script/postfix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create_opendkim_key.sh: adding DKIM key even if zone is not yet official responsible.

Browse Source
This commit is contained in:
Christoph
2025-11-05 22:12:32 +01:00
parent d285b19ab6
commit b1ca260660
1 changed files with 121 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
create_opendkim_key.sh
View File

@@ -18,6 +18,8 @@ log_file="${LOCK_DIR}/${script_name%%.*}.log"
LOGGING=false LOGGING=false
BATCH_MODE=false BATCH_MODE=false
CONTINUE_WITHOUT_RESPONSIBLE_ZONE=false
DEFAULT_dns_dkim_zone_master_server="b.ns.oopen.de" DEFAULT_dns_dkim_zone_master_server="b.ns.oopen.de"
DEFAULT_key_algo="hmac-sha256" DEFAULT_key_algo="hmac-sha256"
DEFAULT_key_name="update-dkim" DEFAULT_key_name="update-dkim"
@@ -691,69 +693,105 @@ if $found ; then
info "Found responsible zone for '${dkim_domain}': \033[37m\033[1m${zone}\033[m" info "Found responsible zone for '${dkim_domain}': \033[37m\033[1m${zone}\033[m"
else else
echo_failed echo_failed
fatal "No responsible zone for '${dkim_domain}' found!"
if [[ -n "${dns_main_zone_master_server}" ]] ; then
blank_line
warn "No responsible zone for '${dkim_domain}' found!"
echo " Continue with the following settings:"
echo -e " DNS master for Domain ${dkim_domain}: \033[70G\033[33m${dns_main_zone_master_server}\033[m"
echo -e " DNS slave for Domain ${dkim_domain}: \033[70G\033[33m${dns_dkim_zone_master_server}\033[m"
echo -e " DNS master for Domain ${update_zone}: \033[70G\033[33m${dns_dkim_zone_master_server}\033[m"
echo ""
echo -n " Type upper case 'YES' to start: "
read OK
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer was not 'YES'"
fi
blank_line
CONTINUE_WITHOUT_RESPONSIBLE_ZONE=true
dns_dkim_zone_slave_server_arr+=("${dns_main_zone_master_server}")
_dns_master="${dns_main_zone_master_server}"
_dns_slave="${dns_dkim_zone_master_server}"
if [[ -z "$(dig @${_dns_master} +short ${update_zone}. NS)" ]] ; then
_create_delegation=true
else
_create_delegation=false
fi
else
fatal "No responsible zone for '${dkim_domain}' found!"
fi
fi fi
for _server in $(dig +short ${zone} NS) ; do if ! ${CONTINUE_WITHOUT_RESPONSIBLE_ZONE} ; then
# - Eliminate trailing '.' character(s) for _server in $(dig +short ${zone} NS) ; do
# - # - Eliminate trailing '.' character(s)
_server="${_server%"${_server##*[!\.]}"}" # -
_server="${_server%"${_server##*[!\.]}"}"
[[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue [[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue
dns_dkim_zone_slave_server_arr+=("$_server") dns_dkim_zone_slave_server_arr+=("$_server")
done done
_wait=false _wait=false
if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then
if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then
warn "No Subdomain delegation for zone '$update_zone' found!" warn "No Subdomain delegation for zone '$update_zone' found!"
if ! $BATCH_MODE ; then if ! $BATCH_MODE ; then
echo "" echo ""
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
echo "" echo ""
echononl "Create Subdomain delegation for zone '$update_zone'? (yes/no) [yes]: " echononl "Create Subdomain delegation for zone '$update_zone'? (yes/no) [yes]: "
read _create_delegation read _create_delegation
if [[ -z "$(trim $_create_delegation)" ]] ; then if [[ -z "$(trim $_create_delegation)" ]] ; then
_create_delegation=true _create_delegation=true
elif [[ "${_create_delegation,,}" = "yes" ]] || [[ "${_create_delegation,,}" = "true" ]] ; then elif [[ "${_create_delegation,,}" = "yes" ]] || [[ "${_create_delegation,,}" = "true" ]] ; then
_create_delegation=true _create_delegation=true
else
_create_delegation=false
fi
if ! $_create_delegation ; then
_tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}"
for _server in $(dig +short ${dkim_domain} NS) ; do
# - Eliminate trailing '.' character(s)
# -
_server="${_server%"${_server##*[!\.]}"}"
_tmp_string="$_tmp_string\n${update_zone}. IN NS ${_server}."
