Compare commits
10 Commits
f76103664e
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| d285b19ab6 | |||
| 846356d677 | |||
| 9ca9c86b22 | |||
| 78a1610517 | |||
| e4c9a4fc8f | |||
| 3019f2d27a | |||
| 1a4ed0053d | |||
| 20cc3cdc2d | |||
| ed3c51946a | |||
| 4788537cd9 |
619
add_cname_for_dkim_entry.sh
Executable file
619
add_cname_for_dkim_entry.sh
Executable file
@ -0,0 +1,619 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
script_name="$(basename $(realpath $0))"
|
||||
working_dir="$(dirname $(realpath $0))"
|
||||
|
||||
conf_file="${working_dir}/conf/${script_name%%.*}.conf"
|
||||
|
||||
LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
|
||||
log_file="${LOCK_DIR}/${script_name%%.*}.log"
|
||||
|
||||
|
||||
# ----------
|
||||
# Base Function(s)
|
||||
# ----------
|
||||
|
||||
usage() {
|
||||
|
||||
|
||||
[[ -n "$1" ]] && error "$1"
|
||||
|
||||
|
||||
[[ $terminal ]] && echo -e "
|
||||
\033[1mUsage:\033[m
|
||||
|
||||
$(basename $0) [OPTION [OPTION ..
|
||||
|
||||
\033[1mDescription\033[m
|
||||
|
||||
<Some Description>
|
||||
|
||||
\033[1mOptions\033[m
|
||||
|
||||
<List Options>
|
||||
|
||||
\033[1mFiles\033[m
|
||||
|
||||
$conf_file: Configuration file
|
||||
|
||||
\033[1mExample:\033[m
|
||||
|
||||
<description example>
|
||||
|
||||
$(basename $0) .. <comand example>
|
||||
|
||||
<description another example>
|
||||
|
||||
$(basename $0) .. <command another example>
|
||||
|
||||
"
|
||||
|
||||
clean_up 1
|
||||
|
||||
}
|
||||
|
||||
clean_up() {
|
||||
|
||||
# Perform program exit housekeeping
|
||||
rm -rf "$LOCK_DIR"
|
||||
blank_line
|
||||
exit $1
|
||||
}
|
||||
|
||||
echononl(){
|
||||
if $terminal ; then
|
||||
echo X\\c > /tmp/shprompt$$
|
||||
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
|
||||
echo -e -n " $*\\c" 1>&2
|
||||
else
|
||||
echo -e -n " $*" 1>&2
|
||||
fi
|
||||
rm /tmp/shprompt$$
|
||||
fi
|
||||
}
|
||||
|
||||
fatal(){
|
||||
echo ""
|
||||
if $terminal ; then
|
||||
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
|
||||
echo ""
|
||||
echo -e " \033[31m\033[1mScript was interupted\033[m!"
|
||||
else
|
||||
echo " [ Fatal ]: $*"
|
||||
echo ""
|
||||
echo " Script was terminated...."
