From 8eb813ce0e4d8aa83820190f4350afd99e104413 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Mon, 21 Jun 2021 21:18:56 +0200
Subject: [PATCH] [mailman3] Adapt OpenDKIM configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/mailman.yml                    | 1 +
 group_vars/opendkim.yml                   | 1 +
 roles/opendkim/templates/opendkim.conf.j2 | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index df9f68fb..e65ec8ee 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -79,6 +79,7 @@ loc_opendkim:
   selector: "lists"
   signing:
     - "*@lists.crans.org"
+  sender_headers: "List-Post,Sender,From"
   txt_record: |
     lists._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7jkgGjxZvQDbgFIuqb59lt7O1Jg6DFTSBxFlTfBW+3MF+AFjBR3AZ/UXwDA1vH4UTZqq0fWN6y6wqE/F7+HDjpqZGGuygZWTGVbBxwiKSjc2kq2mz7kLisE3a/jP8kyQDdb7fWrtTw9fxYu+Ygs0744otjRsui/ZK6zbrO8XQfd5UYnj4IGALeIuVFVLmwTY+VL/xWR/UjcfxgAprRfH0ec8PGlrxhpeLhUSJxw3Q6QfTnDsIpWLfJdgxILGa58TmhH6d+faxa1OIP37wswPjkDykmMFsCQJX9P7mXXR0+1FIRhhNpfCRXXj37udbIezDEMfA15rWSoYinPU+x7i6LhfJD7G40p1oDBiaOimZ8D/PUDAtoWRQeFiNOOQmNqDaVwlaOMvIZH2ZFD2I0eJIDb2FBYqhTb5GVyhKPePqT5FZE0s8SXqvYRNUWHuomS79kfo4TC74UPlavIbyCVTFlLi5ujc5RANm/FuH2w3ns1+YAlCeoblzwVdgN+h4/DI5kI88+0Hf+HCfQg+rPQL7ak7Wszo0iWvYUZ8t+IPbNDcVm5YI6koqkWGgfMrC0bDI5r+ZQACK15Fi6x3tV0umhytgRQWG9MyK61diNIc1LFsyL2lD0oOAjlpDlVSpUnXKhjRPq4YdaIojlgGSsWsq8sBhQTCY5DNHUuJLL1iPqsCAwEAAQ=="  ; ----- DKIM key lists for lists.crans.org
   private_key: "{{ vault.opendkim_private_key_mailman }}"
diff --git a/group_vars/opendkim.yml b/group_vars/opendkim.yml
index 2659b3c8..51b1dd14 100644
--- a/group_vars/opendkim.yml
+++ b/group_vars/opendkim.yml
@@ -19,6 +19,7 @@ glob_opendkim:
     - "*.crans.org"
     - "*.crans.fr"
     - "*.crans.eu"
+  sender_headers: ""
   txt_record: |
     mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtwkNVd9Mmz8S4WcfuPk0X2drG39gS8+uxAv8igRILgzWeN8j2hjeZesl8pm/1UTVU87bYcdfUgXiGfQy9nR5p/Vmt2kS7sXk9nsJ/VYENgb3IJQ6paWupSTFMyeKycJ4ZHCEZB/bVvifoG6vLKqW5jpsfCiOcfdcgXATn0UPuVx9t93yRrhoEMntMv9TSodjqd3FKCtJUoh5cNQHo0T6dWKtxoIgNi/mvZ92D/IACwu/XOU+Rq9fnoEI8GukBQUR5AkP0B/JrvwWXWX/3EjY8X37ljEX0XUdq/ShzTl5iK+CM83stgkFUQh/rpww5mnxYEW3X4uirJ7VJHmY4KPoIU+2DPjLQj9Hz63CMWY3Ks2pXWzxD3V+GI1aJTMFOv2LeHnI3ScqFaKj9FR4ZKMb0OW2BEFBIY3J3aeo/paRwdbVCMM7twDtZY9uInR/NhVa1v9hlOxwp4/2pGSKQYoN2CkAZ1Alzwf8M3EONLKeiC43JLYwKH1uBB1oikSVhMnLjG0219XvfG/tphyoOqJR/bCc2rdv5pLwKUl4wVuygfpvOw12bcvnTfYuk/BXzVHg9t4H8k/DJR6GAoeNAapXIS8AfAScF8QdKfplhKLJyQGJ6lQ75YD9IwRAN0oV+8NTjl46lI/C+b7mpfXCew+p6YPwfNvV2shiR0Ez8ZGUQIcCAwEAAQ==" ; ----- DKIM key mail for crans.org
   private_key: "{{ vault.opendkim_private_key }}"
diff --git a/roles/opendkim/templates/opendkim.conf.j2 b/roles/opendkim/templates/opendkim.conf.j2
index dd86771a..8d7c4a69 100644
--- a/roles/opendkim/templates/opendkim.conf.j2
+++ b/roles/opendkim/templates/opendkim.conf.j2
@@ -73,6 +73,8 @@ Mode            sv
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders     From
+{% if opendkim.sender_headers %}SenderHeaders       List-Post,Sender,From{% endif %}
+
 
 ##  resolverconfiguration filename
 ##      default (none)
-- 
GitLab