function build()
{
$sock = new sockets();
$EnableDKFilter = $sock->GET_INFO("EnableDkimMilter");
$conf = unserialize(base64_decode($sock->GET_INFO("DkimMilterConfig")));
if ($EnableDKFilter == null) {
$EnableDKFilter = 0;
}
if ($conf["On-BadSignature"] == null) {
$conf["On-BadSignature"] = "accept";
}
if ($conf["On-NoSignature"] == null) {
$conf["On-NoSignature"] = "accept";
}
if ($conf["On-DNSError"] == null) {
$conf["On-DNSError"] = "tempfail";
}
if ($conf["On-InternalError"] == null) {
$conf["On-InternalError"] = "accept";
}
if ($conf["On-Security"] == null) {
$conf["On-Security"] = "tempfail";
}
if ($conf["On-Default"] == null) {
$conf["On-Default"] = "accept";
}
if ($conf["ADSPDiscard"] == null) {
$conf["ADSPDiscard"] = "1";
}
if ($conf["ADSPNoSuchDomain"] == null) {
$conf["ADSPNoSuchDomain"] = "1";
}
if (trim($conf["SignOutgoing"]) == null) {
$conf["SignOutgoing"] = "1";
}
while (list($key, $value) = each($conf)) {
if ($value == "1") {
$conf[$key] = "yes";
}
if ($value == "0") {
$conf[$key] = "no";
}
}
if ($conf["SignOutgoing"] == "yes") {
$mode = "s";
echo "Starting......: milter-dkim sign outgoing mails\n";
}
if ($conf["VerifyIncoming"] == "yes") {
$mode = $mode . "v";
echo "Starting......: milter-dkim verify incoming mails\n";
}
$f[] = "";
$f[] = "ADSPDiscard\t\t\t{$conf["ADSPDiscard"]}";
$f[] = "ADSPNoSuchDomain\t\t{$conf["ADSPNoSuchDomain"]}";
$f[] = "AllowSHA1Only\t\t\tno";
$f[] = "AlwaysAddARHeader\t\tno";
$f[] = "AutoRestart\t\t\tyes";
$f[] = "AutoRestartCount\t\t2";
$f[] = "AutoRestartRate\t\t10/1h";
$f[] = "Background\t\t\tYes";
$f[] = "BaseDirectory\t\t\t/var/run/dkim-filter";
$f[] = "BodyLengths\t\t\tNo";
$f[] = "Canonicalization\t\tsimple/simple";
$f[] = "ClockDrift\t\t\t300 ";
$f[] = "Diagnostics\t\t\tyes";
$f[] = "DNSTimeout\t\t\t10";
$f[] = "#Domain\t\t\t\texample.com";
$f[] = "EnableCoredumps\t\tno";
$f[] = "ExternalIgnoreList\t/etc/mail/dkim/trusted-hosts";
$f[] = "FixCRLF \t\t\t\tno";
$f[] = "InternalHosts\t\t\t/etc/mail/dkim/trusted-hosts";
$f[] = "KeepTemporaryFiles\tno";
$f[] = "KeyList \t\t\t\t/etc/mail/dkim/keylist";
$f[] = "LogWhy\t\t\t\tyes";
$f[] = "MilterDebug\t\t\t0";
$f[] = "Mode\t\t\t\t\t{$mode}";
$f[] = "On-Default \t{$conf["On-Default"]}";
$f[] = "On-BadSignature \t{$conf["On-BadSignature"]}";
$f[] = "On-DNSError \t{$conf["On-DNSError"]}";
$f[] = "On-InternalError \t{$conf["On-InternalError"]}";
$f[] = "On-NoSignature \t{$conf["On-NoSignature"]}";
$f[] = "On-Security \t{$conf["On-Security"]}";
$f[] = "#PeerList\t\t\t\tfilename // whitlies";
$f[] = "PidFile\t\t\t\t/var/run/dkim-milter/dkim-milter.pid";
$f[] = "Quarantine\t\t\tNo";
$f[] = "#QueryCache\t\t\tyes";
$f[] = "RemoveARAll\t\t\tNo";
$f[] = "RemoveOldSignatures\tNo";
$f[] = "ReportAddress\t\t\tpostmaster@example.com";
$f[] = "RequiredHeaders\t\tNo";
$f[] = "Selector\t\t\t\tdefault";
$f[] = "SendADSPReports\t\tNo";
$f[] = "SendReports\t\t\tNo";
$f[] = "SignatureAlgorithm\trsa-sha256";
$f[] = "SignatureTTL\t\t\t0";
$f[] = "Socket\t\t\t\tlocal:/var/run/dkim-milter/dkim-milter.sock";
$f[] = "StrictTestMode\t\tno";
$f[] = "Syslog\t\t\t\tyes";
$f[] = "SyslogFacility\t\tmail";
$f[] = "SyslogSuccess\t\t\tyes";
$f[] = "TemporaryDirectory\t/var/tmp";
$f[] = "UMask\t\t\t\t\t022";
$f[] = "UserID\t\t\t\tpostfix";
$f[] = "X-Header\t\t\t\tyes";
$f[] = "";
/*
* KeyList (string)
Gives the location of a file listing rules for signing with mul‐tiple keys. If present, overrides any KeyFile
setting in the conifguration file. The file named here should contain a set of lines of the form
sender‐pattern:signing‐domain:keypath where sender‐pattern is a pattern to match against message senders
(with the special character "*" interpreted as "zero or more characters"), signing‐domain is the domain to announce as
the signing domain when generating signatures, and keypath is the path to the PEM‐formatted private key to be used for signing messages which match the sender‐pattern.
