From: Tom Hughes Date: Sun, 1 Mar 2020 17:11:22 +0000 (+0000) Subject: Enable DKIM signing of subdomains X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/d63e6e2745e70150af2c3cad0efd09b126f4cfc2 Enable DKIM signing of subdomains --- diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb index 11865f6b6..a9f6472e6 100644 --- a/cookbooks/exim/recipes/default.rb +++ b/cookbooks/exim/recipes/default.rb @@ -120,6 +120,13 @@ end if node[:exim][:dkim_selectors] keys = data_bag_item("exim", "dkim") + template "/etc/exim4/dkim-domains" do + owner "root" + source "dkim-domains.erb" + group "Debian-exim" + mode 0o644 + end + template "/etc/exim4/dkim-selectors" do owner "root" source "dkim-selectors.erb" diff --git a/cookbooks/exim/templates/default/dkim-domains.erb b/cookbooks/exim/templates/default/dkim-domains.erb new file mode 100644 index 000000000..992ac39c7 --- /dev/null +++ b/cookbooks/exim/templates/default/dkim-domains.erb @@ -0,0 +1,3 @@ +<% node[:exim][:dkim_selectors].each do |domain, _selector| -%> +*.<%= domain %>: <%= domain %> +<% end -%> diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index ab832999d..3c4ebd4aa 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -710,7 +710,7 @@ remote_smtp: signed_smtp: driver = smtp - dkim_domain = ${lc:${domain:$h_from:}} + dkim_domain = ${lookup{${domain:$h_from:}}partial-lsearch{/etc/exim4/dkim-domains}{$value}} dkim_selector = ${lookup{$dkim_domain}lsearch{/etc/exim4/dkim-selectors}{$value}} dkim_private_key = /etc/exim4/dkim-keys/${dkim_domain} dkim_identity = ${lc:${address:$h_from:}}