Custom DKIM selector

Question

Custom DKIM selector

bilogic opened this issue 7 months ago · comments

bilogic commented 7 months ago

Hi!

Is it possible to specify another DKIM selector other than mail?

bilogic · Answer 1 · Thu Jan 04 2024 17:10:06 GMT+0800 (China Standard Time)

I had a quick look over the source code, seems easy. However, some questions as I'm not familiar with python

~~Can the python code already read values from etc/mailinabox.conf?~~ Seems to be the env variable.
I think adding a DKIM_SELECTOR=mail as default
The PR will likely touch 2 scripts, test_dns.py and dns_update.py, ok?

bilogic · Answer 2 · Thu Jan 04 2024 18:13:14 GMT+0800 (China Standard Time)

I have some commits here main...bilogic:mailinabox:custom-dkim-selector, apologies that it is mixed in with a configurable TTL feature.

The main change is on line 792 of dns_update.py where I replaced mail with {selector}

My problem is, why does the /admin#external_dns still show mail._domainkey...? Where is the code to make the page reflect the custom selector?

Paul · Answer 3 · Thu Jan 04 2024 23:25:41 GMT+0800 (China Standard Time)

#2220 replaces OpenDKIM with dkimpy. My recommendation would be to work with @kiekerjan as your changes seem reasonable to me as I have issues with using mail as a selector because there are commercial services using the same selector so there is a potential to be in conflict. Better would be either configurable selector or at least something unique.

Then, ideally, this stimulates getting the PR merged.

KiekerJan · Answer 4 · Fri Jan 05 2024 00:50:08 GMT+0800 (China Standard Time)

Look at the dkim.sh script in the setup directory. There the default dns entry is generated.
Because this is done only at initial setup, you need to include some logic to generate a new mail.txt on every run of the setup, or include generating the dns record in dns_update.py

Also, in start.sh you might want to use something like DKIM_SELECTOR=${DEFAULT_DKIM_SELECTOR:-mail} Your current code will always use mail as selector (and overwrite anything else)

bilogic · Answer 5 · Fri Jan 05 2024 01:37:54 GMT+0800 (China Standard Time)

Just finished a hardware migration. Thank you for the info, let me find some time to review them.

But 1 quick qn first, is the maintainer open to accepting dkimpy first?

bilogic · Answer 6 · Fri Jan 05 2024 14:18:06 GMT+0800 (China Standard Time)

python and bash are like my 5th language 🤣

@myfirstnameispaul

Definitely configurable (and not just something different). Since we are going to change it, let's provide an end-all solution. From the looks of it, this is not a very big change here, so if and when we switch to dkimpy, I would be happy to help.

@kiekerjan

I'm thinking of asking for a selector at initial setup and it should not be touched again, trying to accomplish this with minimum code rather than introduce the same logic in different parts of the code, or do you have some ideas? Do share! The use of DEFAULT_DKIM_SELECTOR feels sufficiently configurable yet simple to me (aligned with aims of MIAB). What do you think?
~~I made the change in start.sh, but where does $DEFAULT_DKIM_SELECTOR come from?~~ All lines in an existing mailinbox.conf are prefixed with DEFAULT_

Thanks!

bilogic · Answer 7 · Fri Jan 05 2024 15:10:41 GMT+0800 (China Standard Time)

My new branch with the key bits here b51550d

Please help me to review. Thank you.