Relax OpenDKIM TrustedHosts

Having very specific `TrustedHosts` has turned out to be more of a
hassle than a benefit in the end.

Since the service is runing on `localhost` either way, there's no
theoretical way for anybody alse to access the service. Hence we
just set all hosts (`0.0.0.0/0`) to trusted, reduce the LOC and
call it a day.
This commit is contained in:
Bojan Čekrlić 2019-09-17 09:11:53 +02:00
parent f971f1efd2
commit ecfb59dffd
2 changed files with 4 additions and 13 deletions

View file

@ -18,4 +18,4 @@ PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
Socket inet:8891@localhost

15
run.sh
View file

@ -222,24 +222,15 @@ if [ -d /etc/opendkim/keys ] && [ ! -z "$(find /etc/opendkim/keys -type f ! -nam
echo > /etc/opendkim/KeyTable
echo > /etc/opendkim/SigningTable
echo "::1" >> /etc/opendkim/TrustedHosts
echo "127.0.0.1" >> /etc/opendkim/TrustedHosts
echo "localhost" >> /etc/opendkim/TrustedHosts
oldIFS="$IFS"
IFS=','; for i in $MYNETWORKS; do
echo "$i" >> /etc/opendkim/TrustedHosts
done
IFS="$oldIFS"
echo "" >> /etc/opendkim/TrustedHosts
# Since it's an internal service anyways, it's safe
# to assume that *all* hosts are trusted.
echo "0.0.0.0/0" > /etc/opendkim/TrustedHosts
if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
for i in $ALLOWED_SENDER_DOMAINS; do
private_key=/etc/opendkim/keys/$i.private
if [ -f $private_key ]; then
echo -e " ...for domain ${emphasis}$i${reset}"
echo "*.$i" >> /etc/opendkim/TrustedHosts
echo "$i" >> /etc/opendkim/TrustedHosts
echo "mail._domainkey.$i $i:mail:$private_key" >> /etc/opendkim/KeyTable
echo "*@$i mail._domainkey.$i" >> /etc/opendkim/SigningTable
else