[pmg-devel] [PATCH pmg-api 04/12] add DKIM options to pmg.conf

Stoiko Ivanov s.ivanov at proxmox.com
Mon Oct 7 21:28:48 CEST 2019 

This patch adds a new registered file to PMG::Config: /etc/pmg/dkim/domains.
* It holds a list of domains for which mail will be signed if received on the
  internal port (26).
* The domain of a mail is determined by it's envelope-sender
  (not the From: header)
* If the file does not exist mail is signed for the relay domains as a sensible
  fallback

Additionally it adds 3 new options to the admin section of pmg.conf:
* dkim_sign - whether DKIM signing should be attempted
* dkim_sign_all_mail - wheter the outbound mail should be signed irrespective
  of sender-domain
* dkim_selector - the selector used for signing (a label of the DKIM TXT record
  and present in the signature - thus linking the signature to the used key
  - see RFC6376)

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PMG/Config.pm | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index a9a2822..b363ff4 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -112,6 +112,21 @@ sub properties {
 	    type => 'string', pattern => '^/([^/\0]+\/)+[^/\0]+$',
 	    default => '/usr/local/bin/pmg-custom-check',
 	},
+	dkim_sign => {
+	    description => "DKIM sign outbound mails with the configured Selector.",
+	    type => 'boolean',
+	    default => 0,
+	},
+	dkim_sign_all_mail => {
+	    description => "DKIM sign all outgoing mails irrespective of the Envelope From domain.",
+	    type => 'boolean',
+	    default => 0,
+	},
+	dkim_selector => {
+	    description => "Default DKIM selector",
+	    type => 'string', format => 'dns-name', #see RFC6376 3.1
+	    default => 'pmg',
+	},
     };
 }
 
@@ -127,6 +142,9 @@ sub options {
 	http_proxy => { optional => 1 },
 	custom_check => { optional => 1 },
 	custom_check_path => { optional => 1 },
+	dkim_sign => { optional => 1 },
+	dkim_sign_all_mail => { optional => 1 },
+	dkim_selector => { optional => 1 },
     };
 }
 
@@ -734,6 +752,11 @@ sub pmg_verify_dnsbl_entry {
 #parameters affecting services w/o config-file (pmgpolicy, pmg-smtp-filter)
 my $pmg_service_params = {
     mail => { hide_received => 1 },
+    admin => {
+	dkim_selector => 1,
+	dkim_sign => 1,
+	dkim_sign_all_mail => 1,
+    },
 };
 
 sub new {
@@ -944,6 +967,13 @@ PVE::INotify::register_file('domains', $domainsfilename,
 			    \&write_pmg_domains,
 			    undef, always_call_parser => 1);
 
+my $dkimdomainsfile = '/etc/pmg/dkim/domains';
+
+PVE::INotify::register_file('dkimdomains', $dkimdomainsfile,
+			    \&read_pmg_domains,
+			    \&write_pmg_domains,
+			    undef, always_call_parser => 1);
+
 my $mynetworks_filename = "/etc/pmg/mynetworks";
 
 sub read_pmg_mynetworks {
-- 
2.20.1

More information about the pmg-devel mailing list