diff options
| author | Bruno Cornec <bruno@victoria.frmug.org> | 2024-02-20 20:21:38 +0100 |
|---|---|---|
| committer | Bruno Cornec <bruno@victoria.frmug.org> | 2024-02-20 20:21:38 +0100 |
| commit | ee3b095f21f4f035120e5be13f2c3865f6598f30 (patch) | |
| tree | 9e8bcb368b4e54f11d8319b56eb6a1798c4f4c1f | |
| parent | 6ea5ab04fc45a455ddad30046769c2b6389a8e25 (diff) | |
| download | puppet-ee3b095f21f4f035120e5be13f2c3865f6598f30.tar puppet-ee3b095f21f4f035120e5be13f2c3865f6598f30.tar.gz puppet-ee3b095f21f4f035120e5be13f2c3865f6598f30.tar.bz2 puppet-ee3b095f21f4f035120e5be13f2c3865f6598f30.tar.xz puppet-ee3b095f21f4f035120e5be13f2c3865f6598f30.zip | |
Adapt sympa configuration for DKIM+DMARC
| -rw-r--r-- | modules/sympa/templates/config | 10 | ||||
| -rw-r--r-- | modules/sympa/templates/sympa.conf | 13 |
2 files changed, 20 insertions, 3 deletions
diff --git a/modules/sympa/templates/config b/modules/sympa/templates/config index 0f3ce94e..d0e4b2c3 100644 --- a/modules/sympa/templates/config +++ b/modules/sympa/templates/config @@ -89,3 +89,13 @@ include_ldap_query process_archive on status open + +dkim_parameters +dkim_signature_apply_on any +selector <%= selector %> +signer_domain <%= vhost %> +header_list from:sender:reply-to:subject:date:message-id:to:cc:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive:in-reply-to:references:resent-date:resent-from:resent-sender:resent-to:resent-cc:resent-message-id:mime-version:content-type:content-transfer-encoding:content-id:content-description +private_key_path /etc/opendkim/keys/<%= vhost %>/<%= selector %>.private + +dmarc_protection +phrase name_email_via_list diff --git a/modules/sympa/templates/sympa.conf b/modules/sympa/templates/sympa.conf index 238c8f9a..fe072157 100644 --- a/modules/sympa/templates/sympa.conf +++ b/modules/sympa/templates/sympa.conf @@ -563,12 +563,14 @@ default_sql_fetch_timeout 300 ## Enable DKIM ## If set to "on", Sympa may verify DKIM signatures of incoming messages and/ ## or insert DKIM signature to outgoing messages. -dkim_feature off +## Modified by bcornec on 2024-02-20 +dkim_feature on +dkim_signature_apply_on any ## Which service messages to be signed ## Inserts a DKIM signature to service messages in context of robot, list or ## both -dkim_add_signature_to robot,list +#dkim_add_signature_to robot,list ## The "d=" tag as defined in rfc 4871 ## The DKIM "d=" tag, is the domain of the signing entity. Default is virtual @@ -576,7 +578,12 @@ dkim_add_signature_to robot,list dkim_signer_domain <%= vhost %> ## Rewrite header for DKIM signed messages and DMARC rejecting domains -dmarc_protection_mode dkim_signature,dmarc_reject +#dmarc_protection_mode dkim_signature,dmarc_reject +dmarc_protection_mode all + +## Rewrite header so mail is coming from list with name of original sender. Its mail address is in the headers +dmarc_protection.phrase list_for_email +arc_feature on ###\\\\ Antivirus plug-in ////### |