From 7ecee3063c06f5bec915ea0eebb48c0fa5637ae2 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sun, 6 Nov 2022 16:06:12 +0100
Subject: [PATCH] [postfix] Filter messages with OpenDKIM.

---
 dovecot/README  |  5 ++++-
 opendkim/README | 22 ++++++++++++++++++++++
 postfix/main.cf |  5 +++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/dovecot/README b/dovecot/README
index de9de73..8466c00 100644
--- a/dovecot/README
+++ b/dovecot/README
@@ -112,5 +112,8 @@ Add a user.
 ```
 psql --username=postgres --dbname=<database> \
   --command="INSERT INTO users \
-             VALUES ('user', 'domain.com', MD5('<password>'))"
+             VALUES ('user', 'domain.com', MD5('<password>'), \
+	             '<selector>')"
 ```
+
+See `opendkim/README` to create a `<selector>`.
diff --git a/opendkim/README b/opendkim/README
index 449e7a1..e111608 100644
--- a/opendkim/README
+++ b/opendkim/README
@@ -14,6 +14,28 @@ opendkim
 |-> opendkim      -- /etc/default :: service configuration
 `-> opendkim.conf -- /etc/        :: configuration parameters
 
+Notes
+-----
+
+Generate keys for DKIM.
+
+```
+$ mkdir -p /etc/opendkim/keys/<domain>
+$ opendkim-genkey --directory=/etc/opendkim/keys/<domain> --selector=<selector> \
+    --domain=<domain>
+$ chown opendkim:opendkim /etc/opendkim/keys/<domain>/<selector>.private
+```
+
+Add a record in the database.
+
+```
+psql -U postgres -d mail_db \
+  -c "INSERT INTO dkim_keys \
+      VALUES ('<selector>', '/etc/opendkim/keys/<domain>/<selector>.private')"
+```
+
+Add `/etc/opendkim/keys/<domain>/<selector>.txt` as a DNS record.
+
 Install
 -------
 
diff --git a/postfix/main.cf b/postfix/main.cf
index dbdc517..c2184c5 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -27,3 +27,8 @@ smtpd_tls_security_level = encrypt
 
 # Message rewrite
 always_add_missing_headers = yes
+# OpenDKIM
+milter_protocol = 2
+milter_default_action = accept
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891
-- 
2.39.5