From 0d9a880c0e41a553c5d9af4efa62169db7ddeb62 Mon Sep 17 00:00:00 2001 From: Ero Sennin Date: Thu, 14 Oct 2021 18:45:21 +0000 Subject: [PATCH] Set DKIM policy to relaxed/relaxed And make this policy configurable. --- default.nix | 20 ++++++++++++++++++++ docs/options.rst | 24 ++++++++++++++++++++++++ mail-server/opendkim.nix | 2 +- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/default.nix b/default.nix index 5d94438..6bb0c23 100644 --- a/default.nix +++ b/default.nix @@ -600,6 +600,26 @@ in ''; }; + dkimHeaderCanonicalization = mkOption { + type = types.enum ["relaxed" "simple"]; + default = "relaxed"; + description = '' + DKIM canonicalization algorithm for message headers. + + See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + ''; + }; + + dkimBodyCanonicalization = mkOption { + type = types.enum ["relaxed" "simple"]; + default = "relaxed"; + description = '' + DKIM canonicalization algorithm for message bodies. + + See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + ''; + }; + debug = mkOption { type = types.bool; default = false; diff --git a/docs/options.rst b/docs/options.rst index d198f5e..253690d 100644 --- a/docs/options.rst +++ b/docs/options.rst @@ -627,6 +627,30 @@ mailserver.dkim ~~~~~~~~~~~~~~~ +mailserver.dkimBodyCanonicalization +----------------------------------- + +DKIM canonicalization algorithm for message bodies. + +See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + + +- Type: ``one of "relaxed", "simple"`` +- Default: ``relaxed`` + + +mailserver.dkimHeaderCanonicalization +------------------------------------- + +DKIM canonicalization algorithm for message headers. + +See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + + +- Type: ``one of "relaxed", "simple"`` +- Default: ``relaxed`` + + mailserver.dkimKeyBits ---------------------- diff --git a/mail-server/opendkim.nix b/mail-server/opendkim.nix index 6fd0bef..3dd7d57 100644 --- a/mail-server/opendkim.nix +++ b/mail-server/opendkim.nix @@ -59,7 +59,7 @@ in keyPath = cfg.dkimKeyDirectory; domains = "csl:${builtins.concatStringsSep "," cfg.domains}"; configFile = pkgs.writeText "opendkim.conf" ('' - Canonicalization relaxed/simple + Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization} UMask 0002 Socket ${dkim.socket} KeyTable file:${keyTable}