diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile
index 73b9ee1718c44479a5d433e24a8e58c57756d39a..5fb169afd91eea0927803eb2d6730b383bff2e2b 100644
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -6,7 +6,10 @@ RUN apt-get update && \
postfix-pcre \
postfix-mysql \
supervisor \
- ca-certificates && \
+ ca-certificates \
+ opendkim \
+ opendkim-tools \
+ opendmarc && \
rm -rf /var/lib/apt/lists/*
COPY install.sh /install.sh
@@ -24,7 +27,7 @@ RUN \
smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
mydestination=localhost && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
- "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
+ "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
"authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
/opt/editconf.py /etc/postfix/main.cf \
@@ -56,7 +59,21 @@ RUN \
virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \
local_recipient_maps=\$virtual_mailbox_maps && \
/opt/editconf.py /etc/postfix/main.cf \
- mynetworks="127.0.0.0/8 172.17.42.0/24"
+ mynetworks="127.0.0.0/8 172.17.42.0/24" && \
+ /opt/editconf.py /etc/opendmarc.conf -s \
+ "Syslog=true" \
+ "Socket=inet:8893@[127.0.0.1]" && \
+ /opt/editconf.py /etc/postfix/main.cf \
+ "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
+ non_smtpd_milters=\$smtpd_milters \
+ milter_default_action=accept && \
+ echo "MinimumKeyBits 1024" >> /etc/opendkim && \
+ echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "KeyTable refile:/etc/opendkim/KeyTable" >> /etc/opendkim && \
+ echo "SigningTable refile:/etc/opendkim/SigningTable" >> /etc/opendkim && \
+ echo "Socket inet:8891@localhost" >> /etc/opendkim && \
+ echo "RequireSafeKeys false" >> /etc/opendkim
#RUN /opt/editconf.py /etc/postfix/main.cf \
#smtp_tls_security_level=dane \
diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh
index d62a5ad9d2ce6b86237b7f2ca63a146d7848449c..f7cb48b1681978d0fd68f1316ed11f449e9b9eb4 100644
--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,7 +16,10 @@ sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf
/opt/mysql-check.sh
-chown -R postfix:postfix /var/spool/postfix/dovecot
+if [ ! -f /etc/opendkim/TrustedHosts ]; then
+ mkdir -p /etc/opendkim
+ echo "127.0.0.1" > /etc/opendkim/TrustedHosts
+fi
-EOF
+chown -R postfix:postfix /var/spool/postfix/dovecot
diff --git a/unit-files/postfix.service b/unit-files/postfix.service
index 99f821c51b88f60dacfac47e537ec565d5f8fa39..cf470f50a39e920d885c078cbd3c05c638e3495a 100644
--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run \
-v /data/runtime/postfix:/data \
-v /data/runtime/mail:/var/mail \
-v /data/domains/mail/TLS:/ssl \
+ -v /data/domains/mail/opendkim:/etc/opendkim \
--volumes-from=dovecot \
-p 25:25 \
-p 587:587 \
diff --git a/utils/add_email_to.sh b/utils/add_email.sh
similarity index 79%
rename from utils/add_email_to.sh
rename to utils/add_email.sh
index ffb79f695115737b60e6905176b7736058e1fb05..7db0d0d1ecf213580c569597a2b6454f9bb6aca1 100755
--- a/utils/add_email_to.sh
+++ b/utils/add_email.sh
@@ -1,22 +1,27 @@
#!/bin/bash -ex
-DOMAIN=$1
+EMAIL=$1
PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
+
/usr/bin/docker run \
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
-h db \
- -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');" \
-e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
VALUES( \
(SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
- 'contact@$DOMAIN');"
+ '$EMAIL');"
+
+echo "Email added with success"
+echo "Pass: $PASSWORD"
+
diff --git a/utils/add_email_alias.sh b/utils/add_email_alias.sh
index 60036b242cfcff01739e7babc4badc70ebff804e..5bd7ab160e62874ef57d34e7bdf48b1d266b2e1e 100755
--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
@@ -9,7 +9,7 @@ MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
diff --git a/utils/add_email_support.sh b/utils/add_email_support.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3c8643fd934534992e2a0be53615ac9970225096
--- /dev/null
+++ b/utils/add_email_support.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -ex
+
+DOMAIN=$1
+MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+
+/usr/bin/docker run \
+ --rm \
+ --name add_email_support_to_$DOMAIN \
+ --link mysql-mail:db \
+ indiepaas/mysql \
+ mysql \
+ -uadmin \
+ -p$MYSQL_PASS \
+ -h db \
+ -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
+
+mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
+
+/usr/bin/docker run \
+ --rm \
+ --name opendkim-genkey \
+ indiepaas/postfix \
+ /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail && chown -R opendkim: /etc/opendkim/keys
+
+mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
+
+echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
+
+echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
+
+echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+
+echo "Domain installed with success."
+echo "Please add the followig records to it's DNS."
+
+cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
+
+echo "And don't forget spf :)"
+