/[smeserver]/rpms/smeserver-qpsmtpd/sme9/smeserver-qpsmtpd-2.4.0-dkim_signing.patch
ViewVC logotype

Annotation of /rpms/smeserver-qpsmtpd/sme9/smeserver-qpsmtpd-2.4.0-dkim_signing.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Fri May 6 22:12:06 2016 UTC (8 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: smeserver-qpsmtpd-2_4_0-38_el6_sme, smeserver-qpsmtpd-2_4_0-33_el6_sme, smeserver-qpsmtpd-2_4_0-29_el6_sme, smeserver-qpsmtpd-2_4_0-37_el6_sme, smeserver-qpsmtpd-2_4_0-35_el6_sme, smeserver-qpsmtpd-2_4_0-30_el6_sme, smeserver-qpsmtpd-2_4_0-36_el6_sme, smeserver-qpsmtpd-2_4_0-39_el6_sme, smeserver-qpsmtpd-2_4_0-34_el6_sme, smeserver-qpsmtpd-2_4_0-25_el6_sme, smeserver-qpsmtpd-2_4_0-31_el6_sme, smeserver-qpsmtpd-2_4_0-27_el6_sme, smeserver-qpsmtpd-2_4_0-32_el6_sme, smeserver-qpsmtpd-2_4_0-24_el6_sme, smeserver-qpsmtpd-2_4_0-26_el6_sme, smeserver-qpsmtpd-2_4_0-28_el6_sme, HEAD
* Fri May 6 2016 Daniel Berteaud <daniel@firewall-services.com> 2.4.0-24.sme
- Check SPF for inbound emails [SME: 9505]
- Check DKIM for inbound emails [SME: 9504]
- Check DMARC for inbound emails (based on the previous SPF and DKIM checks)
  [SME: 9507]
- Store and send DMARC aggregate reports [SME: 9507]
- Support DKIM signing for outbounb emails [SME: 9506]

1 vip-ire 1.1 diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
2     --- smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:41:30.658369153 +0200
3     +++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:40:53.498383785 +0200
4     @@ -2,6 +2,17 @@
5    
6     use esmith::Build::CreateLinks qw(:all);
7    
8     +foreach $event (qw(
9     + email-update
10     + domain-modify
11     + domain-create
12     + domain-delete
13     + bootstrap-console-save
14     + ))
15     +{
16     + event_link("domains-update-dkim", $event, "30");
17     +}
18     +
19     my $service = "/var/service/qpsmtpd";
20    
21     foreach $event (qw(
22     @@ -40,11 +51,15 @@
23     ssl-update
24     ));
25    
26     -templates2events("/etc/mail-dmarc.ini", qw(
27     +templates2events($_, qw(
28     bootstrap-console-save
29     console-save
30     email-update
31     - ));
32     + ))
33     + for (qw(
34     + /etc/mail-dmarc.ini
35     + /home/e-smith/dkim_keys/default/selector
36     + ));
37    
38     my $secure_service = "/var/service/sqpsmtpd";
39    
40     diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
41     --- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 1970-01-01 01:00:00.000000000 +0100
42     +++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 2016-05-03 00:40:53.499383785 +0200
43     @@ -0,0 +1,40 @@
44     +#!/usr/bin/perl -w
45     +
46     +use esmith::DomainsDB;
47     +use esmith::ConfigDB;
48     +use File::Find;
49     +
50     +my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
51     +my $c = esmith::ConfigDB->open_ro || die "Couldn't open the configurtion database";
52     +
53     +my $qpsmtpd = $c->get('qpsmtpd');
54     +die "qpsmtpd service entry not found" unless ($qpsmtpd);
55     +
56     +my $dkim_sign = $qpsmtpd->prop('DKIMSigning') || 'disabled';
57     +
58     +find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
59     +
60     +# Build a list of domain for which we want to sign emails
61     +my @dkim_domains = ();
62     +
63     +if ($dkim_sign =~ m/^enabled|yes|1|on$/){
64     + foreach my $dom ($d->domains){
65     + next if ($dom->prop('DKIMSigning') || 'enabled') eq 'disabled';
66     + next if ($dom->prop('MailServer'));
67     + push @dkim_domains, $dom->key;
68     + }
69     +}
70     +
71     +
72     +sub wanted{
73     + my $domain = $d->get($_);
74     + if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
75     + unlink $_;
76     + }
77     +}
78     +
79     +foreach my $dom (@dkim_domains){
80     + next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
81     + my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
82     + symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
83     +}
84     diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
85     --- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 1970-01-01 01:00:00.000000000 +0100
86     +++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 2016-05-03 00:40:53.499383785 +0200
87     @@ -0,0 +1 @@
88     +{ $qpsmtpd{'DKIMSelector'} || 'default' }
89     diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
90     --- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 1970-01-01 01:00:00.000000000 +0100
91     +++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 2016-05-03 00:40:53.499383785 +0200
92     @@ -0,0 +1,54 @@
93     +#!/usr/bin/perl -w
94     +
95     +use esmith::ConfigDB;
96     +use esmith::DomainsDB;
97     +my $c = esmith::ConfigDB->open_ro || die "Couldn't open the configuration database";
98     +my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
99     +my $domain = shift || $c->get('DomainName')->value;
100     +
101     +die "Domain $domain doesn't exist"
102     + unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
103     +
104     +warn "DKIM Signing is disabled for domain $domain"
105     + if (($d->get($domain)->prop('DKIMSigning') || 'enabled') eq 'disabled');
106     +
107     +die "Can't find DKIM keys for domain $domain"
108     + unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
109     +
110     +die "Can't find the selector for domain $domain"
111     + unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
112     +
113     +print <<'_EOF';
114     +
115     +Here are sample DNS entries you should add in your public DNS
116     +The DKIM entry can be copied as is, but others will probably need to be adjusted
117     +to your need. For example, you should either change the reporting email adress
118     +for DMARC (or create the needed pseudonym)
119     +
120     +_EOF
121     +
122     +my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
123     +open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
124     +while(<PUBKEY>){
125     + next if /^\-/;
126     + chomp;
127     + $key_string .= $_;
128     +}
129     +close PUBKEY;
130     +open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
131     +my $selector = <SEL>;
132     +chomp $selector
133     +close SEL;
134     +
135     +my @key_chunks = ( $key_string =~ /.{1,255}/g );
136     +my $txt = '';
137     +$txt .= '"' . $_ . '"' foreach (@key_chunks);
138     +
139     +print <<"_EOF";
140     +
141     +$selector._domainkey IN TXT $txt
142     +\@ IN SPF "v=spf1 mx a -all"
143     +\@ IN TXT "v=spf1 mx a -all"
144     +_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
145     +
146     +_EOF
147     diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
148     --- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:30.627369165 +0200
149     +++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:21.828372608 +0200
150     @@ -34,6 +34,15 @@
151     [ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
152     RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
153    
154     +# Create a default dkim key pair
155     +[ -e /home/e-smith/dkim_keys/default/private ] || (\
156     + RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
157     + /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
158     + -out /home/e-smith/dkim_keys/default/public -pubout
159     + chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
160     + chmod 400 /home/e-smith/dkim_keys/default/private
161     +)
162     +
163     exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
164     /usr/bin/qpsmtpd-forkserver \
165     -u qpsmtpd \

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed