Fix DKIM config

This commit is contained in:
Gonne 2025-03-25 21:03:15 +01:00
parent c078a05ad0
commit 386b2df01f
Signed by: Gonne
SSH key fingerprint: SHA256:J8w3ZCNyz9MoTLV+eU7YRTVw59NYig44i0IWhbsgQG8

View file

@ -66,6 +66,7 @@ in {
openFirewall = true; openFirewall = true;
settings = { settings = {
server = { server = {
tracer.stdout.level = "trace";
hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO. hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO.
listener = { listener = {
"smtp" = { "smtp" = {
@ -240,7 +241,7 @@ in {
private-key = "%{file:/run/secrets/dkim_rsa}%"; private-key = "%{file:/run/secrets/dkim_rsa}%";
domain = "${domain}"; domain = "${domain}";
selector = "rsa-default"; selector = "rsa-default";
headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures headers = ["From" "To" "Cc" "Subject" "Date" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks
algorithm = "rsa-sha256"; algorithm = "rsa-sha256";
canonicalization = "relaxed/relaxed"; canonicalization = "relaxed/relaxed";
}; };
@ -248,13 +249,13 @@ in {
private-key = "%{file:/run/secrets/dkim_ed25519}%"; private-key = "%{file:/run/secrets/dkim_ed25519}%";
domain = "${domain}"; domain = "${domain}";
selector = "ed-default"; selector = "ed-default";
headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"]; headers = ["From" "To" "Cc" "Subject" "Date" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks
algorithm = "ed25519-sha256"; algorithm = "ed25519-sha256";
canonicalization = "relaxed/relaxed"; canonicalization = "relaxed/relaxed";
}; };
}; };
in in
map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains)); lib.attrsets.mergeAttrsList (map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains)));
authentication.fallback-admin = { authentication.fallback-admin = {
user = "admin"; user = "admin";