coop-cloud/mailman3
coop-cloud/mailman3
1
0
Fork 0
Code Issues 9 Pull Requests Releases Wiki Activity

Enable ARC signing for outgoing messages

Browse Source
This commit is contained in:
3wc 2023-09-30 21:14:12 +01:00
parent 2218afb811
commit 82551916bb
4 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
abra.sh
View File

@ -1,5 +1,5 @@
export CORE_ENTRYPOINT_CONF_VERSION=v1 export CORE_ENTRYPOINT_CONF_VERSION=v3
export MAILMAN_EXTRA_CFG_VERSION=v1 export MAILMAN_EXTRA_CFG_VERSION=v2
export NGINX_CONF_VERSION=v1 export NGINX_CONF_VERSION=v1
export SETTINGS_LOCAL_VERSION=v2 export SETTINGS_LOCAL_VERSION=v2
export WEB_ENTRYPOINT_CONF_VERSION=v1 export WEB_ENTRYPOINT_CONF_VERSION=v1

3
compose.yml
View File

@ -30,9 +30,10 @@ services:
- MTA=postfix - MTA=postfix
- SMTP_HOST - SMTP_HOST
- SMTP_PORT - SMTP_PORT
- DOMAIN=lists-test.autonomic.zone
configs: configs:
- source: mailman_extra_cfg - source: mailman_extra_cfg
target: /opt/mailman/core/mailman-extra.cfg target: /opt/mailman/mailman-extra.cfg
- source: core_entrypoint_sh - source: core_entrypoint_sh
target: /usr/local/bin/docker-entrypoint-custom.sh target: /usr/local/bin/docker-entrypoint-custom.sh
mode: 0555 mode: 0555

13
entrypoint.core.sh.tmpl
View File

@ -39,6 +39,19 @@ export DATABASE_URL="postgres://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE
sed "/192.168/d" /etc/hosts > /etc/hosts-single-hostname sed "/192.168/d" /etc/hosts > /etc/hosts-single-hostname
cat /etc/hosts-single-hostname > /etc/hosts cat /etc/hosts-single-hostname > /etc/hosts
# Diabolical hack to generate DKIM key for ARC, see:
# https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/arc_sign.html
# https://gitlab.com/mailman/mailman/blob/master/src/mailman/config/schema.cfg#L655-734
apk add openssl
dkim_private_key_file="/opt/mailman/dkim-{{ env "DOMAIN" }}.pem"
if [ ! -f "$dkim_private_key_file" ]; then
openssl genrsa -out "$dkim_private_key_file" 2048
fi
dkim_pub_key=$(openssl rsa -in "$dkim_private_key_file" -pubout -outform der 2>/dev/null | openssl base64 -A)
echo "DKIM public key: $dkim_pub_key"
# --- upstream entrypoint below --- # --- upstream entrypoint below ---
function wait_for_postgres () { function wait_for_postgres () {

16
mailman-extra.cfg.tmpl
View File

@ -17,3 +17,19 @@ configuration: /etc/postfix-mailman.cfg
# bounce from a list owner), will be sent to this address. It should point to # bounce from a list owner), will be sent to this address. It should point to
# a human. # a human.
site_owner: {{ env "MAILMAN_ADMIN_EMAIL" }} site_owner: {{ env "MAILMAN_ADMIN_EMAIL" }}
[ARC]
enabled: yes
dmarc: yes
dkim: yes
authserv_id: {{ env "DOMAIN" }}
privkey: /opt/mailman/dkim-{{ env "DOMAIN" }}.pem
selector: dkim
domain: {{ env "DOMAIN" }}
# This configures the headers that will be cryptographically signed
# This list is what is recommended by the DKIM & ARC specifications.
# Inclusion of the From header is mandatory.
sig_headers: From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version, Content-Type, Content-Transfer-Encoding, Content-ID, Content-Description, Resent-Date, Resent-From, Resent-Sender, Resent-To, Resent-Cc, Resent-Message-ID, In-Reply-To, References, List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive