PoC rspamd use dkimkeys from admin using vault api

master
Alexander Graf 3 years ago
parent 8c8c1b2015
commit 893705169e

@ -1,3 +1,3 @@
__all__ = [ __all__ = [
'auth', 'postfix', 'dovecot', 'fetch' 'auth', 'postfix', 'dovecot', 'fetch', 'rspamd'
] ]

@ -0,0 +1,30 @@
from mailu import models, dkim
from mailu.internal import internal
import flask
def vault_error(*messages, status=404):
return flask.make_response(flask.jsonify({'errors':messages}), status)
# rspamd key format:
# {"selectors":[{"pubkey":"...","domain":"...","valid_start":TS,"valid_end":TS,"key":"...","selector":"...","bits":...,"alg":"..."}]}
# hashicorp vault answer format:
# {"request_id":"...","lease_id":"","renewable":false,"lease_duration":2764800,"data":{...see above...},"wrap_info":null,"warnings":null,"auth":null}
@internal.route("/rspamd/vault/v1/dkim/<domain_name>")
def rspamd_dkim_key(domain_name):
domain = models.Domain.query.get(domain_name) or flask.abort(vault_error('unknown domain'))
key = domain.dkim_key or flask.abort(vault_error('no dkim key', status=400))
return flask.jsonify({
'data': {
'selectors': [
{
'domain' : domain.name,
'key' : key.decode('utf8'),
'selector': 'dkim',
}
]
}
})

@ -1,4 +1,6 @@
try_fallback = true; try_fallback = false;
path = "/dkim/$domain.$selector.key";
selector = "dkim"
use_esld = false; use_esld = false;
allow_username_mismatch = true;
use_vault = true;
vault_url = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/vault";
vault_token = "mailu";

@ -1,4 +1,6 @@
try_fallback = true; try_fallback = false;
path = "/dkim/$domain.$selector.key";
use_esld = false; use_esld = false;
allow_username_mismatch = true; allow_username_mismatch = true;
use_vault = true;
vault_url = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/vault";
vault_token = "mailu";

@ -11,6 +11,7 @@ log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
# Actual startup script # Actual startup script
os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis") os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis")
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
if os.environ.get("ANTIVIRUS") == 'clamav': if os.environ.get("ANTIVIRUS") == 'clamav':
os.environ["ANTIVIRUS_ADDRESS"] = system.get_host_address_from_environment("ANTIVIRUS", "antivirus:3310") os.environ["ANTIVIRUS_ADDRESS"] = system.get_host_address_from_environment("ANTIVIRUS", "antivirus:3310")

Loading…
Cancel
Save