put all DKIM on the primary hostname since that's the only one guaranteed to...

put all DKIM on the primary hostname since that's the only one guaranteed to be actually hosted (DNS) here; give new users a Spam folder too

put all DKIM on the primary hostname since that's the only one guaranteed to...
put all DKIM on the primary hostname since that's the only one guaranteed to be actually hosted (DNS) here; give new users a Spam folder too
4a06e93b · Joshua Tauberer · fe02d58b · 4a06e93b · 4a06e93b · 4a06e93b
Commit 4a06e93b authored Aug 31, 2013 by Joshua Tauberer
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

dns.sh scripts/dns.sh +4 -0

dns_update.sh scripts/dns_update.sh +13 -1

start.sh scripts/start.sh +1 -0

mail.py tools/mail.py +1 -0

No files found.
--- a/scripts/dns.sh
+++ b/scripts/dns.sh
@@ -19,8 +19,12 @@ sudo mkdir -p /var/run/nsd3
 mkdir -p "$STORAGE_ROOT/dns";

 # Store our desired IP address (to put in the zone files) for later.
+# Also store our primary hostname, which we'll use for all DKIM signatures
+# in case the user is only delegating MX and we aren't setting DKIM on
+# the main DNS.

 echo $PUBLIC_IP > $STORAGE_ROOT/dns/our_ip
+echo $PUBLIC_HOSTNAME > $STORAGE_ROOT/dns/primary_hostname

 # Create the default zone if it doesn't exist.


--- a/scripts/dns_update.sh
+++ b/scripts/dns_update.sh
@@ -2,6 +2,15 @@

 source /etc/mailinabox.conf
 PUBLIC_IP=`cat $STORAGE_ROOT/dns/our_ip`
+PRIMARY_HOSTNAME=`cat $STORAGE_ROOT/dns/primary_hostname`
+
+# Ensure a zone file exists for every domain name of a mail user.
+for mail_user in `tools/mail.py user`; do
+	domain=`echo $mail_user | sed s/.*@//`
+	if [ ! -f $STORAGE_ROOT/dns/$domain.txt ]; then
+		echo "" > $STORAGE_ROOT/dns/$domain.txt;
+	fi
+done

 # Create the top of nsd.conf.

@@ -80,7 +89,10 @@ EOF

 	# OpenDKIM
 	
-	echo "$zone $zone:mail:$STORAGE_ROOT/mail/dkim/mail.private" >> /etc/opendkim/KeyTable
+	# For every domain, we sign against the key listed in PRIMARY_HOSTNAME's DNS,
+	# in case the user is just delegating MX and hasn't set the DKIM info on the
+	# main DNS record.
+	echo "$zone $PRIMARY_HOSTNAME:mail:$STORAGE_ROOT/mail/dkim/mail.private" >> /etc/opendkim/KeyTable
 	echo "*@$zone $zone" >> /etc/opendkim/SigningTable

 done

--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -38,6 +38,7 @@ fi

 cat > /etc/mailinabox.conf << EOF;
 STORAGE_ROOT=$STORAGE_ROOT
+PUBLIC_HOSTNAME=$PUBLIC_HOSTNAME
 EOF

 . scripts/system.sh

--- a/tools/mail.py
+++ b/tools/mail.py
@@ -51,6 +51,7 @@ elif sys.argv[1] == "user" and sys.argv[2] in ("add", "password"):
 		# Create the user's INBOX and subscribe it.
 		conn.commit() # write it before next step
 		subprocess.check_call(["doveadm", "mailbox", "create", "-u", email, "-s", "INBOX"])
+		subprocess.check_call(["doveadm", "mailbox", "create", "-u", email, "-s", "Spam"])
 	elif sys.argv[2] == "password":
 		c.execute("UPDATE users SET password=? WHERE email=?", (pw, email))
 		if c.rowcount != 1: