diff options
| author | Ero Sennin <ag.services@sologoc.com> | 2021-10-14 18:45:21 +0000 |
|---|---|---|
| committer | lewo <lewo@abesis.fr> | 2021-10-14 18:45:21 +0000 |
| commit | 0d9a880c0e41a553c5d9af4efa62169db7ddeb62 (patch) | |
| tree | 1417ae33f016e1a18f5e9c5bf3be48f9af560332 | |
| parent | acaba31d8f35f640e21a88f1c0719f74b3146568 (diff) | |
Set DKIM policy to relaxed/relaxed
And make this policy configurable.
| -rw-r--r-- | default.nix | 20 | ||||
| -rw-r--r-- | docs/options.rst | 24 | ||||
| -rw-r--r-- | mail-server/opendkim.nix | 2 |
3 files changed, 45 insertions, 1 deletions
diff --git a/default.nix b/default.nix index 5d94438..6bb0c23 100644 --- a/default.nix +++ b/default.nix @@ -600,6 +600,26 @@ in ''; }; + dkimHeaderCanonicalization = mkOption { + type = types.enum ["relaxed" "simple"]; + default = "relaxed"; + description = '' + DKIM canonicalization algorithm for message headers. + + See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + ''; + }; + + dkimBodyCanonicalization = mkOption { + type = types.enum ["relaxed" "simple"]; + default = "relaxed"; + description = '' + DKIM canonicalization algorithm for message bodies. + + See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + ''; + }; + debug = mkOption { type = types.bool; default = false; diff --git a/docs/options.rst b/docs/options.rst index d198f5e..253690d 100644 --- a/docs/options.rst +++ b/docs/options.rst @@ -627,6 +627,30 @@ mailserver.dkim ~~~~~~~~~~~~~~~ +mailserver.dkimBodyCanonicalization +----------------------------------- + +DKIM canonicalization algorithm for message bodies. + +See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + + +- Type: ``one of "relaxed", "simple"`` +- Default: ``relaxed`` + + +mailserver.dkimHeaderCanonicalization +------------------------------------- + +DKIM canonicalization algorithm for message headers. + +See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. + + +- Type: ``one of "relaxed", "simple"`` +- Default: ``relaxed`` + + mailserver.dkimKeyBits ---------------------- diff --git a/mail-server/opendkim.nix b/mail-server/opendkim.nix index 6fd0bef..3dd7d57 100644 --- a/mail-server/opendkim.nix +++ b/mail-server/opendkim.nix @@ -59,7 +59,7 @@ in keyPath = cfg.dkimKeyDirectory; domains = "csl:${builtins.concatStringsSep "," cfg.domains}"; configFile = pkgs.writeText "opendkim.conf" ('' - Canonicalization relaxed/simple + Canonicalization ${cfg.dkimHeaderCanonicalization}/${cfg.dkimBodyCanonicalization} UMask 0002 Socket ${dkim.socket} KeyTable file:${keyTable} |