diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-03 18:59:15 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:23 +0200 |
commit | f173319facc43b6ad0934d02a752aefc507727f2 (patch) | |
tree | b743c532052c1b672cfc45d67b2dff5a6e363b47 /roles/amavis | |
parent | e8d53fadb1a9f67f9edbab329cc131103ba1bcd6 (diff) |
Loopia's maximum length for TXT records is 255 chars.
So unfortunately we can't fit a 2048-bits RSA key.
Diffstat (limited to 'roles/amavis')
-rw-r--r-- | roles/amavis/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/amavis/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/amavis/templates/etc/amavis/conf.d/50-user.j2 | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/roles/amavis/handlers/main.yml b/roles/amavis/handlers/main.yml index 1abc299..ab974e6 100644 --- a/roles/amavis/handlers/main.yml +++ b/roles/amavis/handlers/main.yml @@ -3,7 +3,7 @@ service: name=clamav-daemon state=restarted - name: Publish the public key to the DNS zone - # See the output of 'sudo genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key' + # See the output of 'genkeypair.sh dkim --privkey=/path/to/key' fail: "msg={{ dkim.stdout }}" - name: Restart Amavis diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml index 00e8c40..6965c07 100644 --- a/roles/amavis/tasks/main.yml +++ b/roles/amavis/tasks/main.yml @@ -37,7 +37,7 @@ mode=0755 - name: Generate a private key for DKIM signing - command: genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key --dns=outgoing -t rsa -b 2048 + command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024 register: dkim changed_when: dkim.rc == 0 failed_when: dkim.rc > 1 diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 index adafd7f..84814ca 100644 --- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 +++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 @@ -31,7 +31,7 @@ undef $enable_dkim_signing; $enable_dkim_signing = 1; # Sign *all* outgoing mails with *our* key (yes, amavis complains, but this is # safe as we force our domain with the 'd' tag). -dkim_key(qr'^', 'outgoing', '/var/lib/dkim/outgoing.'.$mydomain.'.key'); +dkim_key(qr'^', '20140703', '/var/lib/dkim/20140703.'.$mydomain.'.key'); @dkim_signature_options_bysender_maps = ( { '.' => { d => $mydomain , a => 'rsa-sha256' |