Add DKIM signing when using multiple domains.
This commit is contained in:
parent
4b48892f74
commit
a72c8440f8
@ -21,14 +21,45 @@
|
||||
mode: '0770'
|
||||
notify: restart opendkim
|
||||
|
||||
- name: Generate DKIM signing key
|
||||
#- name: Generate DKIM signing key
|
||||
# ansible.builtin.command:
|
||||
# cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
|
||||
# creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
|
||||
# become: true
|
||||
# become_user: opendkim
|
||||
# notify: restart opendkim
|
||||
|
||||
- name: Ensure DKIM directories exist for each domain
|
||||
ansible.builtin.file:
|
||||
path: "/etc/dkimkeys/{{ item.name }}"
|
||||
state: directory
|
||||
owner: opendkim
|
||||
group: opendkim
|
||||
mode: '0750'
|
||||
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
|
||||
|
||||
- name: Generate DKIM signing keys for each domain
|
||||
ansible.builtin.command:
|
||||
cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
|
||||
creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
|
||||
become: true
|
||||
cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ item.name }} --directory /etc/dkimkeys/{{ item.name }}"
|
||||
creates: "/etc/dkimkeys/{{ item.name }}/{{ dkim_selector }}.private"
|
||||
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
|
||||
become_user: opendkim
|
||||
notify: restart opendkim
|
||||
|
||||
- name: Configure the KeyTable
|
||||
ansible.builtin.template:
|
||||
src: keytable.j2
|
||||
dest: "{{ dkim_key_path }}/KeyTable"
|
||||
mode: '0644'
|
||||
notify: restart opendkim
|
||||
|
||||
- name: Configuring the SigningTable
|
||||
ansible.builtin.template:
|
||||
src: signingtable.j2
|
||||
dest: "{{ dkim_key_path }}/SigningTable"
|
||||
mode: '0644'
|
||||
notify: restart opendkim
|
||||
|
||||
- name: Ensure postfix is in opendkim group
|
||||
ansible.builtin.user:
|
||||
name: postfix
|
||||
|
8
templates/keytable.j2
Normal file
8
templates/keytable.j2
Normal file
@ -0,0 +1,8 @@
|
||||
{% if postfix_virtual_domains|length > 0 %}
|
||||
{{ dkim_selector }}._domainkey.{{ postfix_domain }} {{ postfix_domain }}:mail:/etc/dkimkeys/{{ postfix_domain }}/{{ dkim_selector }}.private
|
||||
{% for domain in postfix_virtual_domains %}
|
||||
{{ dkim_selector }}._domainkey.{{ domain.name }} {{ domain.name }}:mail:/etc/dkimkeys/{{ domain.name }}/{{ dkim_selector }}.private
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{{ dkim_selector }}._domainkey.{{ postfix_domain }} {{ postfix_domain }}:mail:/etc/dkimkeys/{{ postfix_domain }}/{{ dkim_selector }}.private
|
||||
{% endif %}
|
@ -21,7 +21,8 @@ OversignHeaders From
|
||||
# setup options can be found in /usr/share/doc/opendkim/README.opendkim.
|
||||
Domain {{ postfix_domain }}
|
||||
Selector {{ dkim_selector }}
|
||||
KeyFile {{ dkim_key_path}}/{{ dkim_selector }}.private
|
||||
KeyTable {{ dkim_key_path }}/KeyTable
|
||||
SigningTable refile:{{ dkim_key_path }}/SigningTable
|
||||
|
||||
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
|
||||
# using a local socket with MTAs that access the socket as a non-privileged
|
||||
|
8
templates/signingtable.j2
Normal file
8
templates/signingtable.j2
Normal file
@ -0,0 +1,8 @@
|
||||
{% if postfix_virtual_domains|length > 0 %}
|
||||
*@{{ postfix_domain }} {{ dkim_selector }}._domainkey.{{ postfix_domain }}
|
||||
{% for domain in postfix_virtual_domains %}
|
||||
*@{{ domain.name }} {{ dkim_selector }}._domainkey.{{ domain.name }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
*@{{ postfix_domain }} {{ dkim_selector }}._domainkey.{{ postfix_domain }}
|
||||
{% endif %}
|
Loading…
Reference in New Issue
Block a user