summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-03 18:59:15 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:23 +0200
commitf173319facc43b6ad0934d02a752aefc507727f2 (patch)
treeb743c532052c1b672cfc45d67b2dff5a6e363b47 /roles
parente8d53fadb1a9f67f9edbab329cc131103ba1bcd6 (diff)
Loopia's maximum length for TXT records is 255 chars.
So unfortunately we can't fit a 2048-bits RSA key.
Diffstat (limited to 'roles')
-rw-r--r--roles/amavis/handlers/main.yml2
-rw-r--r--roles/amavis/tasks/main.yml2
-rw-r--r--roles/amavis/templates/etc/amavis/conf.d/50-user.j22
3 files changed, 3 insertions, 3 deletions
diff --git a/roles/amavis/handlers/main.yml b/roles/amavis/handlers/main.yml
index 1abc299..ab974e6 100644
--- a/roles/amavis/handlers/main.yml
+++ b/roles/amavis/handlers/main.yml
@@ -3,7 +3,7 @@
service: name=clamav-daemon state=restarted
- name: Publish the public key to the DNS zone
- # See the output of 'sudo genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key'
+ # See the output of 'genkeypair.sh dkim --privkey=/path/to/key'
fail: "msg={{ dkim.stdout }}"
- name: Restart Amavis
diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml
index 00e8c40..6965c07 100644
--- a/roles/amavis/tasks/main.yml
+++ b/roles/amavis/tasks/main.yml
@@ -37,7 +37,7 @@
mode=0755
- name: Generate a private key for DKIM signing
- command: genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key --dns=outgoing -t rsa -b 2048
+ command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024
register: dkim
changed_when: dkim.rc == 0
failed_when: dkim.rc > 1
diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
index adafd7f..84814ca 100644
--- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
+++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
@@ -31,7 +31,7 @@ undef $enable_dkim_signing;
$enable_dkim_signing = 1;
# Sign *all* outgoing mails with *our* key (yes, amavis complains, but this is
# safe as we force our domain with the 'd' tag).
-dkim_key(qr'^', 'outgoing', '/var/lib/dkim/outgoing.'.$mydomain.'.key');
+dkim_key(qr'^', '20140703', '/var/lib/dkim/20140703.'.$mydomain.'.key');
@dkim_signature_options_bysender_maps = (
{ '.' => { d => $mydomain
, a => 'rsa-sha256'