|
||||
fi
|
||||
echo ""
|
||||
clean_up 1
|
||||
}
|
||||
|
||||
error (){
|
||||
echo ""
|
||||
if $terminal ; then
|
||||
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
|
||||
else
|
||||
echo " [ Error ]: $*"
|
||||
fi
|
||||
echo ""
|
||||
}
|
||||
|
||||
warn (){
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
info (){
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo -e " [ \033[32m\033[1mInfo\033[m ]: $*"
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
ok (){
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
echo_done() {
|
||||
if $terminal ; then
|
||||
echo -e "\033[95G[ \033[32mdone\033[m ]"
|
||||
fi
|
||||
}
|
||||
echo_ok() {
|
||||
if $terminal ; then
|
||||
echo -e "\033[95G[ \033[32mok\033[m ]"
|
||||
fi
|
||||
}
|
||||
echo_warn() {
|
||||
if $terminal ; then
|
||||
echo -e "\033[95G[ \033[33mwarn\033[m ]"
|
||||
fi
|
||||
}
|
||||
echo_failed(){
|
||||
if $terminal ; then
|
||||
echo -e "\033[95G[ \033[1;31mfailed\033[m ]"
|
||||
fi
|
||||
}
|
||||
echo_skipped() {
|
||||
if $terminal ; then
|
||||
echo -e "\033[95G[ \033[90m\033[1mskipped\033[m ]"
|
||||
fi
|
||||
}
|
||||
echo_wait(){
|
||||
if $terminal ; then
|
||||
echo -en "\033[95G[ \033[5m\033[1m...\033[m ]"
|
||||
fi
|
||||
}
|
||||
|
||||
trim() {
|
||||
local var="$*"
|
||||
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
|
||||
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
|
||||
echo -n "$var"
|
||||
}
|
||||
|
||||
blank_line() {
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
||||
# ----------
|
||||
# - Jobhandling
|
||||
# ----------
|
||||
|
||||
# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
|
||||
# -
|
||||
trap clean_up SIGHUP SIGINT SIGTERM
|
||||
|
||||
# - Create lock directory '$LOCK_DIR"
|
||||
#
|
||||
mkdir "$LOCK_DIR"
|
||||
|
||||
|
||||
|
||||
# ----------
|
||||
# - Some checks ..
|
||||
# ----------
|
||||
|
||||
# - Running in a terminal?
|
||||
# -
|
||||
if [[ -t 1 ]] ; then
|
||||
terminal=true
|
||||
else
|
||||
terminal=false
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# -------------
|
||||
# - Default values
|
||||
# -------------
|
||||
|
||||
# - Give your default values here
|
||||
# -
|
||||
DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
|
||||
DEFAULT_TTL="3600"
|
||||
DEFAULT_KEY_ALGO="hmac-sha256"
|
||||
DEFAULT_KEY_NAME="update-dkim"
|
||||
DEFAULT_DKIM_TYPE="DKIM1"
|
||||
DEFAULT_KEY_TYPE="rsa"
|
||||
|
||||
DEFAULT_SERVICE_TYPE="email"
|
||||
|
||||
DEFAULT_DKIM_SELECTOR=""
|
||||
|
||||
|
||||
|
||||
if [[ -f "$conf_file" ]]; then
|
||||
source "$conf_file"
|
||||
else
|
||||
warn "No configuration file '$conf_file' present.\n
|
||||
Loading default values.."
|
||||
fi
|
||||
|
||||
|
||||
if [[ -n "$(trim "$DNS_DKIM_ZONE_MASTER_SERVER")" ]] ; then
|
||||
DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="${DNS_DKIM_ZONE_MASTER_SERVER}"
|
||||
DNS_DKIM_ZONE_MASTER_SERVER=""
|
||||
fi
|
||||
|
||||
if [[ -n "$(trim "$KEY_ALGO")" ]] ; then
|
||||
DEFAULT_KEY_ALGO="${KEY_ALGO}"
|
||||
KEY_ALGO=""
|
||||
fi
|
||||
|
||||
if [[ -n "$(trim "$KEY_NAME")" ]] ; then
|
||||
DEFAULT_KEY_NAME="${KEY_NAME}"
|
||||
KEY_NAME=""
|
||||
fi
|
||||
|
||||
if [[ -n "$(trim "$KEY_SECRET")" ]] ; then
|
||||
DEFAULT_KEY_SECRET="${KEY_SECRET}"
|
||||
KEY_SECRET=""
|
||||
fi
|
||||
|
||||
|
||||
if $terminal ; then
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert the domain name for which DKIM CNAME entry should be configured."
|
||||
echo ""
|
||||
echo ""
|
||||
echononl " DKIM domain: "
|
||||
read DKIM_DOMAIN
|
||||
while [ "X$DKIM_DOMAIN" = "X" ] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " DKIM domain: "
|
||||
read DKIM_DOMAIN
|
||||
done
|
||||
|
||||
|
||||
DEFAULT_DKIM_UPDATE_ZONE="_domainkey.${DKIM_DOMAIN}"
|
||||
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert zone which should be updated with the new DKIM CNAME."
