Merge branch 'scintill/nixos-mailserver-dkim-bits'
This commit is contained in:
commit
ee7bb07f25
3 changed files with 19 additions and 0 deletions
13
default.nix
13
default.nix
|
@ -422,6 +422,19 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dkimKeyBits = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 1024;
|
||||||
|
description = ''
|
||||||
|
How many bits in generated DKIM keys. RFC6376 advises minimum 1024-bit keys.
|
||||||
|
|
||||||
|
If you have already deployed a key with a different number of bits than specified
|
||||||
|
here, then you should use a different selector (dkimSelector). In order to get
|
||||||
|
this package to generate a key with the new number of bits, you will either have to
|
||||||
|
change the selector or delete the old key file.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
debug = mkOption {
|
debug = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
|
|
@ -33,6 +33,7 @@ let
|
||||||
then
|
then
|
||||||
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
|
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
|
||||||
-d "${dom}" \
|
-d "${dom}" \
|
||||||
|
--bits="${toString cfg.dkimKeyBits}" \
|
||||||
--directory="${cfg.dkimKeyDirectory}"
|
--directory="${cfg.dkimKeyDirectory}"
|
||||||
mv "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.private" "${dkim_key}"
|
mv "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.private" "${dkim_key}"
|
||||||
mv "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.txt" "${dkim_txt}"
|
mv "${cfg.dkimKeyDirectory}/${cfg.dkimSelector}.txt" "${dkim_txt}"
|
||||||
|
|
|
@ -38,6 +38,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
rewriteMessageId = true;
|
rewriteMessageId = true;
|
||||||
|
dkimKeyBits = 1535;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
|
@ -321,6 +322,10 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
$client->succeed("grep 'Received: from mail.example.com' ~/mail/*");
|
$client->succeed("grep 'Received: from mail.example.com' ~/mail/*");
|
||||||
};
|
};
|
||||||
|
|
||||||
|
subtest "dkim has user-specified size", sub {
|
||||||
|
$server->succeed("openssl rsa -in /var/dkim/example.com.mail.key -text -noout | grep 'Private-Key: (1535 bit)'");
|
||||||
|
};
|
||||||
|
|
||||||
subtest "dkim singing, multiple domains", sub {
|
subtest "dkim singing, multiple domains", sub {
|
||||||
$client->execute("rm ~/mail/*");
|
$client->execute("rm ~/mail/*");
|
||||||
# send email from user2 to user1
|
# send email from user2 to user1
|
||||||
|
|
Loading…
Reference in a new issue