Commit c6e740b8 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

rspamd: Don't hardcode the dkim signing domain

We want to use rspamd for lists.al.org at some point, so we can't
hardcode the domain to archlinux.org.
parent c14c2c1a
......@@ -12,7 +12,7 @@
- { role: mta_sts }
- { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
- { role: dovecot }
- { role: rspamd, tags: ["mail"] }
- { role: rspamd, rspamd_dkim_domain: archlinux.org, tags: ["mail"] }
- { role: unbound, unbound_port: 5353, tags: ["mail"] }
- { role: postfwd, tags: ['mail'] }
- { role: archusers }
......
rspamd_dkim_use_esld: true
......@@ -7,6 +7,11 @@
notify:
- reload rspamd
- name: install dkim_signing.conf
template: src=dkim_signing.conf.j2 dest=/etc/rspamd/local.d/dkim_signing.conf owner=root group=root mode=0644
notify:
- reload rspamd
- name: create rspamd dkim directory
file: path=/var/lib/rspamd/dkim state=directory owner=rspamd group=rspamd mode=0750
......@@ -24,8 +29,8 @@
- name: install DKIM keys
copy: src={{ item }} dest=/var/lib/rspamd/dkim/ owner=rspamd group=rspamd mode=0600
loop:
- archlinux.org.dkim-ed25519.key
- archlinux.org.dkim-rsa.key
- "{{ rspamd_dkim_domain }}.dkim-ed25519.key"
- "{{ rspamd_dkim_domain }}.dkim-rsa.key"
notify:
- reload rspamd
......
domain {
archlinux.org {
{{ rspamd_dkim_domain }} {
selectors [
{
selector = "dkim-ed25519";
path = "/var/lib/rspamd/dkim/archlinux.org.dkim-ed25519.key";
path = "/var/lib/rspamd/dkim/{{ rspamd_dkim_domain }}.dkim-ed25519.key";
},
{
selector = "dkim-rsa";
path = "/var/lib/rspamd/dkim/archlinux.org.dkim-rsa.key";
path = "/var/lib/rspamd/dkim/{{ rspamd_dkim_domain }}.dkim-rsa.key";
}
]
}
......@@ -20,4 +20,4 @@ allow_hdrfrom_mismatch_sign_networks = true;
allow_username_mismatch = true;
use_domain = "header";
sign_authenticated = true;
use_esld = true;
use_esld = {{ 'true' if rspamd_dkim_use_esld else 'false' }};
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment