Set DKIM policy to relaxed/relaxed

And make this policy configurable.
This commit is contained in:
Ero Sennin 2021-10-14 18:45:21 +00:00 committed by lewo
parent acaba31d8f
commit 0d9a880c0e
3 changed files with 45 additions and 1 deletions

View File

@ -600,6 +600,26 @@ in
''; '';
}; };
dkimHeaderCanonicalization = mkOption {
type = types.enum ["relaxed" "simple"];
default = "relaxed";
description = ''
DKIM canonicalization algorithm for message headers.
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
'';
};
dkimBodyCanonicalization = mkOption {
type = types.enum ["relaxed" "simple"];
default = "relaxed";
description = ''
DKIM canonicalization algorithm for message bodies.
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
'';
};
debug = mkOption { debug = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

View File

@ -627,6 +627,30 @@ mailserver.dkim
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
mailserver.dkimBodyCanonicalization
-----------------------------------
DKIM canonicalization algorithm for message bodies.
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
- Type: ``one of "relaxed", "simple"``
- Default: ``relaxed``
mailserver.dkimHeaderCanonicalization
-------------------------------------
DKIM canonicalization algorithm for message headers.
See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details.
- Type: ``one of "relaxed", "simple"``
- Default: ``relaxed``
mailserver.dkimKeyBits mailserver.dkimKeyBits
---------------------- ----------------------

View File

@ -59,7 +59,7 @@ in
keyPath = cfg.dkimKeyDirectory; keyPath = cfg.dkimKeyDirectory;
domains = "csl:${builtins.concatStringsSep "," cfg.domains}"; domains = "csl:${builtins.concatStringsSep "," cfg.domains}";
configFile = pkgs.writeText "opendkim.conf" ('' configFile = pkgs.writeText "opendkim.conf" (''
Canonicalization relaxed/simple Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization}
UMask 0002 UMask 0002
Socket ${dkim.socket} Socket ${dkim.socket}
KeyTable file:${keyTable} KeyTable file:${keyTable}