[mailman] Setup DKIM configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-25 17:24:59 +01:00 · 2021-03-25 17:24:59 +01:00 · 1785d7f095
parent c3cd94f6e6
commit 1785d7f095
4 changed files with 16 additions and 12 deletions
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@ -66,16 +66,20 @@ glob_mailman3:
    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
    port: 5432
    name: "mailman3web"
-  smtp:
-    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
-    port: 25
-    user: ""
-    pass: ""
  restadmin_pass: "{{ vault.mailman3_restadmin_pass }}"
  archiver_key: "{{ vault.mailman3_archiver_key }}"
  web_secret_key: "{{ vault.mailman3_web_secret_key }}"
  web_domains:
-    - "mailman.crans.org"
+    - "lists2.crans.org"
    - "lists.crans.org"
  default_domain: "crans.org"
  postfix_domain: "crans.org"
+
+loc_opendkim:
+  domain: "lists.crans.org"
+  selector: "lists"
+  signing:
+    - "*@lists2.crans.org"
+  txt_record: |
+    lists._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7jkgGjxZvQDbgFIuqb59lt7O1Jg6DFTSBxFlTfBW+3MF+AFjBR3AZ/UXwDA1vH4UTZqq0fWN6y6wqE/F7+HDjpqZGGuygZWTGVbBxwiKSjc2kq2mz7kLisE3a/jP8kyQDdb7fWrtTw9fxYu+Ygs0744otjRsui/ZK6zbrO8XQfd5UYnj4IGALeIuVFVLmwTY+VL/xWR/UjcfxgAprRfH0ec8PGlrxhpeLhUSJxw3Q6QfTnDsIpWLfJdgxILGa58TmhH6d+faxa1OIP37wswPjkDykmMFsCQJX9P7mXXR0+1FIRhhNpfCRXXj37udbIezDEMfA15rWSoYinPU+x7i6LhfJD7G40p1oDBiaOimZ8D/PUDAtoWRQeFiNOOQmNqDaVwlaOMvIZH2ZFD2I0eJIDb2FBYqhTb5GVyhKPePqT5FZE0s8SXqvYRNUWHuomS79kfo4TC74UPlavIbyCVTFlLi5ujc5RANm/FuH2w3ns1+YAlCeoblzwVdgN+h4/DI5kI88+0Hf+HCfQg+rPQL7ak7Wszo0iWvYUZ8t+IPbNDcVm5YI6koqkWGgfMrC0bDI5r+ZQACK15Fi6x3tV0umhytgRQWG9MyK61diNIc1LFsyL2lD0oOAjlpDlVSpUnXKhjRPq4YdaIojlgGSsWsq8sBhQTCY5DNHUuJLL1iPqsCAwEAAQ=="  ; ----- DKIM key lists for lists.crans.org
+  private_key: "{{ vault.opendkim_private_key_mailman }}"
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@ -6,7 +6,7 @@
    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
    mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
-    opendkim: '{{ loc_opendkim | default(glob_opendkim | default([])) }}'
+    opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}'
  roles:
    - certbot
    - nginx
--- a/roles/mailman3/templates/mailman3/mailman-web.py.j2
+++ b/roles/mailman3/templates/mailman3/mailman-web.py.j2
@ -159,7 +159,7 @@ ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
 # Social auth
 #
 SOCIALACCOUNT_PROVIDERS = {
-    'crans': {}
+    'crans': {},
    #'openid': {
    #    'SERVERS': [
    #        dict(id='yahoo',
--- a/roles/mailman3/templates/mailman3/mailman.cfg.j2
+++ b/roles/mailman3/templates/mailman3/mailman.cfg.j2
@ -252,10 +252,10 @@ outgoing: mailman.mta.deliver.deliver

 # How to connect to the outgoing MTA.  If smtp_user and smtp_pass is given,
 # then Mailman will attempt to log into the MTA when making a new connection.
-smtp_host: {{ mailman3.smtp.host }}
-smtp_port: {{ mailman3.smtp.port }}
-smtp_user: {{ mailman3.smtp.user }}
-smtp_pass: {{ mailman3.smtp.pass }}
+smtp_host: localhost
+smtp_port: 25
+smtp_user:
+smtp_pass:

 # Where the LMTP server listens for connections.  Use 127.0.0.1 instead of
 # localhost for Postfix integration, because Postfix only consults DNS