|
||||
echo ""
|
||||
echo ""
|
||||
echononl " DKIM Zone [${DEFAULT_DKIM_UPDATE_ZONE}]: "
|
||||
read DKIM_UPDATE_ZONE
|
||||
if [[ "X$DKIM_UPDATE_ZONE" = "X" ]] ; then
|
||||
DKIM_UPDATE_ZONE="${DEFAULT_DKIM_UPDATE_ZONE}"
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert Hostname of CNAME Reccord"
|
||||
echo ""
|
||||
echo " Note: "
|
||||
echo ""
|
||||
echo -e " \033[33mOnly a hostname of Zone '${DKIM_UPDATE_ZONE}' is possible.\033[m"
|
||||
echo ""
|
||||
echo -e " If FQN of Entry is \033[1mbrevo1.${DKIM_UPDATE_ZONE}\033[m then enter"
|
||||
echo ""
|
||||
echo -e " Hostname: \033[1mbrevo1\033[m"""
|
||||
echo ""
|
||||
echononl " Hostname: "
|
||||
read HOSTNAME
|
||||
while [ "X$HOSTNAME" = "X" ] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " :Hostname "
|
||||
read Hostname
|
||||
done
|
||||
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert FQN of CNAME entry"
|
||||
echo ""
|
||||
echo ""
|
||||
echononl " CNAME: "
|
||||
read CNAME
|
||||
while [ "X$CNAME" = "X" ] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " CNAME: "
|
||||
read CNAME
|
||||
done
|
||||
|
||||
if [[ ${CNAME} != *"." ]]; then
|
||||
CNAME="${CNAME}."
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert Key name"
|
||||
echo ""
|
||||
echo ""
|
||||
echononl " Key name [${DEFAULT_KEY_NAME}]: "
|
||||
read KEY_NAME
|
||||
if [[ "X$KEY_NAME" = "X" ]] ; then
|
||||
KEY_NAME="${DEFAULT_KEY_NAME}"
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert Key secret"
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
|
||||
echononl " Key secret [${DEFAULT_KEY_SECRET}]: "
|
||||
read KEY_SECRET
|
||||
if [[ "X$KEY_SECRET" = "X" ]] ; then
|
||||
KEY_SECRET="${DEFAULT_KEY_SECRET}"
|
||||
fi
|
||||
else
|
||||
echononl " Key secret: "
|
||||
read KEY_SECRET
|
||||
while [[ "X$KEY_SECRET" = "X" ]] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " Key secret: "
|
||||
read KEY_SECRET
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo -e " Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
if [[ -n "${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}" ]] ; then
|
||||
echononl " DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
|
||||
read DNS_DKIM_ZONE_MASTER_SERVER
|
||||
if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
|
||||
DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
|
||||
fi
|
||||
else
|
||||
echononl " DNS master server: "
|
||||
read DNS_DKIM_ZONE_MASTER_SERVER
|
||||
while [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " DNS master server: "
|
||||
read KEY_SECRET
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Specifies the algorithm to use for the TSIG key."
