OpenDKIM setup. (#196)

* OpenDKIM setup.

see #173

* Fixed unit tests.

* Fixed mysql syntax.

modoboa_installer/scripts/files/modoboa/crontab.tpl

@@ -33,4 +33,4 @@ INSTANCE=%{instance_path}
 0       *       *       *       *       root    $PYTHON $INSTANCE/manage.py communicate_with_public_api
 
 # Generate DKIM keys (they will belong to the user running this job)
-*       *       *       *       *       root    $PYTHON $INSTANCE/manage.py modo manage_dkim_keys
+%{opendkim_enabled}*       *       *       *       *       %{opendkim_user}    $PYTHON $INSTANCE/manage.py modo manage_dkim_keys

modoboa_installer/scripts/files/opendkim/dkim_view_mysql.sql

@@ -0,0 +1,5 @@
+CREATE OR REPLACE VIEW dkim AS (
+  SELECT id, name as domain_name, dkim_private_key_path AS private_key_path,
+          dkim_key_selector AS selector
+  FROM admin_domain WHERE enable_dkim=1
+);

modoboa_installer/scripts/files/opendkim/dkim_view_postgres.sql

@@ -0,0 +1,5 @@
+CREATE OR REPLACE VIEW dkim AS (
+  SELECT id, name as domain_name, dkim_private_key_path AS private_key_path,
+          dkim_key_selector AS selector
+  FROM admin_domain WHERE enable_dkim
+);

modoboa_installer/scripts/files/opendkim/opendkim.conf.tpl

@@ -0,0 +1,89 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog			yes
+LogWhy			Yes
+SyslogSuccess   	Yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask			007
+
+# Sign for example.com with key in /etc/dkimkeys/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+#Domain			example.com
+#KeyFile		/etc/dkimkeys/dkim.key
+#Selector		2007
+
+KeyTable		dsn:%{db_driver}://%{db_user}:%{db_password}@%{dbhost}/%{db_name}/table=dkim?keycol=id?datacol=domain_name,selector,private_key_path
+SigningTable		dsn:%db_driver://%{db_user}:%{db_password}@%{dbhost}/%{db_name}/table=dkim?keycol=domain_name?datacol=id
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization	simple
+#Mode			sv
+SubDomains		yes	
+Canonicalization        relaxed/relaxed
+
+# Socket smtp://localhost
+#
+# ##  Socket socketspec
+# ##
+# ##  Names the socket where this filter should listen for milter connections
+# ##  from the MTA.  Required.  Should be in one of these forms:
+# ##
+# ##  inet:port@address           to listen on a specific interface
+# ##  inet:port                   to listen on all interfaces
+# ##  local:/path/to/socket       to listen on a UNIX domain socket
+#
+Socket                  inet:%{port}@localhost
+#Socket			local:/var/run/opendkim/opendkim.sock
+
+##  PidFile filename
+###      default (none)
+###
+###  Name of the file where the filter should write its pid before beginning
+###  normal operations.
+#
+PidFile               /var/run/opendkim/opendkim.pid
+
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders		From
+
+##  ResolverConfiguration filename
+##      default (none)
+##
+##  Specifies a configuration file to be passed to the Unbound library that
+##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
+##  documentation at http://unbound.net for the expected content of this file.
+##  The results of using this and the TrustAnchorFile setting at the same
+##  time are undefined.
+##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
+##  unbound package
+
+# ResolverConfiguration     /etc/unbound/unbound.conf
+
+##  TrustAnchorFile filename
+##      default (none)
+##
+## Specifies a file from which trust anchor data should be read when doing
+## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
+## at http://unbound.net for the expected format of this file.
+
+# TrustAnchorFile       /usr/share/dns/root.key
+
+##  Userid userid
+###      default (none)
+###
+###  Change to user "userid" before starting normal operation?  May include
+###  a group ID as well, separated from the userid by a colon.
+#
+UserID                %{user}
+
+ExternalIgnoreList      /etc/opendkim.hosts
+InternalHosts           /etc/opendkim.hosts

modoboa_installer/scripts/files/opendkim/opendkim.hosts.tpl

@@ -0,0 +1,3 @@
+127.0.0.1
+::1
+localhost

modoboa_installer/scripts/files/postfix/main.cf.tpl

@@ -111,6 +111,12 @@ strict_rfc821_envelopes = yes
 %{dovecot_enabled}    $lmtp_sasl_auth_cache_name
 %{dovecot_enabled}    $address_verify_map
 
+# OpenDKIM setup
+%{opendkim_enabled}smtpd_milters = inet:127.0.0.1:%{opendkim_port}
+%{opendkim_enabled}non_smtpd_milters = inet:127.0.0.1:%{opendkim_port}
+%{opendkim_enabled}milter_default_action = accept
+%{opendkim_enabled}milter_content_timeout = 30s
+
 # List of authorized senders
 smtpd_sender_login_maps =
         proxy:%{db_driver}:/etc/postfix/sql-sender-login-map.cf