monit-sympa/sympa/recipe/sympa_fix_dkim_dmarc.recipe


								#!/usr/bin/env miaou-recipe


								# CONSTANTS


								GLOBAL_CONF=/etc/sympa/sympa/sympa.conf

								LIST_DATA_DIR=/var/lib/sympa/list_data

								FOUND=false


								# FUNCTIONS


								function fix_dkim_dmarc_global {

									if ! grep -q "^dkim_feature[[:space:]]*on" $GLOBAL_CONF; then

										local sympa_domain=$(grep '^domain' "$GLOBAL_CONF" | cut -f2)

										/opt/miaou-bash/tools/append_or_replace '^dkim_feature.*$' 'dkim_feature    on' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^dkim_signature_apply_on.*$' 'dkim_signature_apply_on  any' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^dkim_parameters.private_key_path.*$' 'dkim_parameters.private_key_path /etc/dkimkeys/mail.private' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^dkim_parameters.selector.*$' 'dkim_parameters.selector  mail' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^dkim_parameters.signer_domain.*$' "dkim_parameters.signer_domain $sympa_domain" $GLOBAL_CONF


										/opt/miaou-bash/tools/append_or_replace '^arc_feature.*$' 'arc_feature on' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^remove_dkim_headers.*$' 'remove_dkim_headers on' $GLOBAL_CONF

										/opt/miaou-bash/tools/append_or_replace '^dmarc_protection.mode*$' 'dmarc_protection.mode   dmarc_reject' $GLOBAL_CONF


										echo 'dkim feature now enabled'

										FOUND=true

									else

										echo 'dkim feature already enabled globally!'

									fi

								}


								function fix_dkim_dmarc_local {

									config_files=$(find $LIST_DATA_DIR -name "config" -type f)

									for i in $config_files; do

										if grep -q -e ^dmarc -e ^dkim $i; then

											FOUND=true

											echo "found problematic configuration in $i"

											remove_section_from_file $i dkim

											remove_section_from_file $i dmarc

										fi

									done

								}


								function remove_section_from_file {

									local file=$1

									local section=$2

									awk "/^$section/{found=1} !found{print} /^$/{found=0}" $file > $file.new

									mv $file.new $file

									chown sympa:sympa $file

								}


								function restart_services {

									$FOUND && systemctl restart sympa wwsympa.socket || true

								}


								# MAIN


								set -Eue

								fix_dkim_dmarc_global

								fix_dkim_dmarc_local

								restart_services