From e4b3822143f32bcb4471a37e5fe8a8f856792eec Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Mon, 21 Oct 2019 19:23:27 +0200
Subject: [PATCH] add DKIM options to PMG::Config

This patch adds a new registered file to PMG::Config: /etc/pmg/dkim/domains.
* It holds a list of domains for which mail will be signed if received on the
  internal port (26).
* The domain of a mail is determined by it's envelope-sender
  (not the From: header)
* If the file does not exist mail is signed for the relay domains as a sensible
  fallback

Additionally it adds 3 new options to the admin section of pmg.conf:
* dkim_sign - whether DKIM signing should be attempted
* dkim_sign_all_mail - wheter the outbound mail should be signed irrespective
  of sender-domain
* dkim_selector - the selector used for signing (a label of the DKIM TXT record
  and present in the signature - thus linking the signature to the used key
  - see RFC6376)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/Config.pm | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index a0acd4a..4634bd5 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -112,6 +112,20 @@ sub properties {
 	    type => 'string', pattern => '^/([^/\0]+\/)+[^/\0]+$',
 	    default => '/usr/local/bin/pmg-custom-check',
 	},
+	dkim_sign => {
+	    description => "DKIM sign outbound mails with the configured Selector.",
+	    type => 'boolean',
+	    default => 0,
+	},
+	dkim_sign_all_mail => {
+	    description => "DKIM sign all outgoing mails irrespective of the Envelope From domain.",
+	    type => 'boolean',
+	    default => 0,
+	},
+	dkim_selector => {
+	    description => "Default DKIM selector",
+	    type => 'string', format => 'dns-name', #see RFC6376 3.1
+	},
     };
 }
 
@@ -127,6 +141,9 @@ sub options {
 	http_proxy => { optional => 1 },
 	custom_check => { optional => 1 },
 	custom_check_path => { optional => 1 },
+	dkim_sign => { optional => 1 },
+	dkim_sign_all_mail => { optional => 1 },
+	dkim_selector => { optional => 1 },
     };
 }
 
@@ -917,6 +934,13 @@ PVE::INotify::register_file('domains', $domainsfilename,
 			    \&write_pmg_domains,
 			    undef, always_call_parser => 1);
 
+my $dkimdomainsfile = '/etc/pmg/dkim/domains';
+
+PVE::INotify::register_file('dkimdomains', $dkimdomainsfile,
+			    \&read_pmg_domains,
+			    \&write_pmg_domains,
+			    undef, always_call_parser => 1);
+
 my $mynetworks_filename = "/etc/pmg/mynetworks";
 
 sub read_pmg_mynetworks {
@@ -1551,6 +1575,11 @@ sub rewrite_config_postfix {
 #parameters affecting services w/o config-file (pmgpolicy, pmg-smtp-filter)
 my $pmg_service_params = {
     mail => { hide_received => 1 },
+    admin => {
+	dkim_selector => 1,
+	dkim_sign => 1,
+	dkim_sign_all_mail => 1,
+    },
 };
 
 my $smtp_filter_cfg = '/run/pmg-smtp-filter.cfg';
-- 
2.39.2