script/postfix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create_opendkim_key.sh: support of creation of DNS delegation if needed.

Browse Source
This commit is contained in:
Christoph 2019-01-04 05:03:26 +01:00
parent e935c1e9ee
commit 350d05bb8f
2 changed files with 268 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
conf/create_opendkim_key.conf.sample
View File

@ -77,6 +77,50 @@ dns_server="b.ns.oopen.de"
#key_name= #key_name=
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to /root/bin/bind/bind_set_new_serial.sh
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
#create_dkim_delegation_script="bind_create_dkim_delegation.sh"
# ---------- # ----------
# OpenDKIM Installation # OpenDKIM Installation
# ---------- # ----------

216
create_opendkim_key.sh
View File

@ -20,6 +20,14 @@ BATCH_MODE=false
DEFAULT_key_algo="hmac-sha256" DEFAULT_key_algo="hmac-sha256"
DEFAULT_ttl="43200" DEFAULT_ttl="43200"
DEFAULT_dns_ssh_user="manage-bind"
DEFAULT_dns_ssh_port=22
DEFAULT_dns_ssh_key="/root/.ssh/id_rsa-opendkim"
DEFAULT_set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
DEFAULT_create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
#DEFAULT_
opendkim_dir="/etc/opendkim" opendkim_dir="/etc/opendkim"
signing_table_file="${opendkim_dir}/signing.table" signing_table_file="${opendkim_dir}/signing.table"
@ -405,8 +413,10 @@ if $update_dns && [[ -z "$update_zone" ]] && ! $BATCH_MODE ; then
update_zone="_domainkey.${dkim_domain}" update_zone="_domainkey.${dkim_domain}"
fi fi
elif $update_dns && $terminal ; then elif $update_dns && $terminal ; then
if [[ -n "$update_zone" ]]; then
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
info "Zone \033[37m\033[1m$update_zone\033[m is used for DKIM TXT record" info "Zone \033[37m\033[1m${update_zone}\033[m is used for DKIM TXT record"
fi
fi fi
@ -493,6 +503,16 @@ fi
if $update_dns ; then if $update_dns ; then
cname_record="*._domainkey.${dkim_domain}. IN CNAME ${dkim_domain}.${update_zone}." cname_record="*._domainkey.${dkim_domain}. IN CNAME ${dkim_domain}.${update_zone}."
fi fi
# Access Credentials DNS Server
[[ -z "$dns_ssh_user" ]] && dns_ssh_user="$DEFAULT_dns_ssh_user"
[[ -z "$dns_ssh_port" ]] && dns_ssh_port="$DEFAULT_dns_ssh_port"
[[ -z "$dns_ssh_key" ]] && dns_ssh_key="$DEFAULT_dns_ssh_key"
#Scripts envoked at DNS Server
[[ -z "$set_new_serial_script" ]] && set_new_serial_script="$DEFAULT_set_new_serial_script"
[[ -z "$create_dkim_delegation_script" ]] && create_dkim_delegation_script="$DEFAULT_create_dkim_delegation_script"
blank_line blank_line
@ -546,12 +566,30 @@ key_dir=${key_base_dir}/${dkim_domain}
dkim_domain_shortname="${dkim_domain%.*}" dkim_domain_shortname="${dkim_domain%.*}"
declare -a generated_files_arr=() declare -a generated_files_arr=()
_create_delegation=false
_wait=false _wait=false
if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then
if ! $BATCH_MODE ; then
if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then
warn "No Subdomain delegation for zone '$update_zone' found!"
if ! $BATCH_MODE ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echononl "Create Subdomain delegation for zone '$update_zone'? (yes/no) [yes]: "
read _create_delegation
if [[ -z "$(trim $_create_delegation)" ]] ; then
_create_delegation=true
elif [[ "${_create_delegation,,}" = "yes" ]] || [[ "${_create_delegation,,}" = "true" ]] ; then
_create_delegation=true
else
_create_delegation=false
fi
if ! $_create_delegation ; then
_tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}" _tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}"
for _server in $(dig +short ${dkim_domain} NS) ; do for _server in $(dig +short ${dkim_domain} NS) ; do
_tmp_string="$_tmp_string\n${update_zone}. IN NS $_server" _tmp_string="$_tmp_string\n${update_zone}. IN NS $_server"
@ -568,13 +606,179 @@ if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then
echo -en " \033[33mType <return> to continue or <CTRL>+C to abort:\033[m " echo -en " \033[33mType <return> to continue or <CTRL>+C to abort:\033[m "
read OK read OK
echo echo
fi fi
else else
