diff --git a/create_opendkim_key.sh b/create_opendkim_key.sh new file mode 100755 index 0000000..797b330 --- /dev/null +++ b/create_opendkim_key.sh @@ -0,0 +1,361 @@ +#!/usr/bin/env bash + + +# ------------- +# - Settings +# ------------- + +#_src_base_dir="$(realpath $(dirname $0))" +#conf_file="${_src_base_dir}/conf/install_opendkim.conf" + +log_file="$(mktemp)" + +opendkim_dir="/etc/opendkim" + +signing_table_file="${opendkim_dir}/signing.table" +key_table_file="${opendkim_dir}/key.table" + + +# ------------- +# --- Some functions +# ------------- + +usage() { + echo + [ -n "$1" ] && echo -e "Error: $1\n" + +cat< + the domain for which DKIM support will be configured. If not give, the domain will be + requested interactivly. + + -h + Prints this help. + +EOF +exit 1 +} + +containsElement () { + local e + for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done + return 1 +} + +# - Remove leading/trailling whitespaces +# - +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +fatal(){ + echo "" + echo -e "fatal error: $*" + echo "" + echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" + echo "" + exit 1 +} + +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" +} + +warn (){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info (){ + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" +} + +echo_done() { + echo -e "\033[80G[ \033[32mdone\033[m ]" +} +echo_ok() { + echo -e "\033[80G[ \033[32mok\033[m ]" +} +echo_warning() { + echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" +} +echo_failed(){ + echo -e "\033[80G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[80G[ \033[37mskipped\033[m ]" +} + + +# ------------- +# - Some pre-installation tasks +# ------------- + +# - Is 'systemd' supported on this system +# - +if [ "X`which systemd`" = "X" ]; then + SYSTEMD_EXISTS=false +else + SYSTEMD_EXISTS=true +fi + +# ------------- +# - Read in Commandline arguments +# ------------- +while getopts hd: opt ; do + case $opt in + d) domain=$OPTARG ;; + h) usage ;; + \?) usage + esac +done + + +clear +echo +echo +if [[ -n "$domain" ]] ; then + echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m" +else + +#echo "" +echo "" +echo -e "\033[32m--\033[m" +echo "" +if [ -z "$domain" ]; then + echo " Insert a domain name for which DKIM support should be configured." + echo "" + echo "" + domain= + echononl " Domain: " + read domain + while [ "X$domain" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl " Domain: " + read domain + done + echo + echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m" +fi +fi + + +# ============= +# - Start Configuration +# ============= + +echo +echo -n " Type upper case 'YES' to start: " +read OK +if [[ "$OK" != "YES" ]] ; then + fatal "Abort by user request - Answer as not 'YES'" +fi + + +time_stamp=$(date +%s) +key_dir=${opendkim_dir}/keys/${domain} +domain_shortname="${domain%.*}" + +# - Create Key directory for the given domain +# - +echononl " Create Key Directory '${key_dir}'" +if [[ ! -d "$key_dir" ]]; then + mkdir $key_dir 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo_skipped +fi + + +# - Generate private key +# - +# - This will give you two files, one containing the key +# - and the other containing the TXT record you’ll need to +# - set up DNS. +# - +# - Note: +# - The generated TXT record cannot be used directly for +# - 'bind' nameservers (TXT recors are restricted to 255 characters) +# - +echononl " Generate private key for domain '$domain'.." +opendkim-genkey -D $key_dir -d $domain -b 2048 -r -s $time_stamp > $log_file 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + +# - Set up ownership an permissions +# - +echononl " Set ownership on '${key_dir}/${time_stamp}.private'" +chown opendkim ${key_dir}/${time_stamp}.private > $log_file 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi +echononl " Set permissions on '${key_dir}/${time_stamp}.private'" +chmod 600 ${key_dir}/${time_stamp}.private > $log_file 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + + +echononl " Print out public key key for domain '$domain'.." +openssl rsa -in ${key_dir}/${time_stamp}.private -pubout -out ${key_dir}/${time_stamp}.public > $log_file 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + + +# - Configure/Adjust the signing table +# - +echononl " Configure/Adjust the signing table.." +if grep -q -E "^\s*\*@$domain\s" $signing_table_file 2>/dev/null ; then + perl -i -n -p -e "s/^\*@$domain\s.*/*@$domain\t$domain_shortname/" $signing_table_file 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo -e "*@$domain\t$domain_shortname" >> $signing_table_file 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Configure/Adjust the key table +# - +echononl " Configure/Adjustkey table" +if grep -q -E "^\s*$domain_shortname\s" $key_table_file 2>/dev/null ; then + perl -i -n -p -e "s#^\s*$domain_shortname\s.*#${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private#" $key_table_file 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + echo -e "${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private" >> $key_table_file 2> $log_file + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + + +# - Generate TXT record for use in bind9 +# - +echo +echo -e " \033[32mGenerate TXT record for use in bind9\033[m" + +# - Write file with bind9 dekim TXT record +# - +echo " Write bind9 dekim TXT record to file" +echononl " '${key_dir}/${time_stamp}.bind9'" +echo "; ----- DKIM key $time_stamp for ${domain}" > ${key_dir}/${time_stamp}.bind9 +echo -n "${time_stamp}._domainkey.${domain}. 3600 IN TXT ( \"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.bind9 +while IFS='' read -r _line || [[ -n $_line ]] ; do + + if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then + continue + fi + + echo "" >> ${key_dir}/${time_stamp}.bind9 + echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.bind9 + +done < "${key_dir}/${time_stamp}.public" +echo " )" >> ${key_dir}/${time_stamp}.bind9 +echo_ok + +info "Now you have to add the TXT Record to your zone file.\n\n\t Copy/Paste the following data:\n\n$(cat ${key_dir}/${time_stamp}.bind9)" + +echo "" +echo -e "After adjusting your nameserver continue with this script" +echo "" +echo -n "Type to continue: " +read OK +echo + + +# - Restart OpenDKIM +# - +echononl " Restart OpenDKIM.." +if $SYSTEMD_EXISTS ; then + systemctl restart opendkim > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +else + /etc/init.d/opendkim restart > $log_file 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi +fi + +if [[ -n "$log_file" ]]; then + rm -f "$log_file" +fi +echo "" +exit 0 + + + +#txt_record="$(cat ${key_dir}/${time_stamp}.txt | awk -F'"' '{print $2}' | tr -d '\n')" +#txt_record_1=${txt_record:0:255} +#txt_record_2=${txt_record:255} +#new_txt_record="\"$txt_record_1\"\"$txt_record_2\""