script/postfix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add script 'create_opendkim_key.sh' for creating a DKIM key.

Browse Source
This commit is contained in:
Christoph 2017-06-02 03:02:10 +02:00
parent 770f67b0ee
commit 56176a3c8b
1 changed files with 361 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

361
create_opendkim_key.sh Executable file
View File

@ -0,0 +1,361 @@
#!/usr/bin/env bash
# -------------
# - Settings
# -------------
#_src_base_dir="$(realpath $(dirname $0))"
#conf_file="${_src_base_dir}/conf/install_opendkim.conf"
log_file="$(mktemp)"
opendkim_dir="/etc/opendkim"
signing_table_file="${opendkim_dir}/signing.table"
key_table_file="${opendkim_dir}/key.table"
# -------------
# --- Some functions
# -------------
usage() {
echo
[ -n "$1" ] && echo -e "Error: $1\n"
cat<<EOF
Usage: ` basename $0` [Options ]
This scripts creates DKIM support for a given domain. This script acts
intteractively, all needed parameters will be requested if not given as
options on command line.
Options:
-d <domain-name>
the domain for which DKIM support will be configured. If not give, the domain will be
requested interactivly.
-h
Prints this help.
EOF
exit 1
}
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
# - Remove leading/trailling whitespaces
# -
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
echo -n "$var"
}
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fatal error: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
echo ""
exit 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[37mskipped\033[m ]"
}
# -------------
# - Some pre-installation tasks
# -------------
# - Is 'systemd' supported on this system
# -
if [ "X`which systemd`" = "X" ]; then
SYSTEMD_EXISTS=false
else
SYSTEMD_EXISTS=true
fi
# -------------
# - Read in Commandline arguments
# -------------
while getopts hd: opt ; do
case $opt in
d) domain=$OPTARG ;;
h) usage ;;
\?) usage
esac
done
clear
echo
echo
if [[ -n "$domain" ]] ; then
echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m"
else
#echo ""
echo ""
echo -e "\033[32m--\033[m"
echo ""
if [ -z "$domain" ]; then
echo " Insert a domain name for which DKIM support should be configured."
echo ""
echo ""
domain=
echononl " Domain: "
read domain
while [ "X$domain" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " Domain: "
read domain
done
echo
echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m"
fi
fi
# =============
# - Start Configuration
# =============
echo
echo -n " Type upper case 'YES' to start: "
read OK
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer as not 'YES'"
fi
time_stamp=$(date +%s)
key_dir=${opendkim_dir}/keys/${domain}
domain_shortname="${domain%.*}"
# - Create Key directory for the given domain
# -
echononl " Create Key Directory '${key_dir}'"
if [[ ! -d "$key_dir" ]]; then
mkdir $key_dir 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo_skipped
fi
# - Generate private key
# -
# - This will give you two files, one containing the key
# - and the other containing the TXT record youll need to
# - set up DNS.
# -
# - Note:
# - The generated TXT record cannot be used directly for
# - 'bind' nameservers (TXT recors are restricted to 255 characters)
# -
echononl " Generate private key for domain '$domain'.."
opendkim-genkey -D $key_dir -d $domain -b 2048 -r -s $time_stamp > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
# - Set up ownership an permissions
# -
echononl " Set ownership on '${key_dir}/${time_stamp}.private'"
chown opendkim ${key_dir}/${time_stamp}.private > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Set permissions on '${key_dir}/${time_stamp}.private'"
chmod 600 ${key_dir}/${time_stamp}.private > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
echononl " Print out public key key for domain '$domain'.."
openssl rsa -in ${key_dir}/${time_stamp}.private -pubout -out ${key_dir}/${time_stamp}.public > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
# - Configure/Adjust the signing table
# -
echononl " Configure/Adjust the signing table.."
if grep -q -E "^\s*\*@$domain\s" $signing_table_file 2>/dev/null ; then
perl -i -n -p -e "s/^\*@$domain\s.*/*@$domain\t$domain_shortname/" $signing_table_file 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo -e "*@$domain\t$domain_shortname" >> $signing_table_file 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Configure/Adjust the key table
# -
echononl " Configure/Adjustkey table"
if grep -q -E "^\s*$domain_shortname\s" $key_table_file 2>/dev/null ; then
perl -i -n -p -e "s#^\s*$domain_shortname\s.*#${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private#" $key_table_file 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
echo -e "${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private" >> $key_table_file 2> $log_file
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
# - Generate TXT record for use in bind9
# -
echo
echo -e " \033[32mGenerate TXT record for use in bind9\033[m"
# - Write file with bind9 dekim TXT record
# -
echo " Write bind9 dekim TXT record to file"
echononl " '${key_dir}/${time_stamp}.bind9'"
echo "; ----- DKIM key $time_stamp for ${domain}" > ${key_dir}/${time_stamp}.bind9
echo -n "${time_stamp}._domainkey.${domain}. 3600 IN TXT ( \"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.bind9
while IFS='' read -r _line || [[ -n $_line ]] ; do
if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then
continue
fi
echo "" >> ${key_dir}/${time_stamp}.bind9
echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.bind9
done < "${key_dir}/${time_stamp}.public"
echo " )" >> ${key_dir}/${time_stamp}.bind9
echo_ok
info "Now you have to add the TXT Record to your zone file.\n\n\t Copy/Paste the following data:\n\n$(cat ${key_dir}/${time_stamp}.bind9)"
echo ""
echo -e "After adjusting your nameserver continue with this script"
echo ""
echo -n "Type <return> to continue: "
read OK
echo
# - Restart OpenDKIM
# -
echononl " Restart OpenDKIM.."
if $SYSTEMD_EXISTS ; then
systemctl restart opendkim > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
else
/etc/init.d/opendkim restart > $log_file 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
fi
if [[ -n "$log_file" ]]; then
rm -f "$log_file"
fi
echo ""
exit 0
#txt_record="$(cat ${key_dir}/${time_stamp}.txt | awk -F'"' '{print $2}' | tr -d '\n')"
#txt_record_1=${txt_record:0:255}
#txt_record_2=${txt_record:255}
#new_txt_record="\"$txt_record_1\"\"$txt_record_2\""