Add DKIM and DMARC support #I11D8S

6eb4fcc5 · freesky-edward · c8a81125 · 6eb4fcc5 · 6eb4fcc5 · 6eb4fcc5
4 changed file
--- a/environment/huaweicloud/resources.tf
+++ b/environment/huaweicloud/resources.tf
@@ -178,6 +178,16 @@ module "dns" {
      domain = "@"
      type = "TXT"
      value = "v=spf1 a mx ip4:${split(",", module.internet.this_eip_addresses)[0]}  ~all"
+    },
+    {
+      domain = "_dmarc"
+      type = "TXT"
+      value = "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;fo=1;rf=afrf;pct=100;ruf=mailto:405121670@qq.com;ri=86400"
+    },
+    {
+      domain = "${var.handler}._domainkey"
+      type = "TXT"
+      value = "v=DKIM1;k=rsa;p=${var.dkim_public_key}"
    }
  ]

--- a/environment/huaweicloud/vars.tf
+++ b/environment/huaweicloud/vars.tf
+variable "handler" {
+    description = "The DKIM hander name"
+}
+variable "dkim_public_key" {
+    description = "The DKIM public key"
+}
--- a/mail/openeuler.org/config.yaml
+++ b/mail/openeuler.org/config.yaml
@@ -24,6 +24,12 @@ data:
    # The path to the list receipt (used as the required file when
    # matching list addresses)
    MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
+  00_local_macros: |
+    DKIM_CANON = relaxed
+    DKIM_SELECTOR = 20190905
+    DKIM_DOMAIN = openeuler.org
+    DKIM_FILE = /etc/exim4/dkim/openeuler.org-private.pem
  55_mm3_transport: |
    # Place this file at

--- a/mail/openeuler.org/mtaservice.yaml
+++ b/mail/openeuler.org/mtaservice.yaml
@@ -53,6 +53,9 @@ spec:
            - mountPath: /etc/exim4/conf.d/main/25_mm3_macros
              name: mailman-exim4-configmap-volume
              subPath: 25_mm3_macros
+            - mountPath: /etc/exim4/conf.d/main/00_local_macros
+              name: mailman-exim4-configmap-volume
+              subPath: 00_local_macros
            - mountPath: /etc/exim4/conf.d/transport/55_mm3_transport
              name: mailman-exim4-configmap-volume
              subPath: 55_mm3_transport
@@ -64,6 +67,8 @@ spec:
              subPath: update-exim4-conf.conf
            - mountPath: /opt/mailman/
              name: mailman-core-data
+            - mountPath: /etc/exim4/dkim
+              name: mta-dkim-secret
          # NOTE: since we added new configuration files we need reload exim4 and start up
          command:
            - /bin/sh
@@ -79,3 +84,6 @@ spec:
        - name: mailman-core-data
          persistentVolumeClaim:
            claimName: config-vol
+        - name: mta-dkim-secret
+          secret:
+            secretName: dkimsecret