From 18ba6035f305df8e71af3744c1a65a0376c2136e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lo=C5=A1=C5=A5=C3=A1k?= Date: Sat, 28 Mar 2026 07:29:43 +0100 Subject: [PATCH] Reverted --- README.md | 39 ++++++++++++++++++++++++++++++++++++++- entrypoint.sh | 27 ++++++++++++++++++++++----- 2 files changed, 60 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 43ddf31..5c109fe 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,13 @@ OPENDKIM_TRUSTANCHORFILE="" OPENDKIM_INTERNALHOSTS="127.0.0.1,localhost,127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" # ExternalIgnoreList value for OpenDKIM. -OPENDKIM_EXTERNALIGNORELIST="" +OPENDKIM_EXTERNALIGNORELIST="refile:/etc/opendkim/TrustedHosts" + +# Path to KeyTable. +OPENDKIM_KEYTABLE="/etc/opendkim/KeyTable" + +# Path to SigningTable. +OPENDKIM_SIGNINGTABLE="refile:/etc/opendkim/SigningTable" # PID file path. OPENDKIM_PIDFILE="/run/opendkim/opendkim.pid" @@ -139,6 +145,7 @@ At startup the container: - creates OpenDKIM runtime directories - copies the mounted private key to `/var/opendkim/dkim.private` - sets secure ownership and permissions on the copied key +- generates `TrustedHosts`, `KeyTable`, and `SigningTable` if they are empty - generates `/etc/opendkim.conf` from environment variables - starts OpenDKIM using `/etc/opendkim.conf` @@ -153,6 +160,36 @@ The entrypoint generates these files automatically: /var/opendkim/dkim.private ``` +# Default generated tables +For example, with: + +```sh +OPENDKIM_DOMAIN=example.com +OPENDKIM_SELECTOR=dkim +``` + +the generated files look like this: + +## /etc/opendkim/KeyTable +```txt +dkim._domainkey.example.com example.com:dkim:/var/opendkim/dkim.private +``` + +## /etc/opendkim/SigningTable +```txt +*@example.com dkim._domainkey.example.com +``` + +## /etc/opendkim/TrustedHosts +```txt +127.0.0.1 +localhost +127.0.0.0/8 +192.168.0.0/16 +172.16.0.0/12 +10.0.0.0/8 +``` + # Postfix example Example Postfix settings when OpenDKIM runs in another container named `opendkim`: diff --git a/entrypoint.sh b/entrypoint.sh index 369e71e..5e18c00 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -46,7 +46,7 @@ mkdir -p \ /var/lib/opendkim \ /var/opendkim -touch /etc/opendkim/TrustedHosts /etc/opendkim/KeyTable /etc/opendkim/SigningTable +touch /etc/opendkim/KeyTable /etc/opendkim/SigningTable chown -R "${OPENDKIM_USER}:${OPENDKIM_GROUP}" /run/opendkim /var/lib/opendkim /var/opendkim chmod 0755 /run/opendkim /var/lib/opendkim /var/opendkim @@ -58,16 +58,31 @@ if [ -f "${OPENDKIM_KEYFILE}" ]; then chmod 0600 /var/opendkim/dkim.private fi -# Generate TrustedHosts from env if file is empty. -if [ ! -s /etc/opendkim/TrustedHosts ]; then - printf '%s\n' "${OPENDKIM_INTERNALHOSTS}" | tr ',' '\n' > /etc/opendkim/TrustedHosts +# Generate KeyTable from env if file is empty. +if [ ! -s /etc/opendkim/KeyTable ]; then + printf '%s._domainkey.%s %s:%s:/var/opendkim/dkim.private\n' \ + "${OPENDKIM_SELECTOR}" \ + "${OPENDKIM_DOMAIN}" \ + "${OPENDKIM_DOMAIN}" \ + "${OPENDKIM_SELECTOR}" \ + > /etc/opendkim/KeyTable fi +# Generate SigningTable from env if file is empty. +if [ ! -s /etc/opendkim/SigningTable ]; then + printf '*@%s %s._domainkey.%s\n' \ + "${OPENDKIM_DOMAIN}" \ + "${OPENDKIM_SELECTOR}" \ + "${OPENDKIM_DOMAIN}" \ + > /etc/opendkim/SigningTable +fi + +chown "${OPENDKIM_USER}:${OPENDKIM_GROUP}" /etc/opendkim/TrustedHosts /etc/opendkim/KeyTable /etc/opendkim/SigningTable + cat > /etc/opendkim.conf <