[pmg-devel] [PATCH pmg-api v2 03/11] add DKIM options to PMG::Config
Stoiko Ivanov
s.ivanov at proxmox.com
Tue Oct 15 21:46:42 CEST 2019
This patch adds a new registered file to PMG::Config: /etc/pmg/dkim/domains.
* It holds a list of domains for which mail will be signed if received on the
internal port (26).
* The domain of a mail is determined by it's envelope-sender
(not the From: header)
* If the file does not exist mail is signed for the relay domains as a sensible
fallback
Additionally it adds 3 new options to the admin section of pmg.conf:
* dkim_sign - whether DKIM signing should be attempted
* dkim_sign_all_mail - wheter the outbound mail should be signed irrespective
of sender-domain
* dkim_selector - the selector used for signing (a label of the DKIM TXT record
and present in the signature - thus linking the signature to the used key
- see RFC6376)
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
src/PMG/Config.pm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 1646f91..18d220c 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -112,6 +112,21 @@ sub properties {
type => 'string', pattern => '^/([^/\0]+\/)+[^/\0]+$',
default => '/usr/local/bin/pmg-custom-check',
},
+ dkim_sign => {
+ description => "DKIM sign outbound mails with the configured Selector.",
+ type => 'boolean',
+ default => 0,
+ },
+ dkim_sign_all_mail => {
+ description => "DKIM sign all outgoing mails irrespective of the Envelope From domain.",
+ type => 'boolean',
+ default => 0,
+ },
+ dkim_selector => {
+ description => "Default DKIM selector",
+ type => 'string', format => 'dns-name', #see RFC6376 3.1
+ default => 'pmg',
+ },
};
}
@@ -127,6 +142,9 @@ sub options {
http_proxy => { optional => 1 },
custom_check => { optional => 1 },
custom_check_path => { optional => 1 },
+ dkim_sign => { optional => 1 },
+ dkim_sign_all_mail => { optional => 1 },
+ dkim_selector => { optional => 1 },
};
}
@@ -917,6 +935,13 @@ PVE::INotify::register_file('domains', $domainsfilename,
\&write_pmg_domains,
undef, always_call_parser => 1);
+my $dkimdomainsfile = '/etc/pmg/dkim/domains';
+
+PVE::INotify::register_file('dkimdomains', $dkimdomainsfile,
+ \&read_pmg_domains,
+ \&write_pmg_domains,
+ undef, always_call_parser => 1);
+
my $mynetworks_filename = "/etc/pmg/mynetworks";
sub read_pmg_mynetworks {
@@ -1551,6 +1576,11 @@ sub rewrite_config_postfix {
#parameters affecting services w/o config-file (pmgpolicy, pmg-smtp-filter)
my $pmg_service_params = {
mail => { hide_received => 1 },
+ admin => {
+ dkim_selector => 1,
+ dkim_sign => 1,
+ dkim_sign_all_mail => 1,
+ },
};
my $smtp_filter_cfg = '/run/pmg-smtp-filter.cfg';
--
2.20.1
More information about the pmg-devel
mailing list