From 05541ff0bb375b4c85a9ab7e552faf7fc3c87393 Mon Sep 17 00:00:00 2001 From: "Antonio J. Delgado" Date: Wed, 3 Apr 2024 23:58:26 +0300 Subject: [PATCH] fix multidomain config --- tasks/configure.yml | 62 ++++++++++++++++++++++++--------------- templates/keytable.j2 | 2 +- templates/signingtable.j2 | 2 +- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index 5273fbd..239045d 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -57,29 +57,45 @@ backup: true notify: Restart OpenDKIM service -# - name: Configure OpenDKIM domains -# lineinfile: -# path: /etc/opendkim.conf -# regexp: '^Domain ' -# line: "Domain {{ mail_domains|join(',') }}" -# backup: true -# notify: Restart OpenDKIM service +- name: Configure OpenDKIM key table + lineinfile: + path: /etc/opendkim.conf + regexp: '^KeyTable ' + line: "KeyTable /etc/opendkim/keytable" + backup: true + notify: Restart OpenDKIM service -# - name: Configure OpenDKIM key file -# lineinfile: -# path: /etc/opendkim.conf -# regexp: '^KeyFile ' -# line: "KeyFile /etc/dkimkeys/{{ mail_domains[0] }}.private" -# backup: true -# notify: Restart OpenDKIM service +- name: Configure OpenDKIM signing table + lineinfile: + path: /etc/opendkim.conf + regexp: '^SigningTable ' + line: "SigningTable /etc/opendkim/signingtable" + backup: true + notify: Restart OpenDKIM service -# - name: Configure OpenDKIM selector -# lineinfile: -# path: /etc/opendkim.conf -# regexp: '^Selector ' -# line: 'Selector ""' -# backup: true -# notify: Restart OpenDKIM service +- name: Configure OpenDKIM InternalHosts + lineinfile: + path: /etc/opendkim.conf + regexp: '^InternalHosts ' + line: 'InternalHosts /etc/opendkim/TrustedHosts' + backup: true + notify: Restart OpenDKIM service + +- name: Configure OpenDKIM ExternalIgnoreList + lineinfile: + path: /etc/opendkim.conf + regexp: '^ExternalIgnoreList ' + line: 'ExternalIgnoreList /etc/opendkim/TrustedHosts' + backup: true + notify: Restart OpenDKIM service + +- name: Configure OpenDKIM SubDomains + lineinfile: + path: /etc/opendkim.conf + regexp: '^SubDomains ' + line: 'SubDomains yes' + backup: true + notify: Restart OpenDKIM service - name: Ensure opendkim folder exists file: @@ -123,7 +139,7 @@ lineinfile: path: /etc/postfix/main.cf regexp: '^milter_default_action ' - line: 'milter_default_action = accept' + line: 'milter_default_action = accept' backup: yes notify: - Reload postfix @@ -132,7 +148,7 @@ lineinfile: path: /etc/postfix/main.cf regexp: '^milter_protocol ' - line: 'milter_protocol = 2' + line: 'milter_protocol = 6' backup: yes notify: - Reload postfix diff --git a/templates/keytable.j2 b/templates/keytable.j2 index c3c7db8..4203b0e 100644 --- a/templates/keytable.j2 +++ b/templates/keytable.j2 @@ -1,3 +1,3 @@ {% for domain in mail_domains %} - {{ dkim_selector }}._domainkey.{{ domain }} {{ domain }}:selector:/etc/opendkim/{{ domain }}.private +{{ dkim_selector }}._domainkey.{{ domain }} {{ domain }}:default:/etc/opendkim/{{ domain }}.private {% endfor %} diff --git a/templates/signingtable.j2 b/templates/signingtable.j2 index 2b0a1b9..2dc96d2 100644 --- a/templates/signingtable.j2 +++ b/templates/signingtable.j2 @@ -1,3 +1,3 @@ {% for domain in mail_domains %} - *@{{ domain }} {{ dkim_selector }}._domainkey.{{ domain }} +*@{{ domain }} {{ dkim_selector }}._domainkey.{{ domain }} {% endfor %}