Author: varkoly Date: Thu Jun 16 13:07:55 2011 New Revision: 64403 URL: http://svn.opensuse.org/viewcvs/yast?rev=64403&view=rev Log: FATE#310517: DKIM and DomainKeys support Added: branches/SuSE-Code-11-SP1-Branch/mail/agents/setup_dkim_verifying.pl (with props) Modified: branches/SuSE-Code-11-SP1-Branch/mail/agents/Makefile.am branches/SuSE-Code-11-SP1-Branch/mail/src/Mail.ycp branches/SuSE-Code-11-SP1-Branch/mail/src/ui.ycp branches/SuSE-Code-11-SP1-Branch/mail/src/widgets.ycp Modified: branches/SuSE-Code-11-SP1-Branch/mail/agents/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/mail/agents/Makefile.am?rev=64403&r1=64402&r2=64403&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/mail/agents/Makefile.am (original) +++ branches/SuSE-Code-11-SP1-Branch/mail/agents/Makefile.am Thu Jun 16 13:07:55 2011 @@ -7,7 +7,7 @@ agent_SCRIPTS = ag_fetchmailrc \ ag_smtp_auth \ ag_mailtable \ - \ + setup_dkim_verifying.pl \ ag_mailconfig \ ag_postfix_mastercf \ MasterCFParser.pm \ Added: branches/SuSE-Code-11-SP1-Branch/mail/agents/setup_dkim_verifying.pl URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/mail/agents/setup_dkim_verifying.pl?rev=64403&view=auto ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/mail/agents/setup_dkim_verifying.pl (added) +++ branches/SuSE-Code-11-SP1-Branch/mail/agents/setup_dkim_verifying.pl Thu Jun 16 13:07:55 2011 @@ -0,0 +1,95 @@ +#!/usr/bin/perl + +BEGIN { push @INC, "/usr/lib/YaST2/servers_non_y2"; } + +use strict; +use MasterCFParser; +my $DOMAIN=`postconf -h mydomain`; +chomp $DOMAIN; + +if( ! "$DOMAIN" ) { + print "Bad postfix configuration. mydomain can not be detected"; + exit 1; +} + +#Generate the key +if( ! -e "/var/db/dkim/$DOMAIN.pem" ){ + print "Creating /var/db/dkim/$DOMAIN.pem\n"; + system( "amavisd genrsa /var/db/dkim/$DOMAIN.pem"); +} + +#Introduce key into /etc/amavisd.conf +my $amavisd = ""; +my $enable_dkim_signing = 0; +open IN, "/etc/amavisd.conf"; +print OUT $amavisd; +close OUT; + +#Now we adapt master.cf +my $msc = new MasterCFParser(); +$msc->readMasterCF(); + +if( ! $msc->serviceExists( { service => 'submission' , command => 'smtpd' } )) +{ + if( $msc->addService( { 'service' => 'submission', + 'type' => 'inet', + 'private' => 'n', + 'unpriv' => '-', + 'chroot' => 'n', + 'wakeup' => '-', + 'maxproc' => '-', + 'command' => 'smtpd', + 'options' => { 'content_filte' => 'amavis:[127.0.0.1]:10026', + 'smtpd_recipient_restrictions' => 'permit_sasl_authenticated,permit_mynetworks,reject' } + }) ) + { + print "ERROR in addService()\n"; + } +} +else +{ + if( $msc->modifyService( { 'service' => 'submission', + 'type' => 'inet', + 'private' => 'n', + 'unpriv' => '-', + 'chroot' => 'n', + 'wakeup' => '-', + 'maxproc' => '-', + 'command' => 'smtpd', + 'options' => { 'content_filte' => 'amavis:[127.0.0.1]:10026', + 'smtpd_recipient_restrictions' => 'permit_sasl_authenticated,permit_mynetworks,reject' } + }) ) + { + print "ERROR in modifyService()\n"; + } +} + +$msc->writeMasterCF(); Modified: branches/SuSE-Code-11-SP1-Branch/mail/src/Mail.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/mail/src/Mail.ycp?rev=64403&r1=64402&r2=64403&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/mail/src/Mail.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/mail/src/Mail.ycp Thu Jun 16 13:07:55 2011 @@ -84,6 +84,12 @@ global boolean use_amavis = false; /** + * Use a DKIM for outgoing email. + * If it is enabled AMaViS will be enabled too. + */ + global boolean use_dkim = false; + + /** * Is amavis available on the installation media? */ global boolean amavis_allowed = true; @@ -252,6 +258,10 @@ install_packages = []; remove_packages = []; + if (use_dkim) + { + use_amavis = true; + } if (use_amavis) { if (! Package::Installed ("amavisd-new")) @@ -427,6 +437,7 @@ Mode::commandline (); // || PackageSystem::Available (amavis_pkg); use_amavis = amavis_allowed && (SCR::Read (.sysconfig.amavis.USE_AMAVIS) == "yes"); + use_dkim = use_amavis && (SCR::Read (.sysconfig.amavis.USE_DKIM) == "yes"); // local_domains string ld_s = ""; @@ -652,6 +663,7 @@ connection_type = `dialup; amavis_allowed = true; use_amavis = true; + use_dkim = true; // good example? local_domains = ["branch1.example.com", "branch2.example.com"]; outgoing_mail_server = "mail.example.com"; @@ -745,8 +757,9 @@ } Service::Enable (service); - // amavis + // amavis, dkim SCR::Write (.sysconfig.amavis.USE_AMAVIS, use_amavis? "yes":"no"); + SCR::Write (.sysconfig.amavis.USE_DKIM, use_dkim ? "yes":"no"); // used also in WriteServices amavis_service = true; Service::Adjust ("amavis", use_amavis? "enable":"disable"); @@ -1067,6 +1080,10 @@ return false; } } + if (use_dkim) + { + SCR::Execute(.target.bash, "/usr/lib/YaST2/servers_non_y2/setup_dkim_verifying.pl"); + } } Service::Stop ("fetchmail"); @@ -1228,6 +1245,7 @@ connection_type = settings["connection_type"]: `none; listen_remote = settings["listen_remote"]: false; use_amavis = settings["use_amavis"]: false; + use_dkim = settings["use_dkim"]: false; local_domains = settings["local_domains"]: []; outgoing_mail_server = settings["outgoing_mail_server"]: ""; postfix_mda = settings["postfix_mda"]: `local; @@ -1241,6 +1259,9 @@ smtp_use_TLS = settings["smtp_use_TLS"]: "yes"; smtp_auth = settings["smtp_auth"]: []; system_mail_sender = settings["system_mail_sender"]:""; + if( use_dkim ) { + use_amavis = true; + } y2debug ("after %1", settings); // may contain passwords return true; } @@ -1257,6 +1278,7 @@ "connection_type": connection_type, "listen_remote": listen_remote, "use_amavis": use_amavis, + "use_dkim" : use_dkim, "local_domains": local_domains, "outgoing_mail_server": outgoing_mail_server, "from_header": from_header, @@ -1373,18 +1395,13 @@ summary = summary + ListItem (_("Masquerade Users"), masquerade_users, "user"); // summary header summary = Summary::AddHeader(summary, _("Accept remote SMTP connections")); - summary = Summary::AddLine(summary, (listen_remote) ? - // summary item - _("Yes") : - // summary item - _("No")); + summary = Summary::AddLine(summary, (listen_remote) ? _("Yes") : _("No")); // summary header summary = Summary::AddHeader(summary, _("Use AMaViS")); - summary = Summary::AddLine(summary, (use_amavis) ? - // summary item - _("Yes") : - // summary item - _("No")); + summary = Summary::AddLine(summary, (use_amavis) ? _("Yes") : _("No")); + // summary header + summary = Summary::AddHeader(summary, _("Use DKIM")); + summary = Summary::AddLine(summary, (use_dkim) ? _("Yes") : _("No")); // summary item summary = summary + ListItem (_("Fetchmail"), fetchmail, "server"); // summary item Modified: branches/SuSE-Code-11-SP1-Branch/mail/src/ui.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/mail/src/ui.ycp?rev=64403&r1=64402&r2=64403&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/mail/src/ui.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/mail/src/ui.ycp Thu Jun 16 13:07:55 2011 @@ -230,7 +230,8 @@ list widgets = []; - symbol ct = Mail::connection_type; + symbol ct = Mail::connection_type; + boolean ama = Mail::use_amavis; if (preselect_connection_type != nil) { ct = preselect_connection_type; @@ -258,21 +259,26 @@ boolean amavis_allowed = Mail::amavis_allowed; term amavis_t = nil; + term dkim_t = nil; if (amavis_allowed) { amavis_t = `Left (WJ_MakeWidget (`use_amavis)); - widgets = add (widgets, `use_amavis); + widgets = add (widgets, `use_amavis); + dkim_t = `Left (WJ_MakeWidget (`use_dkim)); + widgets = add (widgets, `use_dkim); } else { amavis_t = `Empty (`id (`use_amavis)); + dkim_t = `Empty (`id (`use_dkim)); } contents = `HSquash ( `VBox ( contents, `VSpacing (1), - amavis_t + amavis_t, + dkim_t ) ); @@ -284,10 +290,11 @@ any ret = nil; while (true) { - ct = (symbol) UI::QueryWidget (`id (`ctg), `CurrentButton); + ct = (symbol) UI::QueryWidget (`id (`ctg), `CurrentButton); if (ct == `permanent || ct == `dialup) { UI::ChangeWidget (`id (`use_amavis), `Enabled, true); + UI::ChangeWidget (`id (`use_dkim), `Enabled, true); Wizard::RestoreNextButton(); //argh, slow //Wizard::RestoreNextButton (); @@ -296,8 +303,20 @@ { UI::ChangeWidget (`id (`use_amavis), `Value, false); UI::ChangeWidget (`id (`use_amavis), `Enabled, false); + UI::ChangeWidget (`id (`use_dkim), `Value, false); + UI::ChangeWidget (`id (`use_dkim), `Enabled, false); Wizard::SetNextButton(`next, Label::FinishButton() ); } + ama = (boolean) UI::QueryWidget (`id (`use_amavis), `Value); + if(ama) + { + UI::ChangeWidget (`id (`use_dkim), `Enabled, true); + } + else + { + UI::ChangeWidget (`id (`use_dkim), `Value, false); + UI::ChangeWidget (`id (`use_dkim), `Enabled, false); + } ret = UI::UserInput (); if (ret == `cancel) Modified: branches/SuSE-Code-11-SP1-Branch/mail/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/mail/src/widgets.ycp?rev=64403&r1=64402&r2=64403&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/mail/src/widgets.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/mail/src/widgets.ycp Thu Jun 16 13:07:55 2011 @@ -356,6 +356,23 @@ Mail::use_amavis = am; } +/** + * @return a variable to be used by a widget + */ +define boolean Get_use_dkim () ``{ + return Mail::use_dkim; +} + +/** + * Set a variable acording to widget value + * @param id widget id + */ +define void Set_use_dkim (symbol id) ``{ + boolean dkim = (boolean) UI::QueryWidget (`id (id), `Value); + Mail::Touch (Mail::use_dkim != dkim); + Mail::use_dkim = dkim; +} + /** * @return a variable to be used by a widget @@ -715,12 +732,19 @@ "widget": `CheckBox (), // checkbox label "label": _("&Enable virus scanning (AMaViS)"), + // we need notify option to enable disable dkim + "opt" : `opt (`notify), // help text "help": _(" -<p>Enabling virus scanning checks incoming and outgoing mail +<p><b>Enabling virus scanning (AMaViS)</b> checks incoming and outgoing mail with AMaViS.</p> ") // help text ++ _("<p>Enabling AMaViS will also enable the following modules: </p> +<p><b>Spamassassin</b> SPAM scanner</p> +<p><b>DKIM</b> checks Domain Key signed incomming mails</p> +<p><b>Clamav</b> open source virus scanner engine</p>") + // help text + _(" <p>If AMaViS is not installed and you want to use it, it will be installed automatically.</p> @@ -728,6 +752,38 @@ "get": Get_use_amavis, "set": Set_use_amavis, ], + `use_dkim: $[ + "widget": `CheckBox (), + // checkbox label + "label": _("&Enable DKIM signing for outgoing mails."), + // help text + "help": _(" +<p><b>Enabling DKIM signig for outgoing mails.</b></p> +") + // help text ++ _(" +<p>Enabling DKIM for outgoing emails requires additional actions. A SSL key +will be generated for the 'mydomain'-value defined in postfix. A new service +'submission' will be configured in postfix. After this is set up you can send +email with this service 'submission' from 'mynetworks' with enabled SASL +authentication. Only the emails sent by this new service will be signed with +the domain key.</p> +") + + // help text + _(" +<p>The public key of the domain key needs to be offered by a Domain Name +Service. The public key will be saved as a DNS TXT record +into <b>/var/db/dkim/[mydomain].public.txt</b> and needs to be deployed to an +according Domain Name Service. If there is a name service +running on this server, which is the authoritative server for that domain the +public key will be added as a TXT record to that domain zone +automatically.</p> +") + + // help text + _("Enabling DKIM support the virus scanning (AMaViS) will be enabled too."), + "get": Get_use_dkim, + "set": Set_use_dkim, + ], `fm_server: $[ "widget": `TextEntry (), // Translators: text entry label -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org