Adjust the box's own DKIM selector when the relay provider wants the 'mail' selector

2022-02-18 00:25:03 +00:00 · 2022-02-18 00:25:03 +00:00 · c111a8920c
commit c111a8920c
parent 115fee4212
2 changed files with 20 additions and 20 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@ -756,26 +756,24 @@ def smtp_relay_set():
 		config["SMTP_RELAY_DKIM_RR"] = None
 	elif re.fullmatch(r"[a-z\d\._]+", sel.strip()) is None:
 		return ("The DKIM selector is invalid!", 400)
-	elif sel.strip() == config.get("local_dkim_selector", "mail"):
-		return (f"The DKIM selector {sel.strip()} is already in use by the box!", 400)
-	else:
-		# DKIM selector looks good, try processing the RR
-		rr = newconf.get("dkim_rr", "")
-		if rr.strip() == "":
-			return ("Cannot publish a selector with an empty key!", 400)

-		components = {}
-		for r in re.split(r"[;\s]+", rr):
-			sp = re.split(r"\=", r)
-			if len(sp) != 2:
-				return ("DKIM public key RR is malformed!", 400)
-			components[sp[0]] = sp[1]
+	# DKIM selector looks good, try processing the RR
+	rr = newconf.get("dkim_rr", "")
+	if rr.strip() == "":
+		return ("Cannot publish a selector with an empty key!", 400)

-		if not components.get("p"):
-			return ("The DKIM public key doesn't exist!", 400)
+	components = {}
+	for r in re.split(r"[;\s]+", rr):
+		sp = re.split(r"\=", r)
+		if len(sp) != 2:
+			return ("DKIM public key RR is malformed!", 400)
+		components[sp[0]] = sp[1]

-		config["SMTP_RELAY_DKIM_SELECTOR"] = sel
-		config["SMTP_RELAY_DKIM_RR"] = components
+	if not components.get("p"):
+		return ("The DKIM public key doesn't exist!", 400)
+
+	config["SMTP_RELAY_DKIM_SELECTOR"] = sel
+	config["SMTP_RELAY_DKIM_RR"] = components

 	relay_on = False
 	implicit_tls = False
@ -809,6 +807,7 @@ def smtp_relay_set():

 	try:
 		# Write on daemon settings
+		config["local_dkim_selector"] = "mailorigin" if relay_on and sel == "mail" else "mail"
 		config["SMTP_RELAY_ENABLED"] = relay_on
 		config["SMTP_RELAY_HOST"] = newconf.get("host")
 		config["SMTP_RELAY_PORT"] = int(newconf.get("port"))
--- a/management/dns_update.py
+++ b/management/dns_update.py
@ -177,7 +177,8 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 	# Are there any other authorized servers for this domain?
 	settings = load_settings(env)
 	spf_extra = None
-	if settings.get("SMTP_RELAY_ENABLED", False):
+	relay_on = settings.get("SMTP_RELAY_ENABLED", False)
+	if relay_on:
 		spf_extra = ""
 		# Convert settings to spf elements
 		for r in settings.get("SMTP_RELAY_AUTHORIZED_SERVERS", []):
@ -331,7 +332,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 		# the domain, and no one else (unless the user is using an SMTP relay and authorized other servers).
 		# Skip if the user has set a custom SPF record.
 		if not has_rec(None, "TXT", prefix="v=spf1 "):
-			if settings.get("SMTP_RELAY_SPF_RECORD", "").strip() != "" and settings.get("SMTP_RELAY_ENABLED", False):
+			if settings.get("SMTP_RELAY_SPF_RECORD", "").strip() != "" and relay_on:
 				records.append((None, "TXT", settings.get("SMTP_RELAY_SPF_RECORD"), "Added by your SMTP Relay provider so that they can send @%s mail on your behalf." % domain, None))
 			elif spf_extra is None:
 				records.append((None, "TXT", "v=spf1 mx -all", "Recommended. Specifies that only the box is permitted to send @%s mail." % domain, None))
@ -353,7 +354,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 		# Skip if manually set by the user.
 		relay_ds = settings.get("SMTP_RELAY_DKIM_SELECTOR")
 		rr = settings.get("SMTP_RELAY_DKIM_RR", {})
-		if relay_ds is not None and not has_rec(f"{relay_ds}._domainkey", "TXT", prefix="v=DKIM1; ") and rr.get("p") is not None:
+		if relay_on and relay_ds is not None and not has_rec(f"{relay_ds}._domainkey", "TXT", prefix="v=DKIM1; ") and rr.get("p") is not None:
 			dkim_rrtxt = ""
 			for c, d in (("v", "DKIM1"), ("h", None), ("k", "rsa"), ("n", None), ("s", None), ("t", None)):
 				txt = rr.get(c, d)