Add DKIM support

[petslane]

This change is based on @xriser fork - https://github.com/xriser/docker-simple-mail-forwarder

• Added DKIM configuration based on @xriser work.
• Updated docker entrypoint to generate DKIM keypair if it's missing and set OpenDKIM Domain config value to $SMF_DOMAIN
• Added test to verify DNS TXT record match with DKIM keypair - but skip this test on docker build workflow as this test requires DNS TXT record
• Updated readme

@xriser please review this change

refs #41 #19

[lxsameer]

Is it possible to generate DKIM pair per smpt account ? I mean create a pair for each domain in SMF_CONFIG which has a smtp password.

[petslane]

I am not expert of these email server technologies, but as i understand then you should just set default._domainkey TXT record for both domains in DNS. But I'm not sure of SMF supports receiving emails for multiple domains.

[lxsameer]

@huan hey, what's the status of this

[huan]

@lxsameer I'd like to merge this new feature.

However, I'm not very familiar with the DKIM so I need someone to help me to confirm this PR is ok.

The code looks good to me, so I believe if there have one or two more approvement for this PR, I will have enough confidence to merge it.

[lxsameer]

It seems fine to me as well. I can give it a shot and report back

[mcknight89]

Really need SRS working as gmail considers everything spam, is there a development container somewhere I can use until this is pulled in?

[lxsameer]

@huan I confirm that this PR is good to go. I'm using it in production for about 45 days now

[huan]

@lxsameer great to hear from you, your feedback is very valuable!

One more thing: can we confirm that this PR will not affect other users of SMF?

I mean we have to make sure that the new code will not block anyone if they are not using DKIM.

This PR will ready to be merged after we confirmed that.

Thank you very much for the efforts pushing this PR moving forward, appreciate it!

[lxsameer]

@huan It doesn't, It creates the key and everything and everything operate as usual. In order to activate it users need to take care of their DNS records

[huan]

Thank you very much for the confirmation @lxsameer .

Merged and should be published as v1.3.2 shortly.

[dgraziotin]

I have missed this one when I commented previously. Do I understand it correctly that sent e-mails (when using SMF as SMTP server) still miss DKIM?

[dgraziotin]

@huan found the issue. Right now DKIM is supported only for the domain in $SMF_DOMAIN. We are however allowed to send for several domains, and all others will miss DKIM signature. I see if I can do something for this.

[huan]

Glad to know that you found the issue!

Any improvement for our SMF will be welcome, thanks!

[petslane]

@dgraziotin Does setting the same default._domainkey TXT record on all the domains help? Probably not, as opendkim-genkey that generates these pub/priv keys have a domain as input, so probably every domain needs its own pub/priv keys.

Currently, SMF_DOMAIN env variable is used to generate these keys for that domain, but maybe these domains should be extracted from SMF_CONFIG and generate keys for every domain. But I don't know how to configure opendkim.conf for multi-domain.

[petslane]

https://serverfault.com/a/1004858

looks like listing all domains in Domain in opendkim.conf file should work, needs testing. So somehow using the same pub/priv keys for multiple domains is possible.

[dgraziotin]

@petslane working on it :-) I'm extracting all ${virtualDomain} and generating one key each. Will come back here once I have something working.

[dgraziotin]

Looking good already! Will now see how to test it properly and make a PR.

[dgraziotin]

@petslane @huan feel free to review #89!