Improve DKIM support #485
Improve DKIM support #485
Conversation
There was a problem hiding this comment.
I left a couple of random comments about .env, but I'm thinking that @lognaturel should take the first look at this PR.
.env.template
Outdated
| # Optional: configure DKIM. Do not change these values. | ||
| # DKIM_HOST_KEY=./files/dkim/rsa.private | ||
| # DKIM_CONTAINER_KEY=/etc/exim4/dkim.key.temp |
There was a problem hiding this comment.
What do you think about moving these values closer to the EMAIL_* config? (Below them?) I feel like it's nice to keep thematically related config closer together.
.env.template
Outdated
| @@ -11,6 +11,10 @@ SSL_TYPE=letsencrypt | |||
| HTTP_PORT=80 | |||
| HTTPS_PORT=443 | |||
|
|
|||
| # Optional: configure DKIM. Do not change these values. | |||
There was a problem hiding this comment.
I probably missed the explanation, but just looking at this file, I feel unclear about whether these values are meant to configurable. If they're not configurable, I feel like we should try hard not to include them in this file, because it'd be one more thing for users to try to understand. Maybe there's something with variable defaults we could do in docker-compose.yml. (Defaults can be nested I think, if that helps.) On the other hand, if these values are configurable, I think we should soften the wording of "Do not change these values."
There was a problem hiding this comment.
Another idea: maybe a DKIM_ENABLED variable that's true or false, similar to OIDC_ENABLED?
yanokwa
force-pushed
the
update-smtp-container
branch
3 times, most recently
from
41db24e to
5ccffc4
Compare
|
@lognaturel and I have found ways to move the variables out of docker-compose. We've done this by creating an entirely new folder ( We've updated .gitignore to make sure the I've sent in a PR to ix-ai/smtp#30 to only enable DKIM if the file has more than zero bytes, but I've also confirmed that mail sending works even if DKIM is enabled with an empty file. It sends, but includes an error message in the log. Todo:
|
yanokwa
force-pushed
the
update-smtp-container
branch
5 times, most recently
from
fd8fe6d to
f740190
Compare
|
I have verified this works on a clean install.
I have verified this works on a install with a working DKIM, which admittedly is rare because someone would have to know to remove the config and rsa.private directories from the existing install and rebuild the mail container. But assuming that, I did the following:
|
yanokwa
force-pushed
the
update-smtp-container
branch
from
f740190 to
89f47c1
Compare
| volumes: | ||
| - ./files/dkim/config:/etc/exim4/_docker_additional_macros:ro |
There was a problem hiding this comment.
Is this because it's considered there's no need for further configuration beyond the private key?
There was a problem hiding this comment.
Correct. It's now in the upstream container: https://github.com/ix-ai/smtp/blob/master/entrypoint.sh#L61
There was a problem hiding this comment.
config.disabled can be removed because those rules are now baked into the container.
DKIM is essentially a requirement to get emails delivered, so my high-level goal is to make it easier to turn on, without having to risk merge conflicts. Some things that you should know about the SMTP container.
rsa.emptyis there as a place holder in the compose file. It prevent that from happening.rsa.privatefile at/etc/exim4/dkim.key.tempso that's why that's hard coded in the compose file.DKIM_KEY_PATHhas a value, so by default, we set it to empty, viaDKIM_CONTAINER_KEYto disable it. Only whenDKIM_CONTAINER_KEYhas a value will DKIM be enabled. And the container expects this value to be the same as the container location of the mapped file, so that's why the .env has that value hard coded.I don't love how confusing this is, but it's the best I could think of. Open to feedback.
What has been done to verify that this works as intended?
I confirmed that, after rebuild, emails send after removing
rsa.privateandrsa.publicfiles and with theDKIM_*in the env file commented out. The emails are not DKIM enabled when they are received.I've also confirmed, after rebuild, that emails send after adding
rsa.privateandrsa.publicfiles and with theDKIM_*enabled. The emails are DKIM enabled.Why is this the best possible solution? Were any other approaches considered?
I considered just changing the permissions on
rsa.privateand leaving our implementation as is, but that's not as secure.It could be nicer if the upstream container generated the keys. That'd simplify things, but it feels out of scope.
Honestly, we should consider removing this SMTP container entirely and ask that people use an upstream mail service. That's what Discourse, Ghost, etc, do.
How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?
If you already have DKIM support, all you need to do is add values to .env and it should now work because the permissions will actually be correct. That said, I have not tried an upgrade.
Does this change require updates to documentation? If so, please file an issue here and include the link below.
getodk/docs#1655
Before submitting this PR, please make sure you have: