smeserver-qpsmtpd/sme9/smeserver-qpsmtpd-2.4.0-dkim_signing.patch

diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
--- smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:41:30.658369153 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks       2016-05-03 00:40:53.498383785 +0200
@@ -2,6 +2,17 @@
 
 use esmith::Build::CreateLinks qw(:all);
 
+foreach $event (qw(
+                    email-update
+                    domain-modify
+                    domain-create
+                    domain-delete
+                    bootstrap-console-save
+                ))
+{
+    event_link("domains-update-dkim", $event, "30");
+}
+
 my $service = "/var/service/qpsmtpd";
 
 foreach $event (qw(
@@ -40,11 +51,15 @@
                        ssl-update
                      ));
 
-templates2events("/etc/mail-dmarc.ini", qw(
+templates2events($_, qw(
                         bootstrap-console-save
                         console-save
                         email-update
-                      ));
+                      ))
+                        for (qw(
+                            /etc/mail-dmarc.ini
+                            /home/e-smith/dkim_keys/default/selector
+                        ));
 
 my $secure_service = "/var/service/sqpsmtpd";
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim       2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,40 @@
+#!/usr/bin/perl -w
+
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+use File::Find;
+
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configurtion database";
+
+my $qpsmtpd = $c->get('qpsmtpd');
+die "qpsmtpd service entry not found" unless ($qpsmtpd);
+
+my $dkim_sign = $qpsmtpd->prop('DKIMSigning') || 'disabled';
+
+find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
+
+# Build a list of domain for which we want to sign emails
+my @dkim_domains = ();
+
+if ($dkim_sign =~ m/^enabled|yes|1|on$/){
+  foreach my $dom ($d->domains){
+    next if ($dom->prop('DKIMSigning') || 'enabled') eq 'disabled';
+    next if ($dom->prop('MailServer'));
+    push @dkim_domains, $dom->key;
+  }
+}
+
+
+sub wanted{
+  my $domain = $d->get($_);
+  if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
+    unlink $_;
+  }
+}
+
+foreach my $dom (@dkim_domains){
+  next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
+  my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
+  symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin   1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1 @@
+{ $qpsmtpd{'DKIMSelector'} || 'default' }
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
--- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns       2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,54 @@
+#!/usr/bin/perl -w
+
+use esmith::ConfigDB;
+use esmith::DomainsDB;
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configuration database";
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $domain = shift || $c->get('DomainName')->value;
+
+die "Domain $domain doesn't exist"
+  unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
+
+warn "DKIM Signing is disabled for domain $domain"
+  if (($d->get($domain)->prop('DKIMSigning') || 'enabled') eq 'disabled');
+
+die "Can't find DKIM keys for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
+
+die "Can't find the selector for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
+
+print <<'_EOF';
+
+Here are sample DNS entries you should add in your public DNS
+The DKIM entry can be copied as is, but others will probably need to be adjusted
+to your need. For example, you should either change the reporting email adress
+for DMARC (or create the needed pseudonym)
+
+_EOF
+
+my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
+open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
+while(<PUBKEY>){
+  next if /^\-/;
+  chomp;
+  $key_string .= $_;
+}
+close PUBKEY;
+open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
+my $selector = <SEL>;
+chomp $selector
+close SEL;
+
+my @key_chunks = ( $key_string =~ /.{1,255}/g );
+my $txt = '';
+$txt .= '"' . $_ . '"' foreach (@key_chunks);
+
+print <<"_EOF";
+
+$selector._domainkey IN TXT $txt
+\@ IN SPF "v=spf1 mx a -all"
+\@ IN TXT "v=spf1 mx a -all"
+_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
+
+_EOF
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
--- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run        2016-05-03 00:41:30.627369165 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run      2016-05-03 00:41:21.828372608 +0200
@@ -34,6 +34,15 @@
 [ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
     RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
 
