mirror of
https://github.com/bokysan/docker-postfix.git
synced 2025-09-06 06:25:40 +08:00
Relax OpenDKIM TrustedHosts
Having very specific `TrustedHosts` has turned out to be more of a hassle than a benefit in the end. Since the service is runing on `localhost` either way, there's no theoretical way for anybody alse to access the service. Hence we just set all hosts (`0.0.0.0/0`) to trusted, reduce the LOC and call it a day.
This commit is contained in:
parent
f971f1efd2
commit
ecfb59dffd
2 changed files with 4 additions and 13 deletions
|
@ -18,4 +18,4 @@ PidFile /var/run/opendkim/opendkim.pid
|
|||
SignatureAlgorithm rsa-sha256
|
||||
|
||||
UserID opendkim:opendkim
|
||||
Socket inet:8891@localhost
|
||||
Socket inet:8891@localhost
|
||||
|
|
15
run.sh
15
run.sh
|
@ -222,24 +222,15 @@ if [ -d /etc/opendkim/keys ] && [ ! -z "$(find /etc/opendkim/keys -type f ! -nam
|
|||
echo > /etc/opendkim/KeyTable
|
||||
echo > /etc/opendkim/SigningTable
|
||||
|
||||
echo "::1" >> /etc/opendkim/TrustedHosts
|
||||
echo "127.0.0.1" >> /etc/opendkim/TrustedHosts
|
||||
echo "localhost" >> /etc/opendkim/TrustedHosts
|
||||
|
||||
oldIFS="$IFS"
|
||||
IFS=','; for i in $MYNETWORKS; do
|
||||
echo "$i" >> /etc/opendkim/TrustedHosts
|
||||
done
|
||||
IFS="$oldIFS"
|
||||
echo "" >> /etc/opendkim/TrustedHosts
|
||||
# Since it's an internal service anyways, it's safe
|
||||
# to assume that *all* hosts are trusted.
|
||||
echo "0.0.0.0/0" > /etc/opendkim/TrustedHosts
|
||||
|
||||
if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
|
||||
for i in $ALLOWED_SENDER_DOMAINS; do
|
||||
private_key=/etc/opendkim/keys/$i.private
|
||||
if [ -f $private_key ]; then
|
||||
echo -e " ...for domain ${emphasis}$i${reset}"
|
||||
echo "*.$i" >> /etc/opendkim/TrustedHosts
|
||||
echo "$i" >> /etc/opendkim/TrustedHosts
|
||||
echo "mail._domainkey.$i $i:mail:$private_key" >> /etc/opendkim/KeyTable
|
||||
echo "*@$i mail._domainkey.$i" >> /etc/opendkim/SigningTable
|
||||
else
|
||||
|
|
Loading…
Add table
Reference in a new issue