nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/email/privileged/dkim.py
Sunil Mohan Adapa 5389303e98
email: Use privileged decorator for actions 
Tests:

- Functional tests work (uninstall test does not work)
- Initial setup works
  - Domains are setup
  - Home is setup (others don't have permission for /var/mail)
  - Aliases configuration is setup
  - Postfix is setup
  - rspamd is setup
- Changing primary domain works
- Adding/removing domains works
- Error during operations is handle properly: getting dkim key
- Setting up DKIM key when changing, adding/removing domain works
  - Showing DKIM key in app page works

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2022-10-08 18:51:57 -04:00

59 lines
1.7 KiB
Python
Raw Permalink Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""Generate DKIM keys for signing outgoing messages.
See: https://rspamd.com/doc/modules/dkim_signing.html
"""
import pathlib
import re
import shutil
import subprocess
from plinth.actions import privileged
_keys_dir = pathlib.Path('/var/lib/rspamd/dkim/')
DOMAIN_PART_REGEX = r'^[a-zA-Z0-9]([-a-zA-Z0-9]{,61}[a-zA-Z0-9])?$'
def _validate_domain_name(domain):
for part in domain.split('.'):
if not re.match(DOMAIN_PART_REGEX, part):
raise ValueError('Invalid domain name')
@privileged
def get_dkim_public_key(domain: str) -> str:
"""Privileged action to get the public key from DKIM key."""
_validate_domain_name(domain)
key_file = _keys_dir / f'{domain}.dkim.key'
output = subprocess.check_output(
['openssl', 'rsa', '-in',
str(key_file), '-pubout'], stderr=subprocess.DEVNULL)
return ''.join(output.decode().splitlines()[1:-1])
@privileged
def setup_dkim(domain: str):
"""Create DKIM key for a given domain."""
_validate_domain_name(domain)
_keys_dir.mkdir(exist_ok=True)
_keys_dir.chmod(0o500)
shutil.chown(_keys_dir, '_rspamd', '_rspamd')
# Default path is /var/lib/dkim/$domain.$selector.key. Default selector is
# "dkim". Use these to simplify key management until we have a need to
# implement creating new or multiple keys.
key_file = _keys_dir / f'{domain}.dkim.key'
if key_file.exists():
return
# Ed25519 is widely *not* accepted as of 2022-01. See:
# https://serverfault.com/questions/1023674
subprocess.run([
'rspamadm', 'dkim_keygen', '-t', 'rsa', '-b', '2048', '-s', 'dkim',
'-d', domain, '-k', (str(key_file))
], check=True)
key_file.chmod(0o400)
Reference in New Issue View Git Blame Copy Permalink