smeserver-qpsmtpd/sme9/smeserver-qpsmtpd-2.4.0-dkim_signing.patch

diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
--- smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:41:30.658369153 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks       2016-05-03 00:40:53.498383785 +0200
@@ -2,6 +2,17 @@
 
 use esmith::Build::CreateLinks qw(:all);
 
+foreach $event (qw(
+                    email-update
+                    domain-modify
+                    domain-create
+                    domain-delete
+                    bootstrap-console-save
+                ))
+{
+    event_link("domains-update-dkim", $event, "30");
+}
+
 my $service = "/var/service/qpsmtpd";
 
 foreach $event (qw(
@@ -40,11 +51,15 @@
                        ssl-update
                      ));
 
-templates2events("/etc/mail-dmarc.ini", qw(
+templates2events($_, qw(
                         bootstrap-console-save
                         console-save
                         email-update
-                      ));
+                      ))
+                        for (qw(
+                            /etc/mail-dmarc.ini
+                            /home/e-smith/dkim_keys/default/selector
+                        ));
 
 my $secure_service = "/var/service/sqpsmtpd";
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim       2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,40 @@
+#!/usr/bin/perl -w
+
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+use File::Find;
+
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configurtion database";
+
+my $qpsmtpd = $c->get('qpsmtpd');
+die "qpsmtpd service entry not found" unless ($qpsmtpd);
+
+my $dkim_sign = $qpsmtpd->prop('DKIMSigning') || 'disabled';
+
+find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
+
+# Build a list of domain for which we want to sign emails
+my @dkim_domains = ();
+
+if ($dkim_sign =~ m/^enabled|yes|1|on$/){
+  foreach my $dom ($d->domains){
+    next if ($dom->prop('DKIMSigning') || 'enabled') eq 'disabled';
+    next if ($dom->prop('MailServer'));
+    push @dkim_domains, $dom->key;
+  }
+}
+
+
+sub wanted{
+  my $domain = $d->get($_);
+  if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
+    unlink $_;
+  }
+}
+
+foreach my $dom (@dkim_domains){
+  next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
+  my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
+  symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin   1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1 @@
+{ $qpsmtpd{'DKIMSelector'} || 'default' }
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
--- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns       2016-05-03 00:40:53.499383785 +0200
@@ -0,0 +1,54 @@
+#!/usr/bin/perl -w
+
+use esmith::ConfigDB;
+use esmith::DomainsDB;
+my $c = esmith::ConfigDB->open_ro  || die "Couldn't open the configuration database";
+my $d = esmith::DomainsDB->open_ro || die "Couldn't open the domains database";
+my $domain = shift || $c->get('DomainName')->value;
+
+die "Domain $domain doesn't exist"
+  unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
+
+warn "DKIM Signing is disabled for domain $domain"
+  if (($d->get($domain)->prop('DKIMSigning') || 'enabled') eq 'disabled');
+
+die "Can't find DKIM keys for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
+
+die "Can't find the selector for domain $domain"
+  unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
+
+print <<'_EOF';
+
+Here are sample DNS entries you should add in your public DNS
+The DKIM entry can be copied as is, but others will probably need to be adjusted
+to your need. For example, you should either change the reporting email adress
+for DMARC (or create the needed pseudonym)
+
+_EOF
+
+my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
+open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
+while(<PUBKEY>){
+  next if /^\-/;
+  chomp;
+  $key_string .= $_;
+}
+close PUBKEY;
+open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
+my $selector = <SEL>;
+chomp $selector
+close SEL;
+
+my @key_chunks = ( $key_string =~ /.{1,255}/g );
+my $txt = '';
+$txt .= '"' . $_ . '"' foreach (@key_chunks);
+
+print <<"_EOF";
+
+$selector._domainkey IN TXT $txt
+\@ IN SPF "v=spf1 mx a -all"
+\@ IN TXT "v=spf1 mx a -all"
+_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
+
+_EOF
diff -Nur -x '*.orig' -x '*.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
--- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run        2016-05-03 00:41:30.627369165 +0200
+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run      2016-05-03 00:41:21.828372608 +0200
@@ -34,6 +34,15 @@
 [ -e /var/service/qpsmtpd/ssl/dhparam.pem ] || \
     RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
 
+# Create a default dkim key pair
+[ -e /home/e-smith/dkim_keys/default/private ] || (\
+    RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
+    /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
+        -out /home/e-smith/dkim_keys/default/public -pubout
+    chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
+    chmod 400 /home/e-smith/dkim_keys/default/private
+)
+
 exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
   /usr/bin/qpsmtpd-forkserver \
        -u qpsmtpd \
1	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/createlinks mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks
2	--- smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:41:30.658369153 +0200
3	+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/createlinks 2016-05-03 00:40:53.498383785 +0200
4	@@ -2,6 +2,17 @@
5
6	use esmith::Build::CreateLinks qw(:all);
7
8	+foreach $event (qw(
9	+ email-update
10	+ domain-modify
11	+ domain-create
12	+ domain-delete
13	+ bootstrap-console-save
14	+ ))
15	+{
16	+ event_link("domains-update-dkim", $event, "30");
17	+}
18	+
19	my $service = "/var/service/qpsmtpd";
20
21	foreach $event (qw(
22	@@ -40,11 +51,15 @@
23	ssl-update
24	));
25
26	-templates2events("/etc/mail-dmarc.ini", qw(
27	+templates2events($_, qw(
28	bootstrap-console-save
29	console-save
30	email-update
31	- ));
32	+ ))
33	+ for (qw(
34	+ /etc/mail-dmarc.ini
35	+ /home/e-smith/dkim_keys/default/selector
36	+ ));
37
38	my $secure_service = "/var/service/sqpsmtpd";
39
40	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim
41	--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 1970-01-01 01:00:00.000000000 +0100
42	+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/events/actions/domains-update-dkim 2016-05-03 00:40:53.499383785 +0200
43	@@ -0,0 +1,40 @@
44	+#!/usr/bin/perl -w
45	+
46	+use esmith::DomainsDB;
47	+use esmith::ConfigDB;
48	+use File::Find;
49	+
50	+my $d = esmith::DomainsDB->open_ro \|\| die "Couldn't open the domains database";
51	+my $c = esmith::ConfigDB->open_ro \|\| die "Couldn't open the configurtion database";
52	+
53	+my $qpsmtpd = $c->get('qpsmtpd');
54	+die "qpsmtpd service entry not found" unless ($qpsmtpd);
55	+
56	+my $dkim_sign = $qpsmtpd->prop('DKIMSigning') \|\| 'disabled';
57	+
58	+find({ wanted => \&wanted }, qw(/var/service/qpsmtpd/config/dkim/));
59	+
60	+# Build a list of domain for which we want to sign emails
61	+my @dkim_domains = ();
62	+
63	+if ($dkim_sign =~ m/^enabled\|yes\|1\|on$/){
64	+ foreach my $dom ($d->domains){
65	+ next if ($dom->prop('DKIMSigning') \|\| 'enabled') eq 'disabled';
66	+ next if ($dom->prop('MailServer'));
67	+ push @dkim_domains, $dom->key;
68	+ }
69	+}
70	+
71	+
72	+sub wanted{
73	+ my $domain = $d->get($_);
74	+ if ( -l && !grep { $_ eq $domain->key } @dkim_domains ){
75	+ unlink $_;
76	+ }
77	+}
78	+
79	+foreach my $dom (@dkim_domains){
80	+ next if (-e '/var/service/qpsmtpd/config/dkim/' . $dom);
81	+ my $src = ( -e '/home/e-smith/dkim_keys/' . $dom ) ? '/home/e-smith/dkim_keys/' . $dom : '/home/e-smith/dkim_keys/default';
82	+ symlink $src, '/var/service/qpsmtpd/config/dkim/' . $dom;
83	+}
84	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin
85	--- smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 1970-01-01 01:00:00.000000000 +0100
86	+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/etc/e-smith/templates/home/e-smith/dkim_keys/default/selector/template-begin 2016-05-03 00:40:53.499383785 +0200
