From e2152c263481294656f8548a9ef8682988805d33 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 22 Aug 2013 07:29:25 +0000 Subject: [PATCH] adding opendkim support, to be tested --- .gitattributes | 2 ++ debian/control | 4 ++-- .../templates/alternc/postfix/postfix.cf | 5 ++++ etc/alternc/templates/default/opendkim | 10 ++++++++ etc/alternc/templates/opendkim.conf | 16 +++++++++++++ install/alternc.install | 12 ++++++---- src/functions_dns.sh | 23 ++++++++++++++++++- wheezy/control.diff | 8 +++---- 8 files changed, 69 insertions(+), 11 deletions(-) create mode 100644 etc/alternc/templates/default/opendkim create mode 100644 etc/alternc/templates/opendkim.conf diff --git a/.gitattributes b/.gitattributes index b8802c60..794631cd 100644 --- a/.gitattributes +++ b/.gitattributes @@ -472,12 +472,14 @@ etc/alternc/templates/bind/slaveip.conf -text etc/alternc/templates/bind/templates/named.template -text etc/alternc/templates/bind/templates/slave.template -text etc/alternc/templates/bind/templates/zone.template -text +etc/alternc/templates/default/opendkim -text etc/alternc/templates/default/saslauthd -text etc/alternc/templates/dovecot/dovecot-dict-quota.conf -text etc/alternc/templates/dovecot/dovecot-sql.conf -text etc/alternc/templates/dovecot/dovecot.conf -text etc/alternc/templates/incron.d/alternc_do_action -text etc/alternc/templates/incron.d/alternc_update_domains -text +etc/alternc/templates/opendkim.conf -text etc/alternc/templates/postfix/master.cf -text etc/alternc/templates/postfix/myalias.cf -text etc/alternc/templates/postfix/mydomain.cf -text diff --git a/debian/control b/debian/control index 475ec8fd..ee7a11ab 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.9.4 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, bash (>= 4), acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, ${misc:Depends} +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} Recommends: mysql-server(>= 5.0), ntp, quota, unzip, bzip2 Conflicts: alternc-admintools, alternc-awstats (<< 1.0), alternc-webalizer (<= 0.9.4), alternc-mailman (<< 2.0), courier-authlib Provides: alternc-admintools @@ -39,7 +39,7 @@ Description-fr.UTF-8: Suite logicielle d'hébergement mutualisé pour Debian Package: alternc-slave Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, acl -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, ${misc:Depends} +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} Recommends: dovecot-managesieved, dovecot-sieve, dovecot-mysql, quota Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Provides: alternc diff --git a/etc/alternc/templates/alternc/postfix/postfix.cf b/etc/alternc/templates/alternc/postfix/postfix.cf index 3c5fe3be..8283253d 100644 --- a/etc/alternc/templates/alternc/postfix/postfix.cf +++ b/etc/alternc/templates/alternc/postfix/postfix.cf @@ -46,3 +46,8 @@ transport_maps = proxy:mysql:/etc/postfix/mytransport.cf dovecot_destination_recipient_limit = 1 mailman_destination_recipient_limit = 1 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unlisted_recipient, reject_unauth_destination +# DKIM Filtering +milter_default_action = accept +milter_protocol = 6 +smtpd_milters = inet:127.0.0.1:8891 +non_smtpd_milters = inet:127.0.0.1:8891 diff --git a/etc/alternc/templates/default/opendkim b/etc/alternc/templates/default/opendkim new file mode 100644 index 00000000..ceeb36a3 --- /dev/null +++ b/etc/alternc/templates/default/opendkim @@ -0,0 +1,10 @@ +# +# %%warning_message%% +# +# Command-line options specified here will override the contents of +# /etc/opendkim.conf. See opendkim(8) for a complete list of options. +#DAEMON_OPTS="" +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +SOCKET="inet:8891:localhost" diff --git a/etc/alternc/templates/opendkim.conf b/etc/alternc/templates/opendkim.conf new file mode 100644 index 00000000..7499491f --- /dev/null +++ b/etc/alternc/templates/opendkim.conf @@ -0,0 +1,16 @@ +# +# %%warning_message%% +# + +# Log to syslog +Syslog yes +SyslogSuccess yes + +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 002 + +KeyTable /etc/opendkim/KeyTable +SigningTable /etc/opendkim/SigningTable +ExternalIgnoreList /etc/opendkim/TrustedHosts +InternalHosts /etc/opendkim/TrustedHosts diff --git a/install/alternc.install b/install/alternc.install index bb1a84a7..e1ae00f4 100644 --- a/install/alternc.install +++ b/install/alternc.install @@ -66,7 +66,8 @@ if [ -d /etc/postfix ]; then CONFIG_FILES="$CONFIG_FILES etc/postfix/master.cf etc/postfix/myalias.cf etc/postfix/myrelay.cf etc/postfix/mydomain.cf etc/postfix/myrelay-domain.cf etc/postfix/mygid.cf etc/postfix/myquota.cf etc/postfix/myvirtual.cf etc/postfix/mytransport.cf etc/postfix/sasl/smtpd.conf - etc/alternc/postfix/postfix.cf etc/alternc/postfix/postfix-slave.cf" + etc/alternc/postfix/postfix.cf etc/alternc/postfix/postfix-slave.cf + etc/opendkim.conf etc/default/opendkim" fi if [ -e /etc/proftpd/proftpd.conf ]; then CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf" @@ -89,7 +90,6 @@ if [ -f "$INSTALLED_CONFIG_TAR" ]; then CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null | grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs' |grep -v 'Mode differs' | sed -e 's/^\([^:]*\).