mode 0o644
end
+if node[:exim][:dkim_selectors]
+ keys = data_bag_item("exim", "dkim")
+
+ template "/etc/exim4/dkim-selectors" do
+ owner "root"
+ source "dkim-selectors.erb"
+ group "Debian-exim"
+ mode 0o644
+ end
+
+ directory "/etc/exim4/dkim-keys" do
+ owner "root"
+ group "Debian-exim"
+ mode 0o755
+ end
+
+ node[:exim][:dkim_selectors].each do |domain, selector|
+ file "/etc/exim4/dkim-keys/#{domain}" do
+ content keys[domain].join("\n")
+ owner "root"
+ group "Debian-exim"
+ mode 0o640
+ end
+ end
+end
+
template "/etc/exim4/exim4.conf" do
source "exim4.conf.erb"
owner "root"
dnslookup:
driver = dnslookup
domains = ! +local_domains
- transport = remote_smtp
+ transport = signed_smtp
same_domain_copy_routing = yes
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
tls_require_ciphers = <%= node[:ssl][:gnutls_ciphers] %>:%LATEST_RECORD_VERSION
+# This transport is used for delivering DKIM signed messages over SMTP connections.
+
+signed_smtp:
+ driver = smtp
+ dkim_domain = ${lc:${domain:$h_from:}}
+ dkim_selector = ${lookup{$dkim_domain}lsearch{/etc/exim4/dkim-selectors}{$value}}
+ dkim_private_key = /etc/exim4/dkim-keys/${dkim_domain}
+ dkim_identity = ${lc:${address:$h_from:}}
+ # dkim_timestamps = 1209600
+ multi_domain = false
+ tls_require_ciphers = <%= node[:ssl][:gnutls_ciphers] %>:%LATEST_RECORD_VERSION
+
+
# This transport is used for handling pipe deliveries generated by alias or
# .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
projects / chef.git / commitdiff