Reverted

README.md

@@ -97,7 +97,13 @@ OPENDKIM_TRUSTANCHORFILE=""
 OPENDKIM_INTERNALHOSTS="127.0.0.1,localhost,127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8"
 
 # ExternalIgnoreList value for OpenDKIM.
-OPENDKIM_EXTERNALIGNORELIST=""
+OPENDKIM_EXTERNALIGNORELIST="refile:/etc/opendkim/TrustedHosts"
+
+# Path to KeyTable.
+OPENDKIM_KEYTABLE="/etc/opendkim/KeyTable"
+
+# Path to SigningTable.
+OPENDKIM_SIGNINGTABLE="refile:/etc/opendkim/SigningTable"
 
 # PID file path.
 OPENDKIM_PIDFILE="/run/opendkim/opendkim.pid"
@@ -139,6 +145,7 @@ At startup the container:
 - creates OpenDKIM runtime directories
 - copies the mounted private key to `/var/opendkim/dkim.private`
 - sets secure ownership and permissions on the copied key
+- generates `TrustedHosts`, `KeyTable`, and `SigningTable` if they are empty
 - generates `/etc/opendkim.conf` from environment variables
 - starts OpenDKIM using `/etc/opendkim.conf`
 
@@ -153,6 +160,36 @@ The entrypoint generates these files automatically:
 /var/opendkim/dkim.private
 ```
 
+# Default generated tables
+For example, with:
+
+```sh
+OPENDKIM_DOMAIN=example.com
+OPENDKIM_SELECTOR=dkim
+```
+
+the generated files look like this:
+
+## /etc/opendkim/KeyTable
+```txt
+dkim._domainkey.example.com example.com:dkim:/var/opendkim/dkim.private
+```
+
+## /etc/opendkim/SigningTable
+```txt
+*@example.com dkim._domainkey.example.com
+```
+
+## /etc/opendkim/TrustedHosts
+```txt
+127.0.0.1
+localhost
+127.0.0.0/8
+192.168.0.0/16
+172.16.0.0/12
+10.0.0.0/8
+```
+
 # Postfix example
 Example Postfix settings when OpenDKIM runs in another container named `opendkim`:
 

entrypoint.sh

@@ -46,7 +46,7 @@ mkdir -p \
   /var/lib/opendkim \
   /var/opendkim
 
-touch /etc/opendkim/TrustedHosts /etc/opendkim/KeyTable /etc/opendkim/SigningTable
+touch /etc/opendkim/KeyTable /etc/opendkim/SigningTable
 
 chown -R "${OPENDKIM_USER}:${OPENDKIM_GROUP}" /run/opendkim /var/lib/opendkim /var/opendkim
 chmod 0755 /run/opendkim /var/lib/opendkim /var/opendkim
@@ -58,16 +58,31 @@ if [ -f "${OPENDKIM_KEYFILE}" ]; then
   chmod 0600 /var/opendkim/dkim.private
 fi
 
-# Generate TrustedHosts from env if file is empty.
-if [ ! -s /etc/opendkim/TrustedHosts ]; then
-  printf '%s\n' "${OPENDKIM_INTERNALHOSTS}" | tr ',' '\n' > /etc/opendkim/TrustedHosts
+# Generate KeyTable from env if file is empty.
+if [ ! -s /etc/opendkim/KeyTable ]; then
+  printf '%s._domainkey.%s %s:%s:/var/opendkim/dkim.private\n' \
+    "${OPENDKIM_SELECTOR}" \
+    "${OPENDKIM_DOMAIN}" \
+    "${OPENDKIM_DOMAIN}" \
+    "${OPENDKIM_SELECTOR}" \
+    > /etc/opendkim/KeyTable
 fi
 
+# Generate SigningTable from env if file is empty.
+if [ ! -s /etc/opendkim/SigningTable ]; then
+  printf '*@%s %s._domainkey.%s\n' \
+    "${OPENDKIM_DOMAIN}" \
+    "${OPENDKIM_SELECTOR}" \
+    "${OPENDKIM_DOMAIN}" \
+    > /etc/opendkim/SigningTable
+fi
+
+chown "${OPENDKIM_USER}:${OPENDKIM_GROUP}" /etc/opendkim/TrustedHosts /etc/opendkim/KeyTable /etc/opendkim/SigningTable
+
 cat > /etc/opendkim.conf <<EOF
 Syslog                  yes
 LogWhy                  yes
 UMask                   ${OPENDKIM_UMASK}
-Domain                  ${OPENDKIM_DOMAIN}
 Canonicalization        ${OPENDKIM_CANONICALIZATION}
 Mode                    ${OPENDKIM_MODE}
 SubDomains              ${OPENDKIM_SUBDOMAINS}
@@ -75,6 +90,8 @@ OversignHeaders         ${OPENDKIM_OVERSIGNHEADERS}
 UserID                  ${OPENDKIM_USERID}
 Socket                  ${OPENDKIM_SOCKET}
 PidFile                 ${OPENDKIM_PIDFILE}
+KeyTable                ${OPENDKIM_KEYTABLE}
+SigningTable            ${OPENDKIM_SIGNINGTABLE}
 InternalHosts           ${OPENDKIM_INTERNALHOSTS}
 AutoRestart             ${OPENDKIM_AUTO_RESTART}
 AutoRestartRate         ${OPENDKIM_AUTO_RESTART_RATE}