diff options
author | elijah <elijah@riseup.net> | 2016-02-13 23:48:48 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-02-23 09:49:42 -0800 |
commit | 685642e8bfdaff16a4f02bd40b5d2aef15b68d94 (patch) | |
tree | 6e069cf87709f43f00b915735da0c6b18b3bed4c /lib/leap_cli/commands | |
parent | 170dfcfc219471dcc4ae58949457f251fd4e067d (diff) |
get dkim working, closes #5924
Diffstat (limited to 'lib/leap_cli/commands')
-rw-r--r-- | lib/leap_cli/commands/compile.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb index 44b97d4a..b98d591f 100644 --- a/lib/leap_cli/commands/compile.rb +++ b/lib/leap_cli/commands/compile.rb @@ -298,6 +298,7 @@ remove this directory if you don't use it. nodes = manager.nodes[:environment => env] next unless nodes.any? spf = nil + dkim = nil lines << ENV_HEADER % (env.nil? ? 'default' : env) nodes.each_node do |node| if node.dns.public @@ -314,9 +315,11 @@ remove this directory if you don't use it. mx_domain = relative_hostname(node.domain.full_suffix, provider) lines << [mx_domain, "IN MX 10 #{relative_hostname(node.domain.full, provider)}"] spf ||= [mx_domain, spf_record(node)] + dkim ||= dkim_record(node) end end lines << spf if spf + lines << dkim if dkim end # print the lines @@ -331,6 +334,8 @@ remove this directory if you don't use it. end end + private + # # allow mail from any mx node, plus the webapp nodes. # @@ -346,6 +351,43 @@ remove this directory if you don't use it. %(IN TXT "#{strings}") end + # + # for example: + # + # selector._domainkey IN TXT "v=DKIM1;h=sha256;k=rsa;s=email;p=MIGfMA0GCSq...GSIb3DQ" + # + # specification: http://dkim.org/specs/rfc4871-dkimbase.html#rfc.section.7.4 + # + def dkim_record(node) + # PEM encoded public key (base64), without the ---PUBLIC KEY--- armor parts. + assert_files_exist! :dkim_pub_key + dkim_pub_key = Path.named_path(:dkim_pub_key) + public_key = File.readlines(dkim_pub_key).grep(/^[^\-]+/).join + + host = node.mx.dkim.selector + "._domainkey" + attrs = [ + "v=DKIM1", + "h=sha256", + "k=rsa", + "s=email", + "p=" + public_key + ] + + return [host, "IN TXT " + txt_wrap(attrs.join(';'))] + end + + # + # DNS TXT records cannot be longer than 255 characters. + # + # However, multiple responses will be concatenated together. + # It looks like this: + # + # IN TXT "v=spf1 .... first" "second string..." + # + def txt_wrap(str) + '"' + str.scan(/.{1,255}/).join('" "') + '"' + end + ENV_HEADER = %[ ;; ;; ENVIRONMENT %s @@ -381,6 +423,8 @@ $ORIGIN %{domain}. ## FIREWALL ## + public + def compile_firewall manager.nodes.each_node(&:evaluate) |