Adding DKIM instructions and config files

Author: technicalguru

CONTRIBUTING.md

@@ -37,6 +37,7 @@ Mailserver is intentionally modular. Its main mail-related functions are separat
 
 * [docker-mailserver](https://github.com/technicalguru/docker-mailserver) - Provides help, guidance and examples how to orchestrate the Docker images
 * [docker-mailserver-postfix](https://github.com/technicalguru/docker-mailserver-postfix) - Implements the core mailing functionality to send and receive messages.
+* [docker-mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) - OpenDKIM image (DKIM signing milter component)
 * [docker-mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) - Provides administration function for domains and mailboxes
 * [docker-mailserver-amavis](https://github.com/technicalguru/docker-mailserver-amavis) - Provides mail scanners to detect viruses and spam
 * [docker-mailserver-roundcube](https://github.com/technicalguru/docker-mailserver-roundcube) - A webmail interface that lets you pick-up, read, manage and send e-mails

README.md

@@ -20,6 +20,7 @@ configuration scripts.
 # Sub-projects
 
 * [docker-mailserver-postfix](https://github.com/technicalguru/docker-mailserver-postfix) - Postfix/Dovecot image (mailserver component)
+* [docker-mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) - OpenDKIM image (DKIM signing milter component)
 * [docker-mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) - Image for PostfixAdmin (Web UI to manage mailboxes and domain in Postfix)
 * [docker-mailserver-amavis](https://github.com/technicalguru/docker-mailserver-amavis) - Amavis, ClamAV and SpamAssassin (provides spam and virus detection)
 * [docker-mailserver-roundcube](https://github.com/technicalguru/docker-mailserver-roundcube) - Roundcube Webmailer
@@ -37,6 +38,7 @@ A complete mailserver is the coordinated setup of multiple components. Various d
 
 1. [MySQL >8.0](https://hub.docker.com/\_/mysql) or [MariaDB >10.4](https://hub.docker.com/\_/mariadb) as the database backend
 1. [Postfix/Dovecot instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-postfix)
+1. [OpenDKIM instance](https://github.com/technicalguru/docker-mailserver-opendkim) (optional)
 1. [Amavis/ClamAV/SpamAssassin instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-amavis)
 1. [PostfixAdmin instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-postfixadmin)
 1. [Roundcube](https://hub.docker.com/repository/docker/technicalguru/mailserver-roundcube)
@@ -62,7 +64,7 @@ Please refer to the special [HELM](examples/helm-charts) section.
 * Postfix's main ports can be protected by TLS. Please make use of this as it increases security of your setup. In fact,
   the Postfix setup was never tested thoroughly without TLS so it is possible it will not work properly - especially when
   passwords are required.
-* PostfixAdmin and Roundcube are Web User Interfaces that are exposed as HTTP only. An attacker could easily copy your network
+* PostfixAdmin, OpenDKIM and Roundcube provide Web User Interfaces that are exposed as HTTP only. An attacker could easily copy your network
   traffic and read your passwords. Make sure you have an appropriate Ingress Controller or Reverse Proxy in front and your traffic
   is routed internally on your host only. 
 * If your internal network traffix in a Kubernetes cluster is crossing node borders, you will need to ensure that it is encrypted.

examples/helm-charts/README.md

@@ -83,6 +83,11 @@ helm install \
 Now, everything is complete to actually create your domains and mailboxes. Follow the instructions as given in
 [mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) documentation.
 
+## Setup DKIM Signing
+
+The OpenDKIM container does not create any keys (yet). Please follow the key setup instruction of the 
+[mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+
 ## Setup Roundcube WebMailer
 
 Roundcube will require a correct database setup. It can create all the schema tables itself but the database

examples/kubernetes/README.md

@@ -117,6 +117,27 @@ kubectl get pods -n mailserver
 
 Also check that the new pod has no issues. Use `kubectl logs <pod-name>` or your logging infrastructure.
 
+## Setup OpenDKIM
+
+Check the `services/opendkim.yaml` file. If the service definition fits
+then create the service:
+
+```
+kubectl apply -f services/opendkim.yaml
+```
+
+Second, adust the `deployments/opendkim.yaml` file. It requires you to change the
+database and domain data. A complete description can be found
+in the [mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+If the deployment definition is ok for you then apply it:
+
+```
+kubectl apply -f deployments/opendkim.yaml
+```
+
+You need to execute some further steps in order to setup signing keys. Follow the instructions as given in
+[mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+
 ## Setup Amavis Virus and Spam Checker
 
 Check the `services/amavis.yaml` file. If the service definition fits
@@ -221,6 +242,8 @@ Here are some useful links that help you to test whether your new Mailserver wor
 * [**Relay Test**](http://www.aupads.org/test-relay.html) - checks whether your mailserver can be misused as an open mail gateway (relay)
 * [**TLS Test**](https://www.checktls.com/) - checks whether your TLS configuration is complete and works as intended
 * [**SMTP Test**](https://mxtoolbox.com/diagnostic.aspx) - A general mailserver diagnostic tool
+* [**DMARC DKIM Record Checker**](https://www.dmarcanalyzer.com/how-to-validate-a-domainkey-dkim-record/) - checks correctness of your DKIM DNS TXT entry
+* [**DKIM Check**](https://www.appmaildev.com/en/dkim) - verifies your DKIM signing feature by giving you a temporary recipient address where you send a test mail
 
 # Congratulations!
 

examples/kubernetes/deployments/opendkim.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opendkim
+  namespace: mailserver
+spec:
+  selector:
+    matchLabels:
+      app: mailserver
+      tier: opendkim
+  template:
+    metadata:
+      labels:
+        app: mailserver
+        tier: opendkim
+        logType: opendkim
+    spec:
+      containers:
+      - name: opendkim
+        image: technicalguru/mailserver-opendkim
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: DKIM_DOMAIN
+          value: "<my-first-domain>"
+        - name: DKIM_PORT
+          value: "41001"
+        - name: DKIM_DB_HOST
+          value: "mariadb"
+        - name: DKIM_DB_NAME
+          value: "opendkim"
+        - name: DKIM_DB_USER
+          value: "opendkim"
+        - name: DKIM_DB_PASS
+          value: "<my-mariadb-opendkim-password>"
+        - name: DKIM_SETUP_PASS
+          value: "<my-mariadb-root-password>"
+        ports:
+        - containerPort: 41001
+          name: opendkim
+    

examples/kubernetes/services/opendkim.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opendkim
+  namespace: mailserver
+spec:
+  selector:
+    app: mailserver
+    tier: opendkim
+  ports:
+  - port: 41001
+    name: opendkim
+    targetPort: opendkim