update configs

89851383 · John L · 6c6cebd2 · 89851383 · 89851383 · 89851383
Commit 89851383 authored Sep 12, 2018 by John L
--- a/cpanfile
+++ b/cpanfile
@@ -257,6 +257,10 @@ feature 'Mail::DKIM::Verifier', 'Required in order to use DKIM features (both fo
    requires 'Mail::DKIM::Verifier', '>= 0.37';
 };

+feature 'Mail::DKIM::ARC::Signer', 'Required in order to use ARC features to add ARC seals.' => sub {
+    requires 'Mail::DKIM::ARC::Signer', '>= 0.53';
+};
+
 feature 'Net::DNS', 'This is required if you set a value for "dmarc_protection_mode" which requires DNS verification.' => sub {
    requires 'Net::DNS', '>= 0.65';
 };

--- a/default/edit_list.conf
+++ b/default/edit_list.conf
@@ -140,6 +140,9 @@ dkim_parameters			owner,privileged_owner 		hidden
 dkim_signature_apply_on		listmaster	 		write
 dkim_signature_apply_on		owner,privileged_owner 		hidden

+arc_parameters			listmaster			write
+arc_parameters			owner,privileged_owner		hidden
+
 create_list_request.tt2		owner,privileged_owner 		hidden

 list_created.tt2 		owner,privileged_owner 		hidden

--- a/default/web_tt2/nav.tt2
+++ b/default/web_tt2/nav.tt2
@@ -172,7 +172,8 @@
        [% IF group == 'data_source' %][% SET class = 'active' %][% ELSE %][% SET class = '' %][% END %]
             <li class="[% class %]"><a href="[% 'edit_list_request' | url_rel([list,'data_source']) %]" >[%|loc%]Data sources setup[%END%]</a></li>
        [% IF group == 'dkim' %][% SET class = 'active' %][% ELSE %][% SET class = '' %][% END %]
-             <li class="[% class %]"><a href="[% 'edit_list_request' | url_rel([list,'dkim']) %]" >[%|loc%]DKIM[%END%]</a></li>
+             <li class="[% class %]"><a href="[% 'edit_list_request' | url_rel([list,'dkim']) %]"
+	     >[%|loc%]DKIM/ARC/DMARC[%END%]</a></li>
        [% IF action == 'editfile' && selected_file == 'description_templates' %][% SET class = 'active' %][% ELSE %][% SET class = '' %][% END %]
            <li class="[% class %]"><a href="[% 'editfile' | url_rel([list,'description_templates']) %]">[%|loc%]List description/homepage[%END%]</a></li>
        [% IF action == 'editfile' && selected_file == 'message_templates' %][% SET class = 'active' %][% ELSE %][% SET class = '' %][% END %]

--- a/src/lib/Sympa/ConfDef.pm
+++ b/src/lib/Sympa/ConfDef.pm
@@ -1862,6 +1862,46 @@ our @params = (
        'optional' => '1',
        'file'     => 'sympa.conf',
    },
+    {   'name'       => 'dkim_arc_feature',
+        'gettext_id' => 'Enable ARC',
+        'gettext_comment' =>
+            'If set to "on", Sympa may add ARC seals to outgoing messages.',
+        'default' => 'off',
+        'vhost'   => '1',
+        'file'    => 'sympa.conf',
+    },
+    {   'name'       => 'dkim_arc_srvid',
+        'gettext_id' => 'SRV ID for Authentication-Results used in ARC seal',
+        'gettext_comment' =>
+            'Default is the domain used for ARC seals',
+        'vhost'    => '1',
+        'optional' => '1',
+        'file'     => 'sympa.conf',
+    },
+    {   'name'       => 'dkim_arc_signer_domain',
+        'vhost'      => '1',
+        'gettext_id' => 'The "d=" tag as defined in ARC',
+        'gettext_comment' =>
+            'The ARC "d=" tag is the domain of the signing entity. The DKIM d= domain name is used as its default value',
+        'optional' => '1',
+        'file'     => 'sympa.conf',
+    },
+    {   'name'       => 'dkim_arc_selector',
+        'gettext_id' => 'Selector for DNS lookup of ARC public key',
+        'gettext_comment' =>
+            'The selector is used in order to build the DNS query for public key. It is up to you to choose the value you want but verify that you can query the public DKIM key for "<selector>._domainkey.your_domain". Default is the same selector as for DKIM signatures',
+        'vhost'    => '1',
+        'optional' => '1',
+        'file'     => 'sympa.conf',
+    },
+    {   'name'       => 'dkim_arc_private_key_path',
+        'vhost'      => '1',
+        'gettext_id' => 'File path for ARC private key',
+        'gettext_comment' =>
+            'The file must contain a PEM encoded private key. Defaults to same file as DKIM private key',
+        'optional' => '1',
+        'file'     => 'sympa.conf',
+    },
    # Not yet implemented.
    #{
    #    name => 'dkim_header_list',

