Wrong Public OpenDKIM key in GUI under Debian Stretch

@TheCry

To resume, in next OpenDKIM version, I'll store the record differently:

For i-MSCP version < 1.5.0:

This is needed because the custom DNS module assume only one quoted string as explained in my previous post.

For i-MSCP versions >= 1.5.0

Because the custom DNS module will be fixed to handle multiple quoted-strings.

@TheCry

Just to inform you that this is a bit more long because there are other issues to fix, such as the systemd one This is almost finished and I'm now in testing period.

Changelog will be as follows:

Thank you for your understanding.

@TheCry

Do you have time to test OpenDKIM from incubator?

Bear in mind that if you have edited the /lib/systemd/system/opendkim.service Systemd file manually, things could not work as expected, as the plugin now make usage of the /lib/opendkim/opendkim.service.generate script (Debian Stretch) to generate the Systemd /etc/systemd/system/opendkim.service.d/override.conf file, according state of the /etc/default/opendkim file. Thus, if you have edited that file, don't forget to reset it first

Thanks you.

CHANGELOG is as follow (version 1.3.0):

• Added: `postfix_rundir' and `postfix_user' plugin configuration parameters
• Added: `opendkim_confdir', `opendkim_rundir', `opendkim_user' and `opendkim_group' plugin configuration parameters
• Fixed: Couldn't start OpenDKIM service under Debian 9/Stretch -- Systemd service conffile needs to be overridden
• Fixed: Enable and start OpenDKIM service on plugin activation
• Fixed: Postfix user can't access OpenDKIM socket after system reboot
• Fixed: Reload OpenDKIM service once per process and only when necessary
• Fixed: Stop and disable OpenDKIM service on plugin de-activation
• Fixed: Store TXT-DATA as a single character string (i-MSCP versions lt 1.5.0)
• Fixed: Store TXT-DATA as multiple character strings (i-MSCP versions ge 1.5.0)
• Fixed: TXT-DATA is truncated due to wrong mail.txt file parsing
• Renamed: `OpenDKIM_Socket plugin configuration parameter to `opendkim_socket'
• Renamed: `PostfixMilterSocket' plugin configuration parameter to `postfix_milter_socket'
• Review: Postfix user is now added in OpenDKIM group
• Review: OpenDKIM pidfile and socket are now created with permissions 0660
• Review: OpenDKIM rundir is no longer world-readable

I made my tests against Debian 9.1/Stretch

@TheCry

Fine for me. I did found other issues to fix in meantime. Also, I've just added DKIM ADSP extension support.
I'll release the plugin today and then i-MSCP v1.5.0 just after (I'm already late...).

Final CHANGELOG for OpenDKIM plugin should be as follow:

• Added: `opendkim_adsp_extension' parameter -- Allows to enable/disable DKIM ADSP extension
• Added: `opendkim_adsp_signing_practice` parameter -- Allows to setup ADSP signing practice
• Added: `opendkim_confdir` parameter -- Path to OpenDKIM configuration directory
• Added: `opendkim_group` parameter -- OpenDKIM unix group
• Added: `opendkim_keysize` parameter -- Allows to setup keys size
• Added: `opendkim_user` parameter -- OpenDKIM unix user
• Added: `opendkim_rundir` parameter -- OpenDKIM rundir
• Added: `postfix_rundir` parameter -- Postfix rundir
• Added: OpenDKIM systemd override.conf file for Ubuntu 16.04/Xenial Xerus
• Added: Support for DKIM ADSP (Author Domain Signing Practices) extension
• Enhancement: Make it possible to turn off the verifier mode (needed when used in conjunction with SpamAssassin/DKIM)
• Fixed: Couldn't start OpenDKIM service under Debian 9/Stretch
• Fixed: Postfix user can't access OpenDKIM socket after system reboot
• Fixed: Reload OpenDKIM service once per process and only when necessary
• Fixed: Store TXT-DATA as a single <character-string> (i-MSCP versions lt 1.5.0)
• Fixed: Store TXT-DATA as multiple <character-string>s (i-MSCP versions ge 1.5.0)
• Fixed: TXT-DATA is truncated due to wrong mail.txt file parsing
• Renamed: `OpenDKIM_Socket plugin configuration parameter to `opendkim_socket'
• Renamed: `PostfixMilterSocket' plugin configuration parameter to `postfix_milter_socket'
• Review: Enable and start OpenDKIM service on plugin activation
• Review: OpenDKIM pidfile and socket are now created with permissions 0660
• Review: OpenDKIM rundir is no longer world-readable
• Review: Postfix user is now added into OpenDKIM group (Make Postfix user able to access to the OpenDKIM UDS)
• Review: Stop and disable OpenDKIM service on plugin deactivation
• Rewritten: Backend part of the plugin