done
blank_line
todo "Create a delegation for zone \033[1m${update_zone}.\033[m\n\n$_tmp_string"
_wait=true
echo ""
echo -e " After adjusting your nameserver continue with this script"
echo ""
echo -en " \033[33mType <return> to continue or <CTRL>+C to abort:\033[m "
read OK
echo
fi
else else
_create_delegation=false _create_delegation=true
fi fi
else
if ! $_create_delegation ; then _create_delegation=false
_tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}"
for _server in $(dig +short ${dkim_domain} NS) ; do
# - Eliminate trailing '.' character(s)
# -
_server="${_server%"${_server##*[!\.]}"}"
_tmp_string="$_tmp_string\n${update_zone}. IN NS ${_server}."
done
blank_line
todo "Create a delegation for zone \033[1m${update_zone}.\033[m\n\n$_tmp_string"
_wait=true
echo ""
echo -e " After adjusting your nameserver continue with this script"
echo ""
echo -en " \033[33mType <return> to continue or <CTRL>+C to abort:\033[m "
read OK
echo
fi
else
_create_delegation=true
fi fi
else
_create_delegation=false
fi fi
fi fi
@@ -769,18 +807,22 @@ if $_create_delegation ; then
fi fi
echononl "Determin DNS master of '${zone}'.." echononl "Determin DNS master of '${zone}'.."
_dns_master="$(dig +short ${zone} SOA 2>/dev/null | awk '{print$1}' | sed 's/\.$//')" if [[ -n "${_dns_master}" ]] ; then
if [[ -z "$_dns_master" ]]; then echo_skipped
echo_failed
if $terminal ; then
fatal "Determin DNS master of '${zone}' failed!"
else
echo -e " [ Fatal ] Found responsible zone for '${dkim_domain}' (${zone}), but"
echo -e " cannot determin master dns server for '${zone}'!"
clean_up 1
fi
else else
echo_ok _dns_master="$(dig +short ${zone} SOA 2>/dev/null | awk '{print$1}' | sed 's/\.$//')"
if [[ -z "$_dns_master" ]]; then
echo_failed
if $terminal ; then
fatal "Determin DNS master of '${zone}' failed!"
else
echo -e " [ Fatal ] Found responsible zone for '${dkim_domain}' (${zone}), but"
echo -e " cannot determin master dns server for '${zone}'!"
clean_up 1
fi
else
echo_ok
fi
fi fi
@@ -1009,12 +1051,21 @@ if $_create_dkim_zone ; then
fi fi
echononl "Create zone '${update_zone}' at dns master '${dns_dkim_zone_master_server}'.." echononl "Create zone '${update_zone}' at dns master '${dns_dkim_zone_master_server}'.."
echo_wait echo_wait
ssh -q -p $dns_ssh_port \ if ${CONTINUE_WITHOUT_RESPONSIBLE_ZONE} ; then
-o BatchMode=yes \ ssh -q -p $dns_ssh_port \
-o StrictHostKeyChecking=no \ -o BatchMode=yes \
-i $dns_ssh_key \ -o StrictHostKeyChecking=no \
$dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1 -i $dns_ssh_key \
ret_val=$? $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain -m $_dns_master -s $_dns_slave" > /dev/null 2>&1
ret_val=$?
else
ssh -q -p $dns_ssh_port \
-o BatchMode=yes \
-o StrictHostKeyChecking=no \
-i $dns_ssh_key \
$dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1
ret_val=$?
fi
case $ret_val in case $ret_val in
0) $terminal && echo_ok 0) $terminal && echo_ok
if $terminal ; then if $terminal ; then