Enable DKIM signing of subdomains
authorTom Hughes <tom@compton.nu>
Sun, 1 Mar 2020 17:11:22 +0000 (17:11 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 1 Mar 2020 17:18:06 +0000 (17:18 +0000)
cookbooks/exim/recipes/default.rb
cookbooks/exim/templates/default/dkim-domains.erb [new file with mode: 0644]
cookbooks/exim/templates/default/exim4.conf.erb

index 11865f6b61573c3822180c7df26626449bbc3a64..a9f6472e62a52007342e7e516614534b3c2181fa 100644 (file)
@@ -120,6 +120,13 @@ end
 if node[:exim][:dkim_selectors]
   keys = data_bag_item("exim", "dkim")
 
+  template "/etc/exim4/dkim-domains" do
+    owner "root"
+    source "dkim-domains.erb"
+    group "Debian-exim"
+    mode 0o644
+  end
+
   template "/etc/exim4/dkim-selectors" do
     owner "root"
     source "dkim-selectors.erb"
diff --git a/cookbooks/exim/templates/default/dkim-domains.erb b/cookbooks/exim/templates/default/dkim-domains.erb
new file mode 100644 (file)
index 0000000..992ac39
--- /dev/null
@@ -0,0 +1,3 @@
+<% node[:exim][:dkim_selectors].each do |domain, _selector| -%>
+*.<%= domain %>: <%= domain %>
+<% end -%>
index ab832999d6d977aca5700efd6e7104380dd62121..3c4ebd4aa254ccd79bfb2bc9009cd9e513d5adc1 100644 (file)
@@ -710,7 +710,7 @@ remote_smtp:
 
 signed_smtp:
   driver = smtp
-  dkim_domain = ${lc:${domain:$h_from:}}
+  dkim_domain = ${lookup{${domain:$h_from:}}partial-lsearch{/etc/exim4/dkim-domains}{$value}}
   dkim_selector = ${lookup{$dkim_domain}lsearch{/etc/exim4/dkim-selectors}{$value}}
   dkim_private_key = /etc/exim4/dkim-keys/${dkim_domain}
   dkim_identity = ${lc:${address:$h_from:}}