|
||||
echo ""
|
||||
if [[ "hmac-md5" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [1] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [1] hmac-md5"
|
||||
fi
|
||||
if [[ "hmac-sha1" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [2] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [2] hmac-sha1"
|
||||
fi
|
||||
if [[ "hmac-sha224" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [3] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [3] hmac-sha224"
|
||||
fi
|
||||
if [[ "hmac-sha256" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [4] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [4] hmac-sha256"
|
||||
fi
|
||||
if [[ "hmac-sha384" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [5] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [5] hmac-sha384"
|
||||
fi
|
||||
if [[ "hmac-sha512" = "${DEFAULT_KEY_ALGO}" ]] ; then
|
||||
echo -e " [6] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
|
||||
else
|
||||
echo " [6] hmac-sha512"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo " Type a number or press <RETURN> to choose highlighted value"
|
||||
echo ""
|
||||
echononl " Key algorithm [${DEFAULT_KEY_ALGO}]: "
|
||||
|
||||
while [[ "$KEY_ALGO" != "hmac-md5" ]] \
|
||||
&& [[ "$KEY_ALGO" != "hmac-sha1" ]] \
|
||||
&& [[ "$KEY_ALGO" != "hmac-sha224" ]] \
|
||||
&& [[ "$KEY_ALGO" != "hmac-sha256" ]] \
|
||||
&& [[ "$KEY_ALGO" != "hmac-sha384" ]] \
|
||||
&& [[ "$KEY_ALGO" != "hmac-sha512" ]] ; do
|
||||
read OPTION
|
||||
case $OPTION in
|
||||
1) KEY_ALGO="hmac-md5" ;;
|
||||
2) KEY_ALGO="hmac-sha1" ;;
|
||||
3) KEY_ALGO="hmac-sha224" ;;
|
||||
4) KEY_ALGO="hmac-sha256" ;;
|
||||
5) KEY_ALGO="hmac-sha384" ;;
|
||||
6) KEY_ALGO="hmac-sha512" ;;
|
||||
'') KEY_ALGO="${DEFAULT_KEY_ALGO}" ;;
|
||||
*) echo ""
|
||||
echo -e " \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m"
|
||||
echo ""
|
||||
echononl " Key algorithm [hmac-sha256]:"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert TTL for dns entry"
|
||||
echo ""
|
||||
echo ""
|
||||
echononl " TTL [${DEFAULT_TTL}]: "
|
||||
read TTL
|
||||
if [[ "X$TTL" = "X" ]] ; then
|
||||
TTL="${DEFAULT_TTL}"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then
|
||||
fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!"
|
||||
fi
|
||||
|
||||
if [[ -z "$(trim "${DKIM_UPDATE_ZONE}")" ]]; then
|
||||
fatal "Variable \033[1mDKIM_UPDATE_ZONE\033[m not set!"
|
||||
fi
|
||||
|
||||
if [[ -z "$(trim "${KEY_SECRET}")" ]]; then
|
||||
fatal "Variable \033[1mKEY_SECRET\033[m not set!"
|
||||
fi
|
||||
|
||||
|
||||
blank_line
|
||||
blank_line
|
||||
|
||||
declare -i length_dkim_key=${#DKIM_KEY}
|
||||
|
||||
if [[ "${SERVICE_TYPE,,}" = "none" ]] ; then
|
||||
_intro="v=${DKIM_TYPE}; k=${KEY_TYPE};"
|
||||
else
|
||||
_intro="v=${DKIM_TYPE}; k=${KEY_TYPE}; s=${SERVICE_TYPE};"
|
||||
fi
|
||||
declare -i length_intro=${#_intro}
|
||||
|
||||
declare -i total_length=$((length_intro + length_dkim_key))
|
||||
|
||||
|
||||
echononl "Create (splitted) 'p' value of DNS record.."
|
||||
if [[ ${total_length} -gt 255 ]] ; then
|
||||
|
||||
TMP_DKIM_KEY="$DKIM_KEY"
|
||||
|
||||
p_val=""
|
||||
|
||||
_length=64
|
||||
declare -i index=1
|
||||
|
||||
while [ -n "$TMP_DKIM_KEY" ]; do
|
||||
if [[ index -eq 1 ]]; then
|
||||
p_val="\"${TMP_DKIM_KEY:0:$_length}\""
|
||||
else
|
||||
p_val+=" \"${TMP_DKIM_KEY:0:$_length}\""
|
||||
fi
|
||||
|
||||
TMP_DKIM_KEY="${TMP_DKIM_KEY:$_length}"
|
||||
|
||||
(( ++index ))
