = PhyreBlade::render('email::server.postfix.master.cf');
file_put_contents('/etc/postfix/master.cf', $postfixMasterCf); file_put_contents('/etc/postfix/master.cf', $postfixMasterCf);
$openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', $mysqlDbDetails); $openDkimConf = PhyreBlade::render('email::server.opendkim.opendkim.conf', [
'hostName' => setting('email.hostname'),
'domain' => setting('email.domain'),
'mysqlConnectionUrl'=> $mysqlDbDetails["username"].':'.$mysqlDbDetails['password'].'@'.$mysqlDbDetails['host'].'/'.$mysqlDbDetails['database'],
]);
file_put_contents('/etc/opendkim.conf', $openDkimConf); file_put_contents('/etc/opendkim.conf', $openDkimConf);
shell_exec('systemctl restart dovecot'); shell_exec('systemctl restart dovecot');
@ -89,17 +93,4 @@ class SetupEmailServer extends Command
} }
public function checkDNSValidation()
{
// exec: dig @1.1.1.1 +short MX allsidepixels.com
// output: 10 mail.allsidepixels.com
// exec: dig @1.1.1.1 +short A mail.allsidepixels.com
// output: 49.13.13.211
// exec: dig @1.1.1.1 +short -x 49.13.13.211
// output: mail.allsidepixels.com
}
} }

View file

@ -3,26 +3,16 @@
# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete # /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
# documentation of available configuration parameters. # documentation of available configuration parameters.
LogWhy yes
Syslog yes Syslog yes
SyslogSuccess yes SyslogSuccess yes
#LogWhy no
# Common signing and verification parameters. In Debian, the "From" header is # Common signing and verification parameters. In Debian, the "From" header is
# oversigned, because it is often the identity key used by reputation systems # oversigned, because it is often the identity key used by reputation systems
# and thus somewhat security sensitive. # and thus somewhat security sensitive.
Canonicalization relaxed/simple Canonicalization relaxed/simple
#Mode sv
#SubDomains no
OversignHeaders From OversignHeaders From
# Signing domain, selector, and key (required). For example, perform signing
# for domain "example.com" with selector "2020" (2020._domainkey.example.com),
# using the private key stored in /etc/dkimkeys/example.private. More granular
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
#Domain example.com
#Selector 2020
#KeyFile /etc/dkimkeys/example.private
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
# using a local socket with MTAs that access the socket as a non-privileged # using a local socket with MTAs that access the socket as a non-privileged
# user (for example, Postfix). You may need to add user "postfix" to group # user (for example, Postfix). You may need to add user "postfix" to group
@ -51,7 +41,18 @@ TrustAnchorFile /usr/share/dns/root.key
#Nameservers 127.0.0.1 #Nameservers 127.0.0.1
# Common verification parameters. This section is used by both the signing and # Common verification parameters. This section is used by both the signing and
SigningTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim_signings?keycol=author?datacol=dkim_id SigningTable dsn:mysql://{{$mysqlConnectionUrl}}/table=domain_dkim_signings?keycol=author?datacol=dkim_id
KeyTable dsn:mysql://{{ $username.':'.$password.'@'.$host.'/'.$database }}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key KeyTable dsn:mysql://{{$mysqlConnectionUrl}}/table=domain_dkim?keycol=id?datacol=domain_name,selector,private_key
# This is a set of internal hosts whose mail should be signed by this filter.
Domain {{$domain}}
KeyFile /etc/opendkim/keys/{{$domain}}/mail.private
Selector dkim
SOCKET inet:8891@127.0.0.1
Mode sv
SubDomains no
AutoRestart yes
AutoRestartRate 10/1M
Background yes
DNSTimeout 5
SignatureAlgorithm rsa-sha256