Set DKIM policy to relaxed/relaxed
And make this policy configurable.
This commit is contained in:
parent
acaba31d8f
commit
0d9a880c0e
3 changed files with 45 additions and 1 deletions
20
default.nix
20
default.nix
|
@ -600,6 +600,26 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dkimHeaderCanonicalization = mkOption {
|
||||||
|
type = types.enum ["relaxed" "simple"];
|
||||||
|
default = "relaxed";
|
||||||
|
description = ''
|
||||||
|
DKIM canonicalization algorithm for message headers.
|
||||||
|
|
||||||
|
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dkimBodyCanonicalization = mkOption {
|
||||||
|
type = types.enum ["relaxed" "simple"];
|
||||||
|
default = "relaxed";
|
||||||
|
description = ''
|
||||||
|
DKIM canonicalization algorithm for message bodies.
|
||||||
|
|
||||||
|
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
debug = mkOption {
|
debug = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
|
|
@ -627,6 +627,30 @@ mailserver.dkim
|
||||||
~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
||||||
|
mailserver.dkimBodyCanonicalization
|
||||||
|
-----------------------------------
|
||||||
|
|
||||||
|
DKIM canonicalization algorithm for message bodies.
|
||||||
|
|
||||||
|
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
|
||||||
|
|
||||||
|
|
||||||
|
- Type: ``one of "relaxed", "simple"``
|
||||||
|
- Default: ``relaxed``
|
||||||
|
|
||||||
|
|
||||||
|
mailserver.dkimHeaderCanonicalization
|
||||||
|
-------------------------------------
|
||||||
|
|
||||||
|
DKIM canonicalization algorithm for message headers.
|
||||||
|
|
||||||
|
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
|
||||||
|
|
||||||
|
|
||||||
|
- Type: ``one of "relaxed", "simple"``
|
||||||
|
- Default: ``relaxed``
|
||||||
|
|
||||||
|
|
||||||
mailserver.dkimKeyBits
|
mailserver.dkimKeyBits
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ in
|
||||||
keyPath = cfg.dkimKeyDirectory;
|
keyPath = cfg.dkimKeyDirectory;
|
||||||
domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
|
domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
|
||||||
configFile = pkgs.writeText "opendkim.conf" (''
|
configFile = pkgs.writeText "opendkim.conf" (''
|
||||||
Canonicalization relaxed/simple
|
Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
|
||||||
UMask 0002
|
UMask 0002
|
||||||
Socket ${dkim.socket}
|
Socket ${dkim.socket}
|
||||||
KeyTable file:${keyTable}
|
KeyTable file:${keyTable}
|
||||||
|
|
Loading…
Reference in a new issue