|
||||
|
||||
done
|
||||
echo_done
|
||||
|
||||
# Note:
|
||||
# !! closing quotation marks are already included !!
|
||||
#
|
||||
txt_val="\"${_intro} p=\" ${p_val}"
|
||||
|
||||
else
|
||||
echo_skipped
|
||||
p_val="${DKIM_KEY}"
|
||||
txt_val="\"${_intro} p=${p_val}\""
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo ""
|
||||
echo -e " \033[1m----------\033[m"
|
||||
echo " DKIM Domain......................: $DKIM_DOMAIN"
|
||||
echo ""
|
||||
echo " Name of the CNAME Record.........: $HOSTNAME"
|
||||
echo " Target of the CNAMER Record......: $CNAME"
|
||||
echo ""
|
||||
echo " Domain used for DKIM TXT record..: $DKIM_UPDATE_ZONE"
|
||||
echo " Secret for the update key........: $KEY_SECRET"
|
||||
echo " Algorithm used for the TSIG key..: $KEY_ALGO"
|
||||
echo " Name of the TSIG key.............: $KEY_NAME"
|
||||
echo ""
|
||||
echo " DNS Master Server................: $DNS_DKIM_ZONE_MASTER_SERVER"
|
||||
if [[ -z "$TTL" ]] || [[ "${TTL,,}" = "none" ]] ; then
|
||||
echo -e " TTL for the CNAME TXT Record.....: \033[33m- Not set -\033[m"
|
||||
else
|
||||
echo " TTL for the CNAMR TXT Record.....: $TTL"
|
||||
fi
|
||||
echo ""
|
||||
echo -e " \033[1m----------\033[m"
|
||||
echo ""
|
||||
echo -e " DNS Record to add:\n\n\033[33m${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT ${txt_val}\033[m"
|
||||
echo ""
|
||||
echo -e "\n\n The following 'nsupdate'command will be used:"
|
||||
cat <<END
|
||||
|
||||
cat <<EOF | nsupdate -v -L3
|
||||
server $DNS_DKIM_ZONE_MASTER_SERVER
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
|
||||
send
|
||||
EOF
|
||||
|
||||
END
|
||||
|
||||
echo ""
|
||||
echo -n " Type upper case 'YES' to start: "
|
||||
read OK
|
||||
if [[ "$OK" != "YES" ]] ; then
|
||||
fatal "Abort by user request - Answer iwas not 'YES'"
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo -e " \033[32mUpdate Zone \033[37m\033[1m${DKIM_UPDATE_ZONE}\033[m\033[32m DNS Server \033[37m\033[1m${DNS_DKIM_ZONE_MASTER_SERVER}\033[m"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
echononl " Add CNAME entry for \033[1m${CNAME}\033[m .."
|
||||
cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
|
||||
send
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
|
||||
cat <<END
|
||||
|
||||
Command was:
|
||||
|
||||
cat <<EOF | nsupdate -v -L3
|
||||
cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
|
||||
send
|
||||
EOF
|
||||
END
|
||||
|
||||
error "$(cat $log_file)"
|
||||
fi
|
||||
|
||||
|
||||
info "Flush update data from .jnl files of domain \033[1m${DKIM_UPDATE_ZONE}\033[m back to the zone file:
|
||||
|
||||
rndc freeze <zone> - \033[1mrndc freeze ${DKIM_UPDATE_ZONE}\033[m
|
||||
rndc thaw <zone - \033[1mrndc thaw ${DKIM_UPDATE_ZONE}\033[m"
|
||||
|
||||
|
||||
clean_up 0
|
||||
214
add_dkim_key.sh
214
add_dkim_key.sh
@ -38,13 +38,13 @@ usage() {
|
||||
$conf_file: Configuration file
|
||||
|
||||
\033[1mExample:\033[m
|
||||
|
||||
|
||||
<description example>
|
||||
|
||||
$(basename $0) .. <comand example>
|
||||
|
||||
<description another example>
|
||||
|
||||
|
||||
$(basename $0) .. <command another example>
|
||||
|
||||
"
|
||||
@ -209,6 +209,8 @@ DEFAULT_KEY_NAME="update-dkim"
|
||||
DEFAULT_DKIM_TYPE="DKIM1"
|
||||
DEFAULT_KEY_TYPE="rsa"
|
||||
|
||||
DEFAULT_SERVICE_TYPE="email"
|
||||
|
||||
DEFAULT_DKIM_SELECTOR=""
|
||||
|
||||
|
||||
@ -288,6 +290,7 @@ if $terminal ; then
|
||||
done
|
||||
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
@ -303,61 +306,6 @@ if $terminal ; then
|
||||
done
|
||||
|
||||
|
||||
blank_line
|
||||
blank_line
|
||||
echononl " Create (splitted 'p' value of DNS record.."