--- a/src/lib/Sympa/ListDef.pm
+++ b/src/lib/Sympa/ListDef.pm
@@ -2153,8 +2153,72 @@ our %pinfo = (
        'default'    => {'conf' => 'dkim_signature_apply_on'}
    },

+    'arc_parameters' => {
+        order        => 70.04,
+        'group'      => 'dkim',
+        'gettext_id' => "ARC configuration",
+        'gettext_comment' =>
+            'A set of parameters in order to define outgoing ARC seal',
+        'format' => {
+            'arc_private_key_path' => {
+                'order'      => 1,
+                'gettext_id' => "File path for list ARC private key",
+                'gettext_comment' =>
+                    "The file must contain a RSA pem encoded private key. Default is DKIM private key.",
+                'format'     => '\S+',
+                'occurrence' => '0-1',
+                'default'    => {'conf' => 'dkim_arc_private_key_path'}
+            },
+            'arc_selector' => {
+                'order'      => 2,
+                'gettext_id' => "Selector for DNS lookup of ARC public key",
+                'gettext_comment' =>
+                    "The selector is used in order to build the DNS query for public key. It is up to you to choose the value you want but verify that you can query the public DKIM key for <selector>._domainkey.your_domain.  Default is selector for DKIM signature",
+                'format'     => '\S+',
+                'occurrence' => '0-1',
+                'default'    => {'conf' => 'dkim_arc_selector'}
+            },
+            'arc_signer_domain' => {
+                'order' => 3,
+                'gettext_id' =>
+                    'ARC "d=" tag, you should probably use the default value',
+                'gettext_comment' =>
+                    'The ARC "d=" tag, is the domain of the sealing entity. The list domain MUST be included in the "d=" domain',
+                'format'     => '\S+',
+                'occurrence' => '0-1',
+                'default'    => {'conf' => 'dkim_arc_signer_domain'}
+            },
+            'arc_srvid' => {
+                'order'      => 4,
+                'gettext_id' => 'SRV ID for Authentication-Results used in ARC seal',
+                'gettext_comment' => 'Default is the domain used for ARC seals',
+                'format'     => '\S+',
+                'occurrence' => '0-1',
+                'default'    => {'conf' => 'dkim_arc_srvid'}
+            },
+        },
+        'occurrence' => '0-1'
+    },
+
+    'dkim_signature_apply_on' => {
+        order   => 70.05,
+        'group' => 'dkim',
+        'gettext_id' =>
+            "The categories of messages sent to the list that will be signed using DKIM.",
+        'gettext_comment' =>
+            "This parameter controls in which case messages must be signed using DKIM, you may sign every message choosing 'any' or a subset. The parameter value is a comma separated list of keywords",
+        'format' => [
+            'md5_authenticated_messages',  'smime_authenticated_messages',
+            'dkim_authenticated_messages', 'editor_validated_messages',
+            'none',                        'any'
+        ],
+        'occurrence' => '0-n',
+        'split_char' => ',',
+        'default'    => {'conf' => 'dkim_signature_apply_on'}
+    },
+
    'dmarc_protection' => {
-        order    => 70.04,
+        order    => 70.06,
        'format' => {
            'mode' => {
                'format' => [