if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then _create_delegation=true
fi
else
_create_delegation=false
fi
fi
if $_create_delegation ; then
# - Generate Subdomain delegation for zone update_zone
# -
if $terminal ; then
echo ""
echo -e " \033[32mGenerate Subdomain delegation for zone \033[37m\033[1m${update_zone}\033[m"
echo ""
fi
echononl "Determin DNS master of '${dkim_domain}'.."
_dns_master="$(dig +short ${dkim_domain} SOA 2>/dev/null | awk '{print$1}' | sed 's/\.$//')"
if [[ -z "$_dns_master" ]]; then
echo_failed
fatal "Determin DNS master of '${dkim_domain}' failed!"
else
echo_ok
fi
# - Check if Nameserver is accessable via ssh
# -
echononl "Check if Nameserver '$_dns_master' is accessable via ssh .."
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$_dns_master "ls" > /dev/null 2>&1
if [[ $? -gt 0 ]] ;then
echo_failed
fatal "Nameserver \"$_dns_master\" is not reachable vis ssh!"
else
echo_ok
fi
# - Check if Script '$set_new_serial_script' is accessable via ssh .."
echononl "Check if Script '$set_new_serial_script' .."
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$_dns_master "sudo $set_new_serial_script check" > /dev/null 2>&1
if [[ $? -gt 0 ]] ;then
echo_failed
fatal "Script '$set_new_serial_script' is NOT accessable via ssh!"
else
echo_ok
fi
# - Check if Script '$create_dkim_delegation_script' is accessable via ssh .."
echononl "Check if Script '$create_dkim_delegation_script'.."
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$_dns_master "sudo $create_dkim_delegation_script check" > /dev/null 2>&1
if [[ $? -gt 0 ]] ;then
echo_failed
fatal "Script '$create_dkim_delegation_script' is NOT accessable via ssh!"
else
echo_ok
fi
blank_line
echononl "Create NS Record (delegation) for '$update_zone'.."
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$_dns_master "sudo $create_dkim_delegation_script $dkim_domain" > /dev/null 2>&1
ret_val=$?
case $ret_val in
0) $terminal && echo_skipped
if $terminal ; then
info "DKIM subdomain delegation for \033[1m${update_zone}\033[m already exists."
else
echo ""
echo " [ Info ] DKIM subdomain delegation for ${update_zone} already exists."
echo ""
fi
;;
1) $terminal && echo_ok
if $terminal ; then
info "DKIM subdomain delegation for \033[1m${update_zone}\033[m added."
else
echo ""
echo " [ Info ] DKIM subdomain delegation for ${update_zone} successfully added."
echo ""
fi
;;
11) $terminal && echo_failed
fatal "No zonefile for domain '$dkim_domain' found!"
;;
15) $terminal && echo_failed
fatal "Domain '$dkim_domain' not supported!"
;;
16) $terminal && echo_failed
fatal "Determin nameservers for domain '$dkim_domain' failed!"
;;
21) $terminal && echo_failed
fatal "Adding NS Record for subdomain delegation failed!"
;;
99) $terminal && echo_failed
fatal "Fatal error!"
;;
*) $terminal && echo_failed
fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!"
;;
esac
echononl "Increase serial an reload zone ($dkim_domain).."
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$_dns_master "sudo $set_new_serial_script $dkim_domain" > /dev/null 2>&1
ret_val=$?
case $ret_val in
0) $terminal && echo_ok
if $terminal ; then
info "Serial is replaced and Zone is reloaded (\033[1m${update_zone}\033[m)."
else
echo ""
echo " [ Info ] Serial is replaced and Zone is reloaded (${update_zone})."
echo ""
fi
;;
10) $terminal && echo_failed
fatal "Invalid Hostname/Domain given!"
;;
11) $terminal && echo_failed
fatal "No zonefile found!"
;;
12) $terminal && echo_failed
fatal "Determin new Serial failed!"
;;
13) $terminal && echo_failed
fatal "Increasing Serial failed!"
;;
14) $terminal && echo_failed
fatal "Reloading Zone failed!"
;;
15) $terminal && echo_failed
fatal "Hostname/Domain not supported!"
;;
99) $terminal && echo_failed
fatal "Fatal error!"
;;
*) $terminal && echo_failed
fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!"
;;
esac
fi
if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then
fatal "No NS Record found for zone \033[1m${update_zone}.\033[m" fatal "No NS Record found for zone \033[1m${update_zone}.\033[m"
fi
fi
fi fi
# - Generate private/public keys # - Generate private/public keys