|
||||
|
||||
length="${#DKIM_KEY}"
|
||||
declare -i pos_begin=0
|
||||
declare -i pos_end=64
|
||||
|
||||
_failed=false
|
||||
p_val=""
|
||||
while [[ $pos_end -lt $length ]] ; do
|
||||
p_val+="\"$(echo "${DKIM_KEY:$pos_begin:64}")\" "
|
||||
[[ $? -gt 0 ]] && _failed=true
|
||||
pos_begin=$pos_end
|
||||
pos_end=$(expr $pos_end + 64)
|
||||
[[ $? -gt 0 ]] && _failed=true
|
||||
done
|
||||
p_val+="\"$(echo "${DKIM_KEY:$pos_begin}")\""
|
||||
[[ $? -gt 0 ]] && _failed=true
|
||||
if $_failed ; then
|
||||
echo_failed
|
||||
|
||||
fatal "Cannot create p vaalue of DNS Record"
|
||||
else
|
||||
echo_ok
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo -e " Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
|
||||
echononl " DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
|
||||
read DNS_DKIM_ZONE_MASTER_SERVER
|
||||
if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
|
||||
DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
|
||||
fi
|
||||
else
|
||||
echononl " DNS master server: "
|
||||
read KEY_SECRET
|
||||
while [[ "X$KEY_SECRET" = "X" ]] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " Key secret: "
|
||||
read KEY_SECRET
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
@ -396,6 +344,75 @@ if $terminal ; then
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo -e " Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
if [[ -n "${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}" ]] ; then
|
||||
echononl " DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
|
||||
read DNS_DKIM_ZONE_MASTER_SERVER
|
||||
if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
|
||||
DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
|
||||
fi
|
||||
else
|
||||
echononl " DNS master server: "
|
||||
read DNS_DKIM_ZONE_MASTER_SERVER
|
||||
while [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; do
|
||||
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
|
||||
echononl " DNS master server: "
|
||||
read KEY_SECRET
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Specifies Service type (Flag 's=')"
|
||||
echo ""
|
||||
|
||||
if [[ "email" = "${DEFAULT_SERVICE_TYPE}" ]] ; then
|
||||
echo -e " [1] \033[37m\033[1ms=email\033[m"
|
||||
else
|
||||
echo -e " [1] s=email"
|
||||
fi
|
||||
if [[ "*" = "${DEFAULT_SERVICE_TYPE}" ]] ; then
|
||||
echo -e " [2] \033[37m\033[1ms=*\033[m"
|
||||
else
|
||||
echo -e " [2] s=*"
|
||||
fi
|
||||
if [[ "" = "${DEFAULT_SERVICE_TYPE}" ]] || [[ "none" = "${DEFAULT_SERVICE_TYPE,,}" ]]; then
|
||||
echo -e " [3] \033[37m\033[1mDo not include flag for Service Type\033[m"
|
||||
else
|
||||
echo -e " [3] Do not include flag for Service Type"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo " Type a number or press <RETURN> to choose highlighted value"
|
||||
echo ""
|
||||
echononl " Service type [\033[37m\033[1m${DEFAULT_SERVICE_TYPE}\033[m]: "
|
||||
|
||||
while [[ "$SERVICE_TYPE" != "email" ]] \
|
||||
