summaryrefslogtreecommitdiffstats
path: root/server/setup/05-service-settings/etc
diff options
context:
space:
mode:
Diffstat (limited to 'server/setup/05-service-settings/etc')
-rw-r--r--server/setup/05-service-settings/etc/mail/sendmail.mc12
-rw-r--r--server/setup/05-service-settings/etc/opendkim.conf33
-rw-r--r--server/setup/05-service-settings/etc/opendkim/KeyTable1
-rw-r--r--server/setup/05-service-settings/etc/opendkim/SigningTable1
-rw-r--r--server/setup/05-service-settings/etc/opendkim/TrustedHosts2
5 files changed, 44 insertions, 5 deletions
diff --git a/server/setup/05-service-settings/etc/mail/sendmail.mc b/server/setup/05-service-settings/etc/mail/sendmail.mc
index 704e4da..9cfbbb9 100644
--- a/server/setup/05-service-settings/etc/mail/sendmail.mc
+++ b/server/setup/05-service-settings/etc/mail/sendmail.mc
@@ -132,11 +132,11 @@ dnl define(`confCACERT', `/etc/ssl/local/ca-my.crt')dnl
dnl define(`confCRL', `/etc/ssl/local/ca-my.crl')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
-define(`confCACERT', `/etc/ssl/local/thawte-SSL123_CA_Bundle.pem')dnl
-define(`confSERVER_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl
-define(`confSERVER_KEY', `/etc/ssl/local/jogamp2013-hostkey.mail.pem')dnl
-define(`confCLIENT_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl
-define(`confCLIENT_KEY', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl
+define(`confCACERT', `/etc/ssl/local/thawte-ca-cert3-20151105.pem')dnl
+define(`confSERVER_CERT', `/etc/ssl/local/jogamp2016a-hostcert.pem')dnl
+define(`confSERVER_KEY', `/etc/ssl/local/jogamp2016a-hostkey.mail.pem')dnl
+define(`confCLIENT_CERT', `/etc/ssl/local/jogamp2016a-hostcert.pem')dnl
+define(`confCLIENT_KEY', `/etc/ssl/local/jogamp2016a-hostkey.mail.pem')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
@@ -180,6 +180,8 @@ dnl #
dnl FEATURE(local_procmail, `/usr/lib/dovecot/dovecot-lda', `/usr/lib/dovecot/dovecot-lda -d $u')dnl
dnl MODIFY_MAILER_FLAGS(`LOCAL', `-f')dnl
+INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')
+
dnl #
dnl # The access db is the basis for most of sendmail's checking
dnl # FEATURE(`access_db', , `skip')dnl
diff --git a/server/setup/05-service-settings/etc/opendkim.conf b/server/setup/05-service-settings/etc/opendkim.conf
new file mode 100644
index 0000000..10c9064
--- /dev/null
+++ b/server/setup/05-service-settings/etc/opendkim.conf
@@ -0,0 +1,33 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+AutoRestart yes
+UMask 002
+Syslog yes
+AutoRestartRate 10/1h
+Canonicalization relaxed/simple
+ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
+InternalHosts refile:/etc/opendkim/TrustedHosts
+KeyTable refile:/etc/opendkim/KeyTable
+LogWhy yes
+Mode sv
+PidFile /var/run/opendkim/opendkim.pid
+SignatureAlgorithm rsa-sha256
+SigningTable refile:/etc/opendkim/SigningTable
+Socket inet:8891@localhost
+SyslogSuccess Yes
+TemporaryDirectory /var/tmp
+UserID opendkim:opendkim
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier. From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders From
+
+# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
+# (ATPS) (experimental)
+#ATPSDomains example.com
+
diff --git a/server/setup/05-service-settings/etc/opendkim/KeyTable b/server/setup/05-service-settings/etc/opendkim/KeyTable
new file mode 100644
index 0000000..05d3b19
--- /dev/null
+++ b/server/setup/05-service-settings/etc/opendkim/KeyTable
@@ -0,0 +1 @@
+default._domainkey.jogamp.org jogamp.org:default:/etc/opendkim/keys/jogamp.org/default.private
diff --git a/server/setup/05-service-settings/etc/opendkim/SigningTable b/server/setup/05-service-settings/etc/opendkim/SigningTable
new file mode 100644
index 0000000..7211e4d
--- /dev/null
+++ b/server/setup/05-service-settings/etc/opendkim/SigningTable
@@ -0,0 +1 @@
+*@jogamp.org default._domainkey.jogamp.org
diff --git a/server/setup/05-service-settings/etc/opendkim/TrustedHosts b/server/setup/05-service-settings/etc/opendkim/TrustedHosts
new file mode 100644
index 0000000..e0888a7
--- /dev/null
+++ b/server/setup/05-service-settings/etc/opendkim/TrustedHosts
@@ -0,0 +1,2 @@
+127.0.0.1
+jogamp.org
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 13:34:47 +0000