From c111a8920cf5765ac34a5b3e60192b95b47d64e6 Mon Sep 17 00:00:00 2001 From: David Duque Date: Fri, 18 Feb 2022 00:25:03 +0000 Subject: [PATCH] Adjust the box's own DKIM selector when the relay provider wants the 'mail' selector --- management/daemon.py | 33 ++++++++++++++++----------------- management/dns_update.py | 7 ++++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/management/daemon.py b/management/daemon.py index fe74f2a..05888e4 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -756,26 +756,24 @@ def smtp_relay_set(): config["SMTP_RELAY_DKIM_RR"] = None elif re.fullmatch(r"[a-z\d\._]+", sel.strip()) is None: return ("The DKIM selector is invalid!", 400) - elif sel.strip() == config.get("local_dkim_selector", "mail"): - return (f"The DKIM selector {sel.strip()} is already in use by the box!", 400) - else: - # DKIM selector looks good, try processing the RR - rr = newconf.get("dkim_rr", "") - if rr.strip() == "": - return ("Cannot publish a selector with an empty key!", 400) - components = {} - for r in re.split(r"[;\s]+", rr): - sp = re.split(r"\=", r) - if len(sp) != 2: - return ("DKIM public key RR is malformed!", 400) - components[sp[0]] = sp[1] + # DKIM selector looks good, try processing the RR + rr = newconf.get("dkim_rr", "") + if rr.strip() == "": + return ("Cannot publish a selector with an empty key!", 400) - if not components.get("p"): - return ("The DKIM public key doesn't exist!", 400) + components = {} + for r in re.split(r"[;\s]+", rr): + sp = re.split(r"\=", r) + if len(sp) != 2: + return ("DKIM public key RR is malformed!", 400) + components[sp[0]] = sp[1] - config["SMTP_RELAY_DKIM_SELECTOR"] = sel - config["SMTP_RELAY_DKIM_RR"] = components + if not components.get("p"): + return ("The DKIM public key doesn't exist!", 400) + + config["SMTP_RELAY_DKIM_SELECTOR"] = sel + config["SMTP_RELAY_DKIM_RR"] = components relay_on = False implicit_tls = False @@ -809,6 +807,7 @@ def smtp_relay_set(): try: # Write on daemon settings + config["local_dkim_selector"] = "mailorigin" if relay_on and sel == "mail" else "mail" config["SMTP_RELAY_ENABLED"] = relay_on config["SMTP_RELAY_HOST"] = newconf.get("host") config["SMTP_RELAY_PORT"] = int(newconf.get("port")) diff --git a/management/dns_update.py b/management/dns_update.py index 326bc55..99717bf 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -177,7 +177,8 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True) # Are there any other authorized servers for this domain? settings = load_settings(env) spf_extra = None - if settings.get("SMTP_RELAY_ENABLED", False): + relay_on = settings.get("SMTP_RELAY_ENABLED", False) + if relay_on: spf_extra = "" # Convert settings to spf elements for r in settings.get("SMTP_RELAY_AUTHORIZED_SERVERS", []): @@ -331,7 +332,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True) # the domain, and no one else (unless the user is using an SMTP relay and authorized other servers). # Skip if the user has set a custom SPF record. if not has_rec(None, "TXT", prefix="v=spf1 "): - if settings.get("SMTP_RELAY_SPF_RECORD", "").strip() != "" and settings.get("SMTP_RELAY_ENABLED", False): + if settings.get("SMTP_RELAY_SPF_RECORD", "").strip() != "" and relay_on: records.append((None, "TXT", settings.get("SMTP_RELAY_SPF_RECORD"), "Added by your SMTP Relay provider so that they can send @%s mail on your behalf." % domain, None)) elif spf_extra is None: records.append((None, "TXT", "v=spf1 mx -all", "Recommended. Specifies that only the box is permitted to send @%s mail." % domain, None)) @@ -353,7 +354,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True) # Skip if manually set by the user. relay_ds = settings.get("SMTP_RELAY_DKIM_SELECTOR") rr = settings.get("SMTP_RELAY_DKIM_RR", {}) - if relay_ds is not None and not has_rec(f"{relay_ds}._domainkey", "TXT", prefix="v=DKIM1; ") and rr.get("p") is not None: + if relay_on and relay_ds is not None and not has_rec(f"{relay_ds}._domainkey", "TXT", prefix="v=DKIM1; ") and rr.get("p") is not None: dkim_rrtxt = "" for c, d in (("v", "DKIM1"), ("h", None), ("k", "rsa"), ("n", None), ("s", None), ("t", None)): txt = rr.get(c, d)