- implemented per-domain-dkim, including custom selector

Author: Marius Burkard

install/lib/installer_base.lib.php

@@ -1456,6 +1456,20 @@ public function configure_rspamd() {
 				}
 			}
 			exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+			
+			if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
+				$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
+			}
+			$dkim_domains = $this->db->queryAllRecords('SELECT `dkim_selector`, `domain` FROM `mail_domain` WHERE `dkim` = ? ORDER BY `domain` ASC', 'y');
+			$fpp = fopen('/etc/rspamd/local.d/dkim_domains.map', 'w');
+			$fps = fopen('/etc/rspamd/local.d/dkim_selectors.map', 'w');
+			foreach($dkim_domains as $dkim_domain) {
+				fwrite($fpp, $dkim_domain['domain'] . ' ' . $mail_config['dkim_path'] . '/' . $dkim_domain['domain'] . '.private' . "\n");
+				fwrite($fps, $dkim_domain['domain'] . ' ' . $dkim_domain['dkim_selector']);
+			}
+			fclose($fpp);
+			fclose($fps);
+			unset($dkim_domains);
 		}
 
 		if(is_user('_rspamd') && is_group('amavis')) {

install/tpl/rspamd_dkim_signing.conf.master

@@ -1,2 +1,3 @@
-path = "<tmpl_var name='dkim_path'>/$domain.private";
-selector = "default";
+try_fallback = false;
+path_map = "/etc/rspamd/local.d/dkim_domains.map";
+selector_map = "/etc/rspamd/local.d/dkim_selectors.map";";

server/lib/classes/system.inc.php

@@ -1535,7 +1535,14 @@ function replaceLine($filename, $search_pattern, $new_line, $strict = 0, $append
 		$found = 0;
 		if(is_array($lines)) {
 			foreach($lines as $line) {
-				if($strict == 0) {
+				if($strict == 0 && preg_match('/^REGEX:(.*)$/', $search_pattern)) {
+					if(preg_match(substr($search_pattern, 6), $line)) {
+						$out .= $new_line."\n";
+						$found = 1;
+					} else {
+						$out .= $line;
+					}
+				} elseif($strict == 0) {
 					if(stristr($line, $search_pattern)) {
 						$out .= $new_line."\n";
 						$found = 1;
@@ -1573,7 +1580,14 @@ function removeLine($filename, $search_pattern, $strict = 0) {
 		if($lines = @file($filename)) {
 			$out = '';
 			foreach($lines as $line) {
-				if($strict == 0) {
+				if($strict == 0 && preg_match('/^REGEX:(.*)$/', $search_pattern)) {
+					if(preg_match(substr($search_pattern, 6), $line)) {
+						$out .= $new_line."\n";
+						$found = 1;
+					} else {
+						$out .= $line;
+					}
+				} elseif($strict == 0) {
 					if(!stristr($line, $search_pattern)) {
 						$out .= $line;
 					}

server/plugins-available/mail_plugin_dkim.inc.php

@@ -347,6 +347,9 @@ private function add_dkim($data) {
 			}
 			if ($this->write_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['dkim_private'], $data['new']['domain'])) {
 				if($mail_config['content_filter'] == 'rspamd') {
+					$app->system->replaceLine('/etc/rspamd/local.d/dkim_domains.map', 'REGEX:/^' . preg_quote($data['new']['domain'], '/') . ' /', $data['new']['domain'] . ' ' . $mail_config['dkim_path']."/".$data['new']['domain'] . '.private');
+					$app->system->replaceLine('/etc/rspamd/local.d/dkim_selectors.map', 'REGEX:/^' . preg_quote($data['new']['domain'], '/') . ' /', $data['new']['domain'] . ' ' . $data['new']['dkim_selector']);
+					
 					$app->services->restartServiceDelayed('rspamd', 'reload');
 				} elseif ($this->add_to_amavis($data['new']['domain'], $data['new']['dkim_selector'], $data['old']['dkim_selector'] )) {
 					$this->restart_amavis();
@@ -373,6 +376,8 @@ private function remove_dkim($_data) {
 		$this->remove_dkim_key($mail_config['dkim_path']."/".$_data['domain'], $_data['domain']);
 
 		if($mail_config['content_filter'] == 'rspamd') {
+			$app->system->removeLine('/etc/rspamd/local.d/dkim_domains.map', 'REGEX:/^' . preg_quote($_data['domain'], '/') . ' /');
+			$app->system->removeLine('/etc/rspamd/local.d/dkim_selectors.map', 'REGEX:/^' . preg_quote($_data['domain'], '/') . ' /');
 			$app->services->restartServiceDelayed('rspamd', 'reload');
 		} elseif ($this->remove_from_amavis($_data['domain'])) {
 			$this->restart_amavis();

server/plugins-available/postfix_server_plugin.inc.php

@@ -200,6 +200,21 @@ function update($event_name, $data) {
 					}
 				}
 				exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+				
+				// get all domains that have dkim enabled
+				if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
+					$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
+				}
+				$dkim_domains = $app->db->queryAllRecords('SELECT `dkim_selector`, `domain` FROM `mail_domain` WHERE `dkim` = ? ORDER BY `domain` ASC', 'y');
+				$fpp = fopen('/etc/rspamd/local.d/dkim_domains.map', 'w');
+				$fps = fopen('/etc/rspamd/local.d/dkim_selectors.map', 'w');
+				foreach($dkim_domains as $dkim_domain) {
+					fwrite($fpp, $dkim_domain['domain'] . ' ' . $mail_config['dkim_path'] . '/' . $dkim_domain['domain'] . '.private' . "\n");
+					fwrite($fps, $dkim_domain['domain'] . ' ' . $dkim_domain['dkim_selector']);
+				}
+				fclose($fpp);
+				fclose($fps);
+				unset($dkim_domains);
 			}	
 			if($mail_config['content_filter'] == 'amavisd'){
 				exec("postconf -X 'smtpd_milters'");