+# Create a default dkim key pair
+[ -e /home/e-smith/dkim_keys/default/private ] || (\
+    RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
+    /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
+        -out /home/e-smith/dkim_keys/default/public -pubout
+    chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
+    chmod 400 /home/e-smith/dkim_keys/default/private
+)
+
 exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
   /usr/bin/qpsmtpd-forkserver \
        -u qpsmtpd \
1	vip-ire	1.1	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
2			--- smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:41:30.658369153 +0200
3			+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:40:53.498383785 +0200
4			@@ -2,6 +2,17 @@
5
6			use esmith::Build::CreateLinks qw(:all);
7
8			+foreach $event (qw(
9			+ email-update
10			+ domain-modify
11			+ domain-create
12			+ domain-delete
13			+ bootstrap-console-save
14			+ ))
15			+{
16			+ event_link("domains-update-dkim", $event, "30");
17			+}
18			+
19			my $service = "/var/service/qpsmtpd";
20
21			foreach $event (qw(
22			@@ -40,11 +51,15 @@
23			ssl-update
24			));
25
26			-templates2events("/etc/mail-dmarc.ini", qw(
27			+templates2events($_, qw(
28			bootstrap-console-save
29			console-save
30			email-update
31			- ));
32			+ ))
33			+ for (qw(
34			+ /etc/mail-dmarc.ini
35			+ /home/e-smith/dkim_keys/default/selector
36			+ ));
37
38			my $secure_service = "/var/service/sqpsmtpd";
39
40			diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
41			--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 1970-01-01 01:00:00.000000000 +0100
42			+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 2016-05-03 00:40:53.499383785 +0200
43			@@ -0,0 +1,40 @@
44			+#!/usr/bin/perl -w
45			+
46			+use esmith::DomainsDB;
47			+use esmith::ConfigDB;
48			+use File::Find;
49			+
50			+my $d = esmith::DomainsDB->open_ro \|\| die "Couldn't open the domains database";
51			+my $c = esmith::ConfigDB->open_ro \|\| die "Couldn't open the configurtion database";
52			+
53			+my $qpsmtpd = $c->get('qpsmtpd');
54			+die "qpsmtpd service entry not found" unless ($qpsmtpd);
55			+
56			+my $dkim_sign = $qpsmtpd->prop('DKIMSigning') \|\| 'disabled';
57			+
58			+find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
59			+
60			+# Build a list of domain for which we want to sign emails
61			+my @dkim_domains = ();
62			+
63			+if ($dkim_sign =~ m/^enabled\|yes\|1\|on$/){
64			+ foreach my $dom ($d->domains){
65			+ next if ($dom->prop('DKIMSigning') \|\| 'enabled') eq 'disabled';
66			+ next if ($dom->prop('MailServer'));
67			+ push @dkim_domains, $dom->key;
68			+ }
69			+}
70			+
71			+
72			+sub wanted{
73			+ my $domain = $d->get($_);
74			+ if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
75			+ unlink $_;
76			+ }
77			+}
78			+
79			+foreach my $dom (@dkim_domains){
80			+ next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
81			+ my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
82			+ symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
83			+}
84			diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
85			--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 1970-01-01 01:00:00.000000000 +0100
86			+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 2016-05-03 00:40:53.499383785 +0200
87			@@ -0,0 +1 @@
88			+{ $qpsmtpd{'DKIMSelector'} \|\| 'default' }
89			diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
90			--- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 1970-01-01 01:00:00.000000000 +0100
91			+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 2016-05-03 00:40:53.499383785 +0200
92			@@ -0,0 +1,54 @@
93			+#!/usr/bin/perl -w
94			+
95			+use esmith::ConfigDB;
96			+use esmith::DomainsDB;
97			+my $c = esmith::ConfigDB->open_ro \|\| die "Couldn't open the configuration database";
98			+my $d = esmith::DomainsDB->open_ro \|\| die "Couldn't open the domains database";
99			+my $domain = shift \|\| $c->get('DomainName')->value;
100			+
101			+die "Domain $domain doesn't exist"
102			+ unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
103			+
104			+warn "DKIM Signing is disabled for domain $domain"
105			+ if (($d->get($domain)->prop('DKIMSigning') \|\| 'enabled') eq 'disabled');
106			+
107			+die "Can't find DKIM keys for domain $domain"
108			+ unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
109			+
110			+die "Can't find the selector for domain $domain"
111			+ unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
112			+
113			+print <<'_EOF';
114			+
115			+Here are sample DNS entries you should add in your public DNS
116			+The DKIM entry can be copied as is, but others will probably need to be adjusted
117			+to your need. For example, you should either change the reporting email adress
118			+for DMARC (or create the needed pseudonym)
119			+
120			+_EOF
121			+
122			+my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
123			+open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
124			+while(<PUBKEY>){
125			+ next if /^\-/;
126			+ chomp;
127			+ $key_string .= $_;
128			+}
129			+close PUBKEY;
130			+open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
131			+my $selector = <SEL>;
132			+chomp $selector
133			+close SEL;
134			+
135			+my @key_chunks = ( $key_string =~ /.{1,255}/g );
136			+my $txt = '';
137			+$txt .= '"' . $_ . '"' foreach (@key_chunks);
138			+
139			+print <<"_EOF";
140			+
141			+$selector._domainkey IN TXT $txt
142			+\@ IN SPF "v=spf1 mx a -all"
143			+\@ IN TXT "v=spf1 mx a -all"
144			+_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
145			+
146			+_EOF
147			diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
148			--- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:30.627369165 +0200
149			+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:21.828372608 +0200
150			@@ -34,6 +34,15 @@
151			[ -e /var/service/qpsmtpd/ssl/dhparam.pem ] \|\| \
152			RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
153
154			+# Create a default dkim key pair
155			+[ -e /home/e-smith/dkim_keys/default/private ] \|\| (\
156			+ RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
157			+ /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
158			+ -out /home/e-smith/dkim_keys/default/public -pubout
159			+ chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
160			+ chmod 400 /home/e-smith/dkim_keys/default/private
161			+)
162			+
163			exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
164			/usr/bin/qpsmtpd-forkserver \
165			-u qpsmtpd \