87	@@ -0,0 +1 @@
88	+{ $qpsmtpd{'DKIMSelector'} \|\| 'default' }
89	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns
90	--- smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 1970-01-01 01:00:00.000000000 +0100
91	+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/sbin/e-smith/qpsmtpd-print-dns 2016-05-03 00:40:53.499383785 +0200
92	@@ -0,0 +1,54 @@
93	+#!/usr/bin/perl -w
94	+
95	+use esmith::ConfigDB;
96	+use esmith::DomainsDB;
97	+my $c = esmith::ConfigDB->open_ro \|\| die "Couldn't open the configuration database";
98	+my $d = esmith::DomainsDB->open_ro \|\| die "Couldn't open the domains database";
99	+my $domain = shift \|\| $c->get('DomainName')->value;
100	+
101	+die "Domain $domain doesn't exist"
102	+ unless ($d->get($domain) && $d->get($domain)->prop('type') eq 'domain');
103	+
104	+warn "DKIM Signing is disabled for domain $domain"
105	+ if (($d->get($domain)->prop('DKIMSigning') \|\| 'enabled') eq 'disabled');
106	+
107	+die "Can't find DKIM keys for domain $domain"
108	+ unless (-e "/var/service/qpsmtpd/config/dkim/$domain/public");
109	+
110	+die "Can't find the selector for domain $domain"
111	+ unless (-e "/var/service/qpsmtpd/config/dkim/$domain/selector");
112	+
113	+print <<'_EOF';
114	+
115	+Here are sample DNS entries you should add in your public DNS
116	+The DKIM entry can be copied as is, but others will probably need to be adjusted
117	+to your need. For example, you should either change the reporting email adress
118	+for DMARC (or create the needed pseudonym)
119	+
120	+_EOF
121	+
122	+my $key_string = "v=DKIM1;o=~;t=y;r=dmarc-feedback\@$domain;p=";
123	+open PUBKEY, "/var/service/qpsmtpd/config/dkim/$domain/public";
124	+while(<PUBKEY>){
125	+ next if /^\-/;
126	+ chomp;
127	+ $key_string .= $_;
128	+}
129	+close PUBKEY;
130	+open SEL, "/var/service/qpsmtpd/config/dkim/$domain/selector";
131	+my $selector = <SEL>;
132	+chomp $selector
133	+close SEL;
134	+
135	+my @key_chunks = ( $key_string =~ /.{1,255}/g );
136	+my $txt = '';
137	+$txt .= '"' . $_ . '"' foreach (@key_chunks);
138	+
139	+print <<"_EOF";
140	+
141	+$selector._domainkey IN TXT $txt
142	+\@ IN SPF "v=spf1 mx a -all"
143	+\@ IN TXT "v=spf1 mx a -all"
144	+_dmarc IN TXT "v=DMARC1; p=none; adkim=s; aspf=r; rua=mailto:dmarc-feedback\@$domain; pct=100"
145	+
146	+_EOF
147	diff -Nur -x '.orig' -x '.rej' smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run
148	--- smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:30.627369165 +0200
149	+++ mezzanine_patched_smeserver-qpsmtpd-2.4.0/root/var/service/qpsmtpd/run 2016-05-03 00:41:21.828372608 +0200
150	@@ -34,6 +34,15 @@
151	[ -e /var/service/qpsmtpd/ssl/dhparam.pem ] \|\| \
152	RANDFILE=/dev/null /usr/bin/openssl dhparam -out /var/service/qpsmtpd/ssl/dhparam.pem 2048
153
154	+# Create a default dkim key pair
155	+[ -e /home/e-smith/dkim_keys/default/private ] \|\| (\
156	+ RANDFILE=/dev/null /usr/bin/openssl genrsa -out /home/e-smith/dkim_keys/default/private 2048
157	+ /usr/bin/openssl rsa -in /home/e-smith/dkim_keys/default/private \
158	+ -out /home/e-smith/dkim_keys/default/public -pubout
159	+ chown qpsmtpd:qpsmtpd /home/e-smith/dkim_keys/default/private
160	+ chmod 400 /home/e-smith/dkim_keys/default/private
161	+)
162	+
163	exec /usr/local/bin/softlimit -d ${SOFTLIMIT:-25000000} -s ${SOFTLIMIT:-25000000} -l ${SOFTLIMIT:-25000000} \
164	/usr/bin/qpsmtpd-forkserver \
165	-u qpsmtpd \