Add OPENDKIM_* env variable config support

Add note about know issue with volume permissions.
wader · Jun 6, 2020 · e7558f1 · e7558f1
1 parent 7fb08ff
commit e7558f1
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -21,9 +21,15 @@ ENV \
   POSTFIX_mydestination=localhost \
   POSTFIX_mynetworks=0.0.0.0/0 \
   POSTFIX_smtp_tls_security_level=may \
-  POSTFIX_smtpd_tls_security_level=none
+  POSTFIX_smtpd_tls_security_level=none \
+  OPENDKIM_Socket=inet:12301@localhost \
+  OPENDKIM_Mode=sv \
+  OPENDKIM_UMask=002 \
+  OPENDKIM_Syslog=yes \
+  OPENDKIM_InternalHosts="0.0.0.0/0, ::/0" \
+  OPENDKIM_KeyTable=refile:/etc/opendkim/KeyTable \
+  OPENDKIM_SigningTable=refile:/etc/opendkim/SigningTable
 COPY rsyslog.conf /etc/rsyslog.conf
-COPY opendkim.conf /etc/opendkim.conf
 RUN mkdir -p /etc/opendkim/keys
 COPY run /root/
 VOLUME ["/var/lib/postfix", "/var/mail", "/var/spool/postfix", "/etc/opendkim/keys"]

diff --git a/README.md b/README.md
@@ -8,20 +8,23 @@ protection. So be careful to not expose it publicly.
 ## Usage
 `docker pull mwader/postfix-relay` or clone/build it yourself. 
 
-All postfix [configuration options](http://www.postfix.org/postconf.5.html)
-can be set using `POSTFIX_<name>` environment
-variables. See [Dockerfile](Dockerfile) for default configuration. You probably
-want to set `POSTFIX_myhostname` (the FQDN used by 220/HELO).
+Postfix [configuration options](http://www.postfix.org/postconf.5.html) can be set
+using `POSTFIX_<name>` environment variables. See [Dockerfile](Dockerfile) for default
+configuration. You probably want to set `POSTFIX_myhostname` (the FQDN used by 220/HELO).
 
 Note that `POSTFIX_myhostname` will change the postfix option
 [myhostname](http://www.postfix.org/postconf.5.html#myhostname).
 
-#### Using docker run
+OpenDKIM [configuration options](http://opendkim.org/opendkim.conf.5.html) can be set
+using `OPENDKIM_<name>` environment variables. See [Dockerfile](Dockerfile) for default
+configuration. For example `OPENDKIM_Canonicalization=relaxed/simple`.
+
+### Using docker run
 ```
 docker run -e POSTFIX_myhostname=smtp.domain.tld mwader/postfix-relay
 ```
 
-#### Using docker-compose
+### Using docker-compose
 ```
 app:
   # use hostname "smtp" as SMTP server
@@ -34,6 +37,16 @@ smtp:
     - OPENDKIM_DOMAINS=smtp.domain.tld
 ```
 
+### Known issues
+
+#### I see `key data is not secure: /etc/opendkim/keys can be read or written by other users` error messages.
+
+Some Docker distributions like Docker for Windows and RancherOS seems to handle
+volume permission in way that does not work with OpenDKIM default behavior of
+ensuing safe permissions on private keys.
+
+A workaround is to disable the check using a `OPENDKIM_RequireSafeKeys=no` environment variable.
+
 ## SPF
 When sending email using your own SMTP server it is probably a good idea
 to setup [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) for the

diff --git a/opendkim.conf b/opendkim.conf
diff --git a/run b/run
@@ -50,6 +50,15 @@ rm -f \
 for e in ${!POSTFIX_*} ; do postconf -e "${e:8}=${!e}" ; done
 chown -R postfix:postfix /var/lib/postfix /var/mail /var/spool/postfix
 
+# OPENDKIM_var env -> put "key value" line in /etc/opendkim.conf
+echo -n > /etc/opendkim.conf
+for e in ${!OPENDKIM_*} ; do
+  if [ "$e" == "OPENDKIM_DOMAINS" ] ; then
+    continue
+  fi
+  echo "${e:9} ${!e}" >> /etc/opendkim.conf
+done
+
 trap "service postfix stop; service opendkim stop; pkill -TERM rsyslogd" SIGTERM SIGINT
 if [ ! -z "$OPENDKIM_DOMAINS" ] ; then
   dkimConfig