sunfoxcz.dkim
ansible-dkim
Ansible role for setting up Postfix with OpenDKIM, which is a DKIM mail signing implementation for Linux. This role works on Debian-based systems like Ubuntu.
Description
This role sets up DKIM mail signing on servers that act as Mail Transport Agents (MTAs).
The role:
- Installs and configures OpenDKIM,
- Creates private and public DKIM keys for the domains specified in the
dkim_domainsvariable, - Installs Postfix and configures it to send messages from the specified domains to OpenDKIM for signing,
- Provides the DNS records needed to set up the public keys in the domains' public DNS.
Requirements
You need to manage the overall mail setup and have access to the DNS settings for the domains you want to sign. After setup, the role will give you DNS records with the public keys you need to add to your DNS.
Role Variables
Check the comments and default values in the role's file default/main.yml.
OpenDKIM Package Parameters
| Variable | Default Value | Description |
|---|---|---|
dkim_default_config_file: |
/etc/default/opendkim | Default configuration file for OpenDKIM |
dkim_opendkim_config_dir: |
/etc/opendkim | Directory for OpenDKIM configuration |
dkim_user: |
opendkim | Linux user running OpenDKIM |
dkim_group: |
opendkim | Linux group running OpenDKIM |
OpenDKIM Configuration Parameters
| Variable | Default Value | Description |
|---|---|---|
dkim_selector: |
Selector for DKIM Public Key DNS records. Allows associating multiple DKIM Public Keys for the same domain, each for different servers. | |
dkim_admin_email: |
none | Email for managing OpenDKIM. You must set either dkim_admin_email or the older admin_email. |
dkim_trustedhosts: |
['127.0.0.1','localhost'] |
List of trusted hosts for OpenDKIM |
dkim_domains: |
none | Domains that OpenDKIM will sign emails for. A YAML list of DNS entries. |
dkim_same_key: |
true | Specifies if OpenDKIM should use the same key for all domains or a unique key for each one. |
dkim_rsa_keylen: |
2048 | Length of the RSA key generated with opendkim-keygen. Options include 1024, 2048, or 4096. |
Postfix Configuration Variables
| Variable | Default Value | Description |
|---|---|---|
dkim_postfix_config_file: |
/etc/postfix/main.cf | Main configuration file for Postfix |
dkim_postfix_config: |
see vars/main.yml |
Parameters to be set in Postfix configuration. Default setup configures OpenDKIM as a milter in Postfix to sign emails. Additional Postfix parameters can be defined as needed. |
Operational Parameters
| Variable | Default Value | Description |
|---|---|---|
dkim_generate_only: |
false | If set to false, only generates DKIM keys and shows records for DNS publication. If true, generates, shows, deploys to OpenDKIM, and restarts OpenDKIM in one run. |
Example Playbook
---
- hosts: myserver
roles:
- role: sunfoxcz.dkim
# If admin_email variable is given, it will be used as the default for dkim_admin_email
dkim_admin_email: [email protected]
dkim_selector: mail
dkim_domains:
- domain1.tld
- domain2.tld
dkim_same_key: false
License
This is licensed under the MIT license. See LICENSE for more details.