Ansible role for configuring Postfix with OpenDKIM, an implementation for Linux of DKIM mail signing. Works on Debian distributions and derived like Ubuntu.
This role configures DKIM mail signing service in a hosts that works as a Mail Transport Agent (MTA).
The role:
- installs and configures opendkim,
- creates private and public dkim keys for the domains it has to sign, declared in the
dkim_domainsvariable, - installs postfix and configures it to pass all the messages of the configured domains to be signed by opendkim,
- shows the DNS records with the public keys that must be defined in the public DNS of the domains we sign.
The role requires that you configure all the rest of the mail management and you will need to have access to the DNS configuration of the domains you are requesting to sign. At the end, the role will give you the DNS records with the public keys of the domains that you will have to publish in the global DNS system.
See also comments and default values in role's file default/main.yml.
| Variable | Default value | Description |
|---|---|---|
dkim_default_config_file: |
/etc/default/opendkim | Opendkim default values configuration file |
dkim_opendkim_config_dir: |
/etc/opendkim | Opendkim configuration directory |
dkim_user: |
opendkim | linux user that runs Opendkim |
dkim_group: |
opendkim | linux group that runs Opendkim |
| Variable | Default value | Description |
|---|---|---|
dkim_selector: |
DKIM Public Key DNS record's selector. The definition of a value specific to the MTA server allows to associate the same domain several DKIM Public Keys as DNS records, one for each server that manages and signs mail of the domain. | |
dkim_admin_email: |
none | e-mail address that manages Opendkim. You must define either dkim_admin_email or legacy admin_email. |
dkim_trustedhosts: |
['127.0.0.1','localhost'] |
List of trusted hosts for opendkim |
dkim_domains: |
none | List of domains that Opendkim must be configured to sign the mails of. A yaml list of DNS. |
dkim_same_key: |
true | Whether Opendkim must generate and use the same key for all domains or one specific key for each domain. |
dkim_rsa_keylen: |
2048 | RSA keylength when generating keys with opendkim-keygen. Other currently possible options are 1024 or 4096. |
| Variable | Default value | Description |
|---|---|---|
dkim_postfix_config_file: |
/etc/postfix/main.cf | Postfix main configuration file |
dkim_postfix_config: |
see vars/main.yml |
List of parameters to be defined in Postfix configuration. Default configuration ensures opendkim is set up as a milter of Postfix to sign mails. You can define additional Postfix parameters using a list union. |
| Variable | Default value | Description |
|---|---|---|
dkim_generate_only: |
false | Only (false) generate DKIM keys and display records to provide the opportunity for DNS publication, or: (true) generate, display and immediately deploy to opendkim plus restart opendkim in the same run |
---
- hosts: myserver
roles:
- role: sunfoxcz.dkim
# if admin_email variable is present, will be used as default for dkim_admin_email
dkim_admin_email: [email protected]
dkim_selector: mail
dkim_domains:
- domain1.tld
- domain2.tld
dkim_same_key: falseLicensed under MIT license. See LICENSE for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent