aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2023-03-17 16:02:16 -0300
committerEuAndreh <eu@euandre.org>2023-03-17 16:02:16 -0300
commitf2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1 (patch)
treed77b1e63f10527e5dcd36797f5567124163a6ef8
parentqueue.scm: Put Dovecot config file under /etc/dovecot/dovecot.conf by default (diff)
downloadpackage-repository-f2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1.tar.gz
package-repository-f2fc4a6cc2a71d93d822de58a2fe75dcded9f1b1.tar.xz
queue.scm: Parameterize address of DKIM mail filter in Postfix
-rw-r--r--src/org/euandre/queue.scm38
1 files changed, 22 insertions, 16 deletions
diff --git a/src/org/euandre/queue.scm b/src/org/euandre/queue.scm
index fcb65ab..fa48526 100644
--- a/src/org/euandre/queue.scm
+++ b/src/org/euandre/queue.scm
@@ -891,30 +891,37 @@ By default, the daemon runs in a container.")))
(cert-file postfix-configuration-cert-file (default #f))
(key-file postfix-configuration-key-file (default #f))
(hostname postfix-configuration-hostname (default (gethostname)))
+ (dkim-filter-listen postfix-configuration-dkim-filter-listen (default "[127.0.0.1]:10027"))
+ (dkim-filter-relay postfix-configuration-dkim-filter-relay (default "127.0.0.1:10028"))
(run-in-container? postfix-configuration-run-in-container? (default #f))
(container-name postfix-configuration-container-name (default "postfix"))
(container-namespaces postfix-configuration-container-namespaces (default (s1:fold delq container:%namespaces '(net))))
(extra-mappings postfix-configuration-extra-mappings (default '())))
+(define (dksign-filter dkim-filter-listen)
+ (format #f
+ "
+ -o content_filter=dksign:~a"
+ dkim-filter-listen))
-
-(define submission-config "
+(define (submission-config dkim-filter-listen)
+ (format #f
+ "
submission inet n - n - - smtpd -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
- -o content_filter=dksign:[127.0.0.1]:10027")
-
-(define dksign-filter "
- -o content_filter=dksign:[127.0.0.1]:10027")
+ -o content_filter=dksign:~a"
+ dkim-filter-listen))
-; FIXME: doesn't work for sendmail -t in localhost
-(define dksign-config "
+(define (dksign-config dkim-filter-relay)
+ (format #f
+ "
dksign unix - - n - - smtp
-o syslog_name=postfix/dkimproxyout-listen
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
-127.0.0.1:10028 inet n - n - - smtpd
+~a inet n - n - - smtpd
-o syslog_name=postfix/dkimproxyout-relay
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
@@ -924,13 +931,12 @@ dksign unix - - n - - smtp
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-")
+"
+ dkim-filter-relay))
-; FIXME: hardcoded value of dkimproxy listen and relay
-; FIXME: replace 127.0.0.1 with localhost
(define (generate-master.cf config)
(match-record config <postfix-configuration>
- (enable-submission? master.cf-extra)
+ (enable-submission? master.cf-extra dkim-filter-listen dkim-filter-relay)
(format #f
"# ============================================================================================================
# service type private unpriv chroot wakeup maxproc command + args
@@ -963,9 +969,9 @@ verify unix - - n - 1 verify
virtual unix - n n - - virtual
postlog unix-dgram n - n - 1 postlogd
~a~a~a"
- (if enable-submission? dksign-filter "")
- (if enable-submission? submission-config "")
- (if enable-submission? dksign-config "")
+ (if enable-submission? (dksign-filter dkim-filter-listen) "")
+ (if enable-submission? (submission-config dkim-filter-listen) "")
+ (if enable-submission? (dksign-config dkim-filter-relay) "")
master.cf-extra)))
(define (cert-for prefix config)