Initial commit
This commit is contained in:
Alex
commit
b2431d8f37
GPG Key ID:
F92BA85F61F4C173
|
|
@ -0,0 +1,33 @@
|
||||||
|
- name: Generate OpenDKIM keys
|
||||||
|
command:
|
||||||
|
argv: ["opendkim-genkey", "-D", "/etc/opendkim-data/", "-d", "redxen.eu", "-s", "mail"]
|
||||||
|
tags:
|
||||||
|
- opendkim
|
||||||
|
- keygen
|
||||||
|
when: generate|default(false)
|
||||||
|
notify: Run service actions
|
||||||
|
- name: Copy OpenDKIM config
|
||||||
|
loop:
|
||||||
|
template:
|
||||||
|
src: 'opendkim.conf'
|
||||||
|
dest: '/etc/opendkim.conf'
|
||||||
|
follow: yes
|
||||||
|
owner: opendkim
|
||||||
|
mode: 700
|
||||||
|
tags:
|
||||||
|
- opendkim
|
||||||
|
notify: Run service actions
|
||||||
|
- name: Copy OpenDKIM files
|
||||||
|
loop:
|
||||||
|
- 'keytable'
|
||||||
|
- 'signingtable'
|
||||||
|
- 'trustedhosts'
|
||||||
|
template:
|
||||||
|
src: '{{ item }}'
|
||||||
|
dest: '/etc/opendkim-data/{{ item }}'
|
||||||
|
follow: yes
|
||||||
|
owner: opendkim
|
||||||
|
mode: 700
|
||||||
|
tags:
|
||||||
|
- opendkim
|
||||||
|
notify: Run service actions
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
mail._domainkey.redxen.eu redxen.eu:mail:/etc/opendkim-data/mail.private
|
||||||
|
|
@ -0,0 +1,87 @@
|
||||||
|
# This is a basic configuration that can easily be adapted to suit a standard
|
||||||
|
# installation. For more advanced options, see opendkim.conf(5) and/or
|
||||||
|
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
|
||||||
|
|
||||||
|
# Log to syslog
|
||||||
|
Syslog yes
|
||||||
|
# Required to use local socket with MTAs that access the socket as a non-
|
||||||
|
# privileged user (e.g. Postfix)
|
||||||
|
UMask 007
|
||||||
|
|
||||||
|
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
|
||||||
|
# selector '2007' (e.g. 2007._domainkey.example.com)
|
||||||
|
#Domain example.com
|
||||||
|
#KeyFile /etc/dkimkeys/dkim.key
|
||||||
|
#Selector 2007
|
||||||
|
|
||||||
|
# Commonly-used options; the commented-out versions show the defaults.
|
||||||
|
Canonicalization relaxed/simple
|
||||||
|
#Mode sv
|
||||||
|
#SubDomains no
|
||||||
|
AutoRestart yes
|
||||||
|
Background yes
|
||||||
|
SignatureAlgorithm rsa-sha256
|
||||||
|
OversignHeaders From
|
||||||
|
|
||||||
|
# Socket smtp://localhost
|
||||||
|
#
|
||||||
|
# ## Socket socketspec
|
||||||
|
# ##
|
||||||
|
# ## Names the socket where this filter should listen for milter connections
|
||||||
|
# ## from the MTA. Required. Should be in one of these forms:
|
||||||
|
# ##
|
||||||
|
# ## inet:port@address to listen on a specific interface
|
||||||
|
# ## inet:port to listen on all interfaces
|
||||||
|
# ## local:/path/to/socket to listen on a UNIX domain socket
|
||||||
|
#
|
||||||
|
Socket local:/var/spool/postfix/opendkim/opendkim.sock
|
||||||
|
|
||||||
|
## PidFile filename
|
||||||
|
### default (none)
|
||||||
|
###
|
||||||
|
### Name of the file where the filter should write its pid before beginning
|
||||||
|
### normal operations.
|
||||||
|
#
|
||||||
|
PidFile /run/opendkim/opendkim.pid
|
||||||
|
|
||||||
|
|
||||||
|
# Always oversign From (sign using actual From and a null From to prevent
|
||||||
|
# malicious signatures header fields (From and/or others) between the signer
|
||||||
|
# and the verifier. From is oversigned by default in the Debian pacakge
|
||||||
|
# because it is often the identity key used by reputation systems and thus
|
||||||
|
# somewhat security sensitive.
|
||||||
|
OversignHeaders From
|
||||||
|
|
||||||
|
## ResolverConfiguration filename
|
||||||
|
## default (none)
|
||||||
|
##
|
||||||
|
## Specifies a configuration file to be passed to the Unbound library that
|
||||||
|
## performs DNS queries applying the DNSSEC protocol. See the Unbound
|
||||||
|
## documentation at http://unbound.net for the expected content of this file.
|
||||||
|
## The results of using this and the TrustAnchorFile setting at the same
|
||||||
|
## time are undefined.
|
||||||
|
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
|
||||||
|
## unbound package
|
||||||
|
|
||||||
|
# ResolverConfiguration /etc/unbound/unbound.conf
|
||||||
|
|
||||||
|
## TrustAnchorFile filename
|
||||||
|
## default (none)
|
||||||
|
##
|
||||||
|
## Specifies a file from which trust anchor data should be read when doing
|
||||||
|
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
|
||||||
|
## at http://unbound.net for the expected format of this file.
|
||||||
|
|
||||||
|
TrustAnchorFile /usr/share/dns/root.key
|
||||||
|
|
||||||
|
## Userid userid
|
||||||
|
### default (none)
|
||||||
|
###
|
||||||
|
### Change to user "userid" before starting normal operation? May include
|
||||||
|
### a group ID as well, separated from the userid by a colon.
|
||||||
|
#
|
||||||
|
UserID opendkim
|
||||||
|
|
||||||
|
KeyTable file:/etc/opendkim-data/keytable
|
||||||
|
SigningTable refile:/etc/opendkim-data/signingtable
|
||||||
|
InternalHosts refile:/etc/opendkim-data/trustedhosts
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
*@redxen.eu mail._domainkey.redxen.eu
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
127.0.0.1
|
||||||
|
{{ ansible_ens10.ipv4.address }}/16
|
||||||
|
redxen.eu
|
||||||
Reference in New Issue