*/ \1/' | sort -u`" - # " shutup emacs if [ ! -z "$CHANGED" ]; then echo "The following configuration files has changed since last AlternC" echo "installation :" @@ -543,13 +543,18 @@ chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/" # We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) /usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='update';" +# We ensure localhost is trusted to opendkim +mkdir -p "/etc/opendkim/keys" +grep -q "^127.0.0.1\$" /etc/opendkim/TrustedHosts || echo "127.0.0.1" >>/etc/opendkim/TrustedHosts +grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/opendkim/TrustedHosts + # hook run-parts --arg=before-reload /usr/lib/alternc/install.d ####################################################################### # Reload services # -for service in postfix bind9 apache2 dovecot cron proftpd; do +for service in postfix bind9 apache2 dovecot cron proftpd opendkim; do invoke-rc.d $service force-reload || true done @@ -561,7 +566,6 @@ for service in $SERVICES; do test -x /etc/init.d/$service && invoke-rc.d $service start || true done -#launch fixperms echo "Fix all the permission. May be quite long..." /usr/lib/alternc/fixperms.sh echo "Compile PO files" diff --git a/src/functions_dns.sh b/src/functions_dns.sh index a0588d25..1c69010d 100755 --- a/src/functions_dns.sh +++ b/src/functions_dns.sh @@ -65,7 +65,7 @@ dns_named_conf() { return 1 fi - # Add the entry + # Add the entry grep -q "\"$domain\"" "$NAMED_CONF" if [ $? -ne 0 ] ; then local tempo=$(cat "$NAMED_TEMPLATE") @@ -141,6 +141,27 @@ dns_regenerate() { fi # End if containt DEFAULT_MX ##### Mail autodetect for thunderbird / outlook - END + ##### OpenDKIM signature management - START + # If $file contain DEFAULT_MX + if [ ! -z "$(echo -e "$file" |egrep 'DEFAULT_MX' )" ] ; then + # If necessary, we generate the key: + if [ ! -d "/etc/opendkim/keys/$domain" ] ; then + mkdir -p "/etc/opendkim/keys/$domain" + + pushd "/etc/opendkim/keys/$domain" >/dev/null + opendkim-genkey -r -d "$domain" -s "alternc" + chown opendkim:opendkim alternc.private + popd + + grep -q "^$domain\$" /etc/opendkim/TrustedHosts || echo "$domain" >>/etc/opendkim/TrustedHosts + grep -q "^alternc._domainkey.$domain " /etc/opendkim/KeyTable || echo "alternc._domainkey.$domain $domain:alternc:/etc/opendkim/keys/$domain/alternc.private" >> /etc/opendkim/KeyTable + grep -q "^$domain alternc._domainkey.$domain\$" /etc/opendkim/SigningTable || echo "$domain alternc._domainkey.$domain" >> /etc/opendkim/SigningTable + fi + # we add alternc._domainkey with the proper key + file="$(echo -e "$file" ; cat "/etc/opendkim/keys/$domain/alternc.txt")" + fi + ##### OpenDKIM signature management - END + # Replace the vars by their values # Here we can add dynamic value for the default MX file=$( echo -e "$file" | sed -e " diff --git a/wheezy/control.diff b/wheezy/control.diff index 13487eac..5a285332 100644 --- a/wheezy/control.diff +++ b/wheezy/control.diff @@ -6,9 +6,9 @@ Index: ../debian/control Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, bash (>= 4), acl --Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, ${misc:Depends} +-Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:1.2.15), dovecot-common(<< 1:2.0), dovecot-imapd (>= 1:1.2.15), dovecot-pop3d (>= 1:1.2.15), vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} -Recommends: mysql-server(>= 5.0), ntp, quota, unzip, bzip2 -+Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, ${misc:Depends} ++Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, bind9, wget, rsync, ca-certificates, locales, perl-suid | perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), sudo, adduser, mysql-client, dnsutils, dovecot-common (>=1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} +Recommends: mysql-server(>= 5.0), ntp, quota, unzip, bzip2, dovecot-sieve, dovecot-managesieved Conflicts: alternc-admintools, alternc-awstats (<< 1.0), alternc-webalizer (<= 0.9.4), alternc-mailman (<< 2.0), courier-authlib Provides: alternc-admintools @@ -17,8 +17,8 @@ Index: ../debian/control Package: alternc-slave Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0, acl --Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, ${misc:Depends} -+Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, ${misc:Depends} +-Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:1.2.15), dovecot-imapd, dovecot-pop3d, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} ++Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, postfix-tls, bind9, wget, rsync, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), adduser, mysql-client, sudo, dovecot-common (>= 1:2.1.7), dovecot-imapd, dovecot-pop3d, dovecot-mysql, vlogger, mailutils | mailx, incron, cron, opendkim, ${misc:Depends} Recommends: dovecot-managesieved, dovecot-sieve, dovecot-mysql, quota Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Provides: alternc