From 3289c63588e71604db4060c6f876cb1db20b37e0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 11 May 2022 10:48:07 -0700
Subject: [PATCH] bastion / opendkim: set mx2.redhat.com in opendkim PeerList

Right now we are getting emails from redhat.com addresses and verifying
DKIM and stripping it off and sending on. We should leave redhat.com
emails coming from mx2.redhat.com alone so their own DKIM will still be
on the emails. This hopefully will allow these emails to be accepted by
google on the other side. Right now they don't have the signature so
google thinks they are trickery.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/opendkim/files/opendkim.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/opendkim/files/opendkim.conf b/roles/opendkim/files/opendkim.conf
index ac866c10ce..065a4b5f1e 100644
--- a/roles/opendkim/files/opendkim.conf
+++ b/roles/opendkim/files/opendkim.conf
@@ -118,6 +118,7 @@ InternalHosts	refile:/etc/opendkim/TrustedHosts
 ##  whose mail should be neither signed nor verified by this filter.  See man
 ##  page for file format.
 # PeerList	X.X.X.X
+PeerList	mx2.redhat.com
 
 ##  Always oversign From (sign using actual From and a null From to prevent
 ##  malicious signatures header fields (From and/or others) between the signer