Skip to content

Ansible role for opendkim with postfix on ubuntu setup

License

Notifications You must be signed in to change notification settings

chas0amx/ansible-dkim

 
 

Repository files navigation

ansible-dkim

Ansible role for configuring Postfix with OpenDKIM, an implementation for Linux of DKIM mail signing. Works on Debian distributions and derived like Ubuntu.

Description

This role configures DKIM mail signing service in a hosts that works as a Mail Transport Agent (MTA).

The role:

  • installs and configures opendkim,
  • creates private and public dkim keys for the domains it has to sign, declared in the dkim_domains variable,
  • installs postfix and configures it to pass all the messages of the configured domains to be signed by opendkim,
  • shows the DNS records with the public keys that must be defined in the public DNS of the domains we sign.

Requirements

The role requires that you configure all the rest of the mail management and you will need to have access to the DNS configuration of the domains you are requesting to sign. At the end, the role will give you the DNS records with the public keys of the domains that you will have to publish in the global DNS system.

Role variable

See also comments and default values in role's file default/main.yml.

Opendkim package parameters

Variable Default value Description
dkim_default_config_file: /etc/default/opendkim Opendkim default values configuration file
dkim_opendkim_config_dir: /etc/opendkim Opendkim configuration directory
dkim_user: opendkim linux user that runs Opendkim
dkim_group: opendkim linux group that runs Opendkim

Opendkim configuration parameters

Variable Default value Description
dkim_selector: email DKIM Public Key DNS record's selector. The definition of a value specific to the MTA server allows to associate the same domain several DKIM Public Keys as DNS records, one for each server that manages and signs mail of the domain.
dkim_admin_email: none e-mail address that manages Opendkim. You must define either dkim_admin_email or legacy admin_email.
dkim_domains: none List of domains that Opendkim must be configured to sign the mails of. A yaml list of DNS.
dkim_same_key: true Whether Opendkim must generate and use the same key for all domains or one specific key for each domain.
dkim_rsa_keylen: 2048 RSA keylength when generating keys with opendkim-keygen. Other currently possible options are 1024 or 4096.
dkim_nameservers none Nameservers. See details http://www.opendkim.org/staging/opendkim.conf.5.html

Postfix configuration variables

Variable Default value Description
dkim_postfix_config_file: /etc/postfix/main.cf Postfix main configuration file
dkim_postfix_config: see vars/main.yml List of parameters to be defined in Postfix configuration. Default configuration ensures opendkim is set up as a milter of Postfix to sign mails. You can define additional Postfix parameters using a list union.

Example playbook

---
- hosts: myserver
  roles:
    - role: sunfoxcz.dkim
      # if admin_email variable is present, will be used as default for dkim_admin_email
      dkim_admin_email: [email protected]
      dkim_selector: mail
      dkim_domains:
       - domain1.tld
       - domain2.tld
      dkim_keyfile: domain1.tld
      dkim_same_key: false
      dkim_nameservers: 10.0.0.2
      dkim_trusted_hosts:
       - 10.0.0.0/16

License

Licensed under MIT license. See LICENSE for details.

About

Ansible role for opendkim with postfix on ubuntu setup

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Jinja 43.0%
  • Shell 31.4%
  • Dockerfile 25.6%