Relax OpenDKIM TrustedHosts

Having very specific `TrustedHosts` has turned out to be more of a hassle than a benefit in the end. Since the service is runing on `localhost` either way, there's no theoretical way for anybody alse to access the service. Hence we just set all hosts (`0.0.0.0/0`) to trusted, reduce the LOC and call it a day.
2025-09-06 06:25:40 +08:00 · 2019-09-17 09:11:53 +02:00 · 2019-09-17 09:11:53 +02:00 · ecfb59dffd
commit ecfb59dffd
parent f971f1efd2
2 changed files with 4 additions and 13 deletions
--- a/opendkim.conf
+++ b/opendkim.conf
@ -18,4 +18,4 @@ PidFile                 /var/run/opendkim/opendkim.pid
 SignatureAlgorithm      rsa-sha256

 UserID                  opendkim:opendkim
-Socket                  inet:8891@localhost
+Socket                  inet:8891@localhost
--- a/run.sh
+++ b/run.sh
@ -222,24 +222,15 @@ if [ -d /etc/opendkim/keys ] && [ ! -z "$(find /etc/opendkim/keys -type f ! -nam
 	echo > /etc/opendkim/KeyTable
 	echo > /etc/opendkim/SigningTable

-	echo "::1" >> /etc/opendkim/TrustedHosts
-	echo "127.0.0.1" >> /etc/opendkim/TrustedHosts
-	echo "localhost" >> /etc/opendkim/TrustedHosts
-
-	oldIFS="$IFS"
-	IFS=','; for i in $MYNETWORKS; do
-		echo "$i" >> /etc/opendkim/TrustedHosts
-	done
-	IFS="$oldIFS"
-	echo "" >> /etc/opendkim/TrustedHosts
+	# Since it's an internal service anyways, it's safe
+	# to assume that *all* hosts are trusted.
+	echo "0.0.0.0/0" > /etc/opendkim/TrustedHosts

 	if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
 		for i in $ALLOWED_SENDER_DOMAINS; do
 			private_key=/etc/opendkim/keys/$i.private
 			if [ -f $private_key ]; then
 				echo -e "        ...for domain ${emphasis}$i${reset}"
-				echo "*.$i" >> /etc/opendkim/TrustedHosts
-				echo "$i" >> /etc/opendkim/TrustedHosts
 				echo "mail._domainkey.$i $i:mail:$private_key" >> /etc/opendkim/KeyTable
 				echo "*@$i mail._domainkey.$i" >> /etc/opendkim/SigningTable
 			else