From 1785d7f095ceb04084faba15d18058f722ffd78e Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Thu, 25 Mar 2021 17:24:59 +0100 Subject: [PATCH] [mailman] Setup DKIM configuration Signed-off-by: Yohann D'ANELLO --- group_vars/mailman.yml | 16 ++++++++++------ plays/mailman.yml | 2 +- .../templates/mailman3/mailman-web.py.j2 | 2 +- roles/mailman3/templates/mailman3/mailman.cfg.j2 | 8 ++++---- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml index 8d50c9d9..99cccb3c 100644 --- a/group_vars/mailman.yml +++ b/group_vars/mailman.yml @@ -66,16 +66,20 @@ glob_mailman3: host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" port: 5432 name: "mailman3web" - smtp: - host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}" - port: 25 - user: "" - pass: "" restadmin_pass: "{{ vault.mailman3_restadmin_pass }}" archiver_key: "{{ vault.mailman3_archiver_key }}" web_secret_key: "{{ vault.mailman3_web_secret_key }}" web_domains: - - "mailman.crans.org" + - "lists2.crans.org" - "lists.crans.org" default_domain: "crans.org" postfix_domain: "crans.org" + +loc_opendkim: + domain: "lists.crans.org" + selector: "lists" + signing: + - "*@lists2.crans.org" + txt_record: | + lists._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7jkgGjxZvQDbgFIuqb59lt7O1Jg6DFTSBxFlTfBW+3MF+AFjBR3AZ/UXwDA1vH4UTZqq0fWN6y6wqE/F7+HDjpqZGGuygZWTGVbBxwiKSjc2kq2mz7kLisE3a/jP8kyQDdb7fWrtTw9fxYu+Ygs0744otjRsui/ZK6zbrO8XQfd5UYnj4IGALeIuVFVLmwTY+VL/xWR/UjcfxgAprRfH0ec8PGlrxhpeLhUSJxw3Q6QfTnDsIpWLfJdgxILGa58TmhH6d+faxa1OIP37wswPjkDykmMFsCQJX9P7mXXR0+1FIRhhNpfCRXXj37udbIezDEMfA15rWSoYinPU+x7i6LhfJD7G40p1oDBiaOimZ8D/PUDAtoWRQeFiNOOQmNqDaVwlaOMvIZH2ZFD2I0eJIDb2FBYqhTb5GVyhKPePqT5FZE0s8SXqvYRNUWHuomS79kfo4TC74UPlavIbyCVTFlLi5ujc5RANm/FuH2w3ns1+YAlCeoblzwVdgN+h4/DI5kI88+0Hf+HCfQg+rPQL7ak7Wszo0iWvYUZ8t+IPbNDcVm5YI6koqkWGgfMrC0bDI5r+ZQACK15Fi6x3tV0umhytgRQWG9MyK61diNIc1LFsyL2lD0oOAjlpDlVSpUnXKhjRPq4YdaIojlgGSsWsq8sBhQTCY5DNHUuJLL1iPqsCAwEAAQ==" ; ----- DKIM key lists for lists.crans.org + private_key: "{{ vault.opendkim_private_key_mailman }}" diff --git a/plays/mailman.yml b/plays/mailman.yml index 45fb45e3..cd80ad80 100755 --- a/plays/mailman.yml +++ b/plays/mailman.yml @@ -6,7 +6,7 @@ certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}' nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}' - opendkim: '{{ loc_opendkim | default(glob_opendkim | default([])) }}' + opendkim: '{{ glob_opendkim | combine(loc_opendkim | default({})) }}' roles: - certbot - nginx diff --git a/roles/mailman3/templates/mailman3/mailman-web.py.j2 b/roles/mailman3/templates/mailman3/mailman-web.py.j2 index 2f201cfb..3ee09a03 100644 --- a/roles/mailman3/templates/mailman3/mailman-web.py.j2 +++ b/roles/mailman3/templates/mailman3/mailman-web.py.j2 @@ -159,7 +159,7 @@ ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" # Social auth # SOCIALACCOUNT_PROVIDERS = { - 'crans': {} + 'crans': {}, #'openid': { # 'SERVERS': [ # dict(id='yahoo', diff --git a/roles/mailman3/templates/mailman3/mailman.cfg.j2 b/roles/mailman3/templates/mailman3/mailman.cfg.j2 index 0d670df9..d01a11dc 100644 --- a/roles/mailman3/templates/mailman3/mailman.cfg.j2 +++ b/roles/mailman3/templates/mailman3/mailman.cfg.j2 @@ -252,10 +252,10 @@ outgoing: mailman.mta.deliver.deliver # How to connect to the outgoing MTA. If smtp_user and smtp_pass is given, # then Mailman will attempt to log into the MTA when making a new connection. -smtp_host: {{ mailman3.smtp.host }} -smtp_port: {{ mailman3.smtp.port }} -smtp_user: {{ mailman3.smtp.user }} -smtp_pass: {{ mailman3.smtp.pass }} +smtp_host: localhost +smtp_port: 25 +smtp_user: +smtp_pass: # Where the LMTP server listens for connections. Use 127.0.0.1 instead of # localhost for Postfix integration, because Postfix only consults DNS