mirror of
https://github.com/docker-mailserver/docker-mailserver
synced 2024-10-18 10:18:07 +02:00
Rspamd: improve DKIM key generation (#3876)
* correct removal of old files with `--force` `rm` would fail when one of the files is not present, which is quite undesirable log (not harmful until `set -e` is introduced). * use tmp log file ref: https://github.com/docker-mailserver/docker-mailserver/issues/3873#issuecomment-1926736020 * correct indentation
This commit is contained in:
parent
51a3915257
commit
4f222fe256
@ -177,10 +177,14 @@ function _create_keys() {
|
||||
exit 1
|
||||
else
|
||||
_log 'info' "Overwriting existing files as the '--force' option was supplied"
|
||||
rm "${PUBLIC_KEY_FILE}" "${PUBLIC_KEY_DNS_FILE}" "${PRIVATE_KEY_FILE}"
|
||||
[[ -f ${PUBLIC_KEY_FILE} ]] && rm "${PUBLIC_KEY_FILE}"
|
||||
[[ -f ${PUBLIC_KEY_DNS_FILE} ]] && rm "${PUBLIC_KEY_DNS_FILE}"
|
||||
[[ -f ${PRIVATE_KEY_FILE} ]] && rm "${PRIVATE_KEY_FILE}"
|
||||
fi
|
||||
fi
|
||||
|
||||
__create_rspamd_err_log
|
||||
|
||||
# shellcheck disable=SC2310
|
||||
if __do_as_rspamd_user rspamadm \
|
||||
dkim_keygen \
|
||||
@ -188,12 +192,14 @@ function _create_keys() {
|
||||
-d "${DOMAIN}" \
|
||||
"${KEYTYPE_OPTIONS[@]}" \
|
||||
-k "${PRIVATE_KEY_FILE}" \
|
||||
>"${PUBLIC_KEY_FILE}"
|
||||
>"${PUBLIC_KEY_FILE}" \
|
||||
&& ! __filter_rspamd_err_log 'Permission denied' # we also need to check the log for error messages
|
||||
then
|
||||
_log 'info' 'Successfully created DKIM keys'
|
||||
_log 'debug' "Public key written to '${PUBLIC_KEY_FILE}'"
|
||||
_log 'debug' "Private key written to '${PRIVATE_KEY_FILE}'"
|
||||
_log 'info' 'Successfully created DKIM keys'
|
||||
_log 'debug' "Public key written to '${PUBLIC_KEY_FILE}'"
|
||||
_log 'debug' "Private key written to '${PRIVATE_KEY_FILE}'"
|
||||
else
|
||||
__print_rspamd_err_log
|
||||
_exit_with_error 'Creating keys failed'
|
||||
fi
|
||||
}
|
||||
|
@ -5,9 +5,51 @@
|
||||
# Perform a specific command as the Rspamd user (`_rspamd`). This is useful
|
||||
# in case you want to have correct permissions on newly created files or if
|
||||
# you want to check whether Rspamd can perform a specific action.
|
||||
#
|
||||
# @flag ${1} = '--quiet' to indicate whether log should be disabled [OPTIONAL]
|
||||
function __do_as_rspamd_user() {
|
||||
_log 'trace' "Running '${*}' as user '_rspamd'"
|
||||
su _rspamd -s /bin/bash -c "${*}"
|
||||
if [[ ${1:-} != '--quiet' ]]; then
|
||||
_log 'trace' "Running '${*}' as user '_rspamd'"
|
||||
else
|
||||
shift 1
|
||||
fi
|
||||
|
||||
su _rspamd -s /bin/bash -c "${*} 2>${__RSPAMD_ERR_LOG_FILE:-/dev/null}"
|
||||
}
|
||||
|
||||
# Create a temporary log file (with `mktemp`) that one can filter to search
|
||||
# for error messages. This is required as `rspamadm` sometimes prints an error
|
||||
# but does not exit with an error.
|
||||
#
|
||||
# The file created is managed in the ENV `__RSPAMD_ERR_LOG_FILE`. This ENV is
|
||||
# meant for internal usage; do not use it on your scripts. The log file is cleaned
|
||||
# up when the script exits.
|
||||
function __create_rspamd_err_log() {
|
||||
_log 'trace' "Creating Rspamd error log"
|
||||
trap 'rm -f "${__RSPAMD_ERR_LOG_FILE}"' EXIT # cleanup when we exit
|
||||
__RSPAMD_ERR_LOG_FILE=$(__do_as_rspamd_user --quiet mktemp)
|
||||
}
|
||||
|
||||
# Print the Rspamd temporary error log. This will succeed only when the log has been
|
||||
# created before.
|
||||
function __print_rspamd_err_log() {
|
||||
[[ -v __RSPAMD_ERR_LOG_FILE ]] && __do_as_rspamd_user cat "${__RSPAMD_ERR_LOG_FILE}"
|
||||
}
|
||||
|
||||
# Print the Rspamd temporary error log. We use `grep` but with "fixed strings", which
|
||||
# means the message you provide is evaluated as-is, not as a regular expression. This
|
||||
# will succeed only when the log has been created before.
|
||||
#
|
||||
# @param ${1} = message to filter by
|
||||
function __filter_rspamd_err_log() {
|
||||
if [[ -v __RSPAMD_ERR_LOG_FILE ]]; then
|
||||
__do_as_rspamd_user grep \
|
||||
--quiet \
|
||||
--ignore-case \
|
||||
--fixed-strings \
|
||||
"${1:?A message for filtering is required}" \
|
||||
"${__RSPAMD_ERR_LOG_FILE}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Calling this function brings common Rspamd-related environment variables
|
||||
|
Loading…
Reference in New Issue
Block a user