The selector used in the signature will be the filename portion of keypath.
If the file referenced by keypath cannot be opened, the
filter will try again by appending ".pem" and then ".private" before giving up
*/
//http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
@mkdir("/etc/dkim-milter", null, true);
@file_put_contents("/etc/dkim-milter/dkim-milter.conf", @implode("\n", $f));
keyTable();
WhitelistDomains();
WhitelistHosts();
MyNetworks();
echo "Starting......: milter-dkim Apply permissions...\n";
shell_exec("/bin/chmod 755 /etc/mail/dkim >/dev/null 2>&1");
shell_exec("/bin/chmod 755 /etc/mail/dkim/keys >/dev/null 2>&1");
shell_exec("/bin/chmod 750 /etc/mail/dkim/keys/* >/dev/null 2>&1");
shell_exec("/bin/chmod 640 /etc/mail/dkim/keys/*/* >/dev/null 2>&1");
shell_exec("/bin/chown -R postfix:postfix /etc/mail/dkim >/dev/null 2>&1");
echo "Starting......: milter-dkim Apply permissions done...\n";
}
function build()
{
$sock = new sockets();
$EnableDKFilter = $sock->GET_INFO("EnableDKFilter");
$conf = unserialize(base64_decode($sock->GET_INFO("OpenDKIMConfig")));
if ($EnableDKFilter == null) {
$EnableDKFilter = 0;
}
$DisconnectDKFilter = $sock->GET_INFO("DisconnectDKFilter");
if (!is_numeric($DisconnectDKFilter)) {
$DisconnectDKFilter = 0;
}
if ($DisconnectDKFilter == 1) {
return;
}
if ($conf["On-BadSignature"] == null) {
$conf["On-BadSignature"] = "accept";
}
if ($conf["On-NoSignature"] == null) {
$conf["On-NoSignature"] = "accept";
}
if ($conf["On-DNSError"] == null) {
$conf["On-DNSError"] = "tempfail";
}
if ($conf["On-InternalError"] == null) {
$conf["On-InternalError"] = "accept";
}
if ($conf["On-Security"] == null) {
$conf["On-Security"] = "tempfail";
}
if ($conf["On-Default"] == null) {
$conf["On-Default"] = "accept";
}
if ($conf["ADSPDiscard"] == null) {
$conf["ADSPDiscard"] = "1";
}
if ($conf["ADSPNoSuchDomain"] == null) {
$conf["ADSPNoSuchDomain"] = "1";
}
if ($conf["DomainKeysCompat"] == null) {
$conf["DomainKeysCompat"] = "0";
}
if ($conf["OpenDKIMTrustInternalNetworks"] == null) {
$conf["OpenDKIMTrustInternalNetworks"] = "1";
}
if ($conf["DomainKeysCompat"] == 1) {
$f[] = "DomainKeysCompat\t\t {$conf["DomainKeysCompat"]}";
}
$f[] = "ADSPNoSuchDomain {$conf["ADSPNoSuchDomain"]}";
//$f[]="ADSPDiscard {$conf["ADSPDiscard"]}";
$f[] = "AutoRestart 1";
$f[] = "AutoRestartRate 10/1h";
$f[] = "Canonicalization simple/simple";
$f[] = "ExemptDomains\t\t\t refile:/etc/mail/dkim/trusted-domains";
$f[] = "ExternalIgnoreList refile:/etc/mail/dkim/trusted-hosts";
$f[] = "InternalHosts refile:/etc/mail/dkim/internal-hosts";
$f[] = "KeyTable file:/etc/mail/dkim/keyTable";
$f[] = "SigningTable refile:/etc/mail/dkim/signingTable";
$f[] = "LogWhy Yes";
$f[] = "On-Default {$conf["On-Default"]}";
$f[] = "On-BadSignature {$conf["On-BadSignature"]}";
$f[] = "On-DNSError {$conf["On-DNSError"]}";
$f[] = "On-InternalError {$conf["On-InternalError"]}";
$f[] = "On-NoSignature {$conf["On-NoSignature"]}";
$f[] = "On-Security {$conf["On-Security"]}";
$f[] = "PidFile {$GLOBALS["PID_FILE"]}";
$f[] = "SignatureAlgorithm rsa-sha256";
$f[] = "Socket local:/var/run/opendkim/opendkim.sock";
$f[] = "Syslog Yes";
$f[] = "SyslogSuccess Yes";
$f[] = "TemporaryDirectory /var/tmp";
$f[] = "UMask 022";
$f[] = "UserID postfix:postfix";
$f[] = "X-Header Yes";
@file_put_contents("/etc/opendkim.conf", @implode("\n", $f));
keyTable();
WhitelistDomains();
WhitelistHosts();
MyNetworks($conf["OpenDKIMTrustInternalNetworks"]);
SetPermissions();
}
function build()
{
$sock = new sockets();
$EnableDKFilter = $sock->GET_INFO("EnableDKFilter");
$conf = unserialize(base64_decode($sock->GET_INFO("OpenDKIMConfig")));
if ($EnableDKFilter == null) {
$EnableDKFilter = 0;
}
if ($conf["On-BadSignature"] == null) {
$conf["On-BadSignature"] = "accept";
}
if ($conf["On-NoSignature"] == null) {
$conf["On-NoSignature"] = "accept";
}
if ($conf["On-DNSError"] == null) {
$conf["On-DNSError"] = "tempfail";
}
if ($conf["On-InternalError"] == null) {
$conf["On-InternalError"] = "accept";
}
if ($conf["On-Security"] == null) {
$conf["On-Security"] = "tempfail";
}
if ($conf["On-Default"] == null) {
$conf["On-Default"] = "accept";
}
if ($conf["ADSPDiscard"] == null) {
$conf["ADSPDiscard"] = "1";
}
if ($conf["ADSPNoSuchDomain"] == null) {
$conf["ADSPNoSuchDomain"] = "1";
}
if ($conf["DomainKeysCompat"] == null) {
$conf["DomainKeysCompat"] = "0";
}
if ($conf["OpenDKIMTrustInternalNetworks"] == null) {
$conf["OpenDKIMTrustInternalNetworks"] = "1";
}
if ($conf["DomainKeysCompat"] == 1) {
$f[] = "DomainKeysCompat\t\t {$conf["DomainKeysCompat"]}";
}
$f[] = "ADSPNoSuchDomain {$conf["ADSPNoSuchDomain"]}";
$f[] = "ADSPDiscard \t {$conf["ADSPDiscard"]}";
$f[] = "AutoRestart 1";
$f[] = "AutoRestartRate 10/1h";
$f[] = "Canonicalization simple/simple";
$f[] = "ExemptDomains\t\t\t refile:/etc/mail/dkim/trusted-domains";
$f[] = "ExternalIgnoreList refile:/etc/mail/dkim/trusted-hosts";
$f[] = "InternalHosts refile:/etc/mail/dkim/internal-hosts";
$f[] = "KeyTable file:/etc/mail/dkim/keyTable";
$f[] = "SigningTable refile:/etc/mail/dkim/signingTable";
$f[] = "LogWhy Yes";
$f[] = "On-Default {$conf["On-Default"]}";
$f[] = "On-BadSignature {$conf["On-BadSignature"]}";
$f[] = "On-DNSError {$conf["On-DNSError"]}";
$f[] = "On-InternalError {$conf["On-InternalError"]}";
$f[] = "On-NoSignature {$conf["On-NoSignature"]}";
$f[] = "On-Security {$conf["On-Security"]}";
$f[] = "PidFile /var/run/opendkim/opendkim.pid";
$f[] = "SignatureAlgorithm rsa-sha256";
$f[] = "Socket local:/var/run/opendkim/opendkim.sock";
$f[] = "Syslog Yes";
$f[] = "SyslogSuccess Yes";
$f[] = "TemporaryDirectory /var/tmp";
$f[] = "UMask 022";
$f[] = "UserID postfix:postfix";
$f[] = "X-Header Yes";
@file_put_contents("/etc/opendkim.conf", @implode("\n", $f));
keyTable();
WhitelistDomains();
WhitelistHosts();
MyNetworks($conf["OpenDKIMTrustInternalNetworks"]);
echo "Starting......: opendkim Apply permissions...\n";
shell_exec("/bin/chmod 755 /etc/mail/dkim >/dev/null 2>&1");
shell_exec("/bin/chmod 755 /etc/mail/dkim/keys >/dev/null 2>&1");
shell_exec("/bin/chmod 750 /etc/mail/dkim/keys/* >/dev/null 2>&1");
shell_exec("/bin/chmod 640 /etc/mail/dkim/keys/*/* >/dev/null 2>&1");
shell_exec("/bin/chown -R postfix:postfix /etc/mail/dkim >/dev/null 2>&1");
echo "Starting......: opendkim Apply permissions done...\n";
}