@TheCry

So finally, I reworked the plugin a bit to make it more user-friendly, depending on context usage:

Plugin working level

One of things that annoyed me a lot with that plugin was the necessity to activate OpenDKIM manually for each customers. In most cases, users of OpenDKIM plugin want enable DKIM feature for all customers (for all domains, subdomains). Thus, I've added a new plugin configuration parameter which allows to switch between two working levels. These are admin and reseller working levels.

• admin working level: In that working level, the plugin automatically activates DKIM for all customers. Resellers cannot activate/deactivate DKIM by themselves. They can only trigger renewal of their customers's DKIM keys (see above). This is the new default behavior of the plugin.
• reseller working level: In that working level, the plugin doesn't automatically activate DKIM for customers. The decision is left to reseller. This is the historical behavior of the plugin (pre-version 2.0.0).

DKIM keys renewal

Resellers can now trigger renewal of their customers's DKIM keys through their OpenDKIM interface.

DKIM keys display

Keys (DKIM DNS resource record rdata part) are not longer displayed through textarea html tags. They are now displayed through tooltips only which are shown when the mouse pass over a button that allows the customer to easily copy the DKIM key into the clipboard.

Note that DKIM keys are no longer displayed through reseller interface. They are now displayed only in customer OpenDKIM interface, and also through custom DNS resource record listing (i-MSCP core).

DKIM ADSP extension

Support for DKIM ADSP extension has been added. Right now, a DKIM ADSP DNS resource record is added for each domain, including subdomains. See Domain Author Signing Practice for a little overview about this DKIM extension.

Note that this feature can be disabled in the plugin configuration file.

DKIM support for subdomains

In previous version, subdomains were not supported. At least, messages sent from them were not signed. Starting with version 2.0.0, messages sent from a subdomain are signed using the DKIM key of its parent domain, as supported by DKIM. There is no need to add a DKIM DNS resource record for each subdomain.

[hr]

There are other changes/improvement which are more about implementation details and which I'll not enumerate here. You can get them by reading the CHANGELOG of the plugin.

[hr]

Here come some screeshots that should allow you to get an overview of the changes mades:

admin working level (reseller interface):

reseller_new_interface_admin_working_level.png

reseller working level (reseller interface):

reseller_new_interface_reseller_working_level.png

admin/reseller working level (customer interface):

opendkim_new_cusomer_interface.png

[hr]

See also:

• https://github.com/i-MSCP/plug…ubator/OpenDKIM/README.md
• https://github.com/i-MSCP/plug…ubator/OpenDKIM/UPDATE.md
• https://github.com/i-MSCP/plug…ubator/OpenDKIM/CHANGELOG

Sounds really interesting. I already had the demand to sign zones as of reseller-level but finally, without having options, I ended up with stupid clicking However, the reseller-level is really important for me, as some of my resellers don't use my nameserver.
Is there already a planning on when this plugin will be released? Just askin' as my new server will be put into productive within the next days...

OpenDKIM plugin version 2.0.0 RELEASED. See OpenDKIM plugin v2.0.0 RELEASED

Thread closed.