&& [[ "$SERVICE_TYPE" != "*" ]] \
|
||||
&& [[ "$SERVICE_TYPE" != "None" ]] ; do
|
||||
read OPTION
|
||||
case $OPTION in
|
||||
1) SERVICE_TYPE="s=email" ;;
|
||||
2) SERVICE_TYPE="s=*" ;;
|
||||
3) SERVICE_TYPE="None" ;;
|
||||
'') SERVICE_TYPE="${DEFAULT_SERVICE_TYPE}" ;;
|
||||
*) echo ""
|
||||
echo -e " \033[33m\033[1mFalsche Eingabe ! [ 1 = s=email | 2 = s=* | 3 Omit Service Type ]\033[m"
|
||||
echo ""
|
||||
echononl " Service type [\033[37m\033[1m${DEFAULT_SERVICE_TYPE}\033[m]:"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
@ -432,7 +449,7 @@ if $terminal ; then
|
||||
echo " [6] hmac-sha512"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo " Type a number or press <RETURN> to choose highlighted value"
|
||||
echo ""
|
||||
echononl " Key algorithm [${DEFAULT_KEY_ALGO}]: "
|
||||
@ -452,7 +469,7 @@ if $terminal ; then
|
||||
5) KEY_ALGO="hmac-sha384" ;;
|
||||
6) KEY_ALGO="hmac-sha512" ;;
|
||||
'') KEY_ALGO="${DEFAULT_KEY_ALGO}" ;;
|
||||
*) echo ""
|
||||
*) echo ""
|
||||
echo -e " \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m"
|
||||
echo ""
|
||||
echononl " Key algorithm [hmac-sha256]:"
|
||||
@ -501,6 +518,7 @@ if $terminal ; then
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then
|
||||
fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!"
|
||||
fi
|
||||
@ -522,6 +540,58 @@ if [[ -z "$(trim "${KEY_SECRET}")" ]]; then
|
||||
fi
|
||||
|
||||
|
||||
blank_line
|
||||
blank_line
|
||||
|
||||
declare -i length_dkim_key=${#DKIM_KEY}
|
||||
|
||||
if [[ "${SERVICE_TYPE,,}" = "none" ]] ; then
|
||||
_intro="v=${DKIM_TYPE}; k=${KEY_TYPE};"
|
||||
else
|
||||
_intro="v=${DKIM_TYPE}; k=${KEY_TYPE}; s=${SERVICE_TYPE};"
|
||||
fi
|
||||
declare -i length_intro=${#_intro}
|
||||
|
||||
declare -i total_length=$((length_intro + length_dkim_key))
|
||||
|
||||
|
||||
echononl "Create (splitted) 'p' value of DNS record.."
|
||||
if [[ ${total_length} -gt 255 ]] ; then
|
||||
|
||||
TMP_DKIM_KEY="$DKIM_KEY"
|
||||
|
||||
p_val=""
|
||||
|
||||
_length=64
|
||||
declare -i index=1
|
||||
|
||||
while [ -n "$TMP_DKIM_KEY" ]; do
|
||||
if [[ index -eq 1 ]]; then
|
||||
p_val="\"${TMP_DKIM_KEY:0:$_length}\""
|
||||
else
|
||||
p_val+=" \"${TMP_DKIM_KEY:0:$_length}\""
|
||||
fi
|
||||
|
||||
TMP_DKIM_KEY="${TMP_DKIM_KEY:$_length}"
|
||||
|
||||
(( ++index ))
|
||||
|
||||
done
|
||||
echo_done
|
||||
|
||||
# Note:
|
||||
# !! closing quotation marks are already included !!
|
||||
#
|
||||
txt_val="\"${_intro} p=\" ${p_val}"
|
||||
|
||||
else
|
||||
echo_skipped
|
||||
p_val="${DKIM_KEY}"
|
||||
txt_val="\"${_intro} p=${p_val}\""
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
@ -545,10 +615,30 @@ if $terminal ; then
|
||||
echo ""
|
||||
echo " DKIM Type........................: $DKIM_TYPE"
|
||||
echo " Key Type.........................: $KEY_TYPE"
|
||||
if [[ "${SERVICE_TYPE,,}" = "none" ]] ; then
|
||||
echo -e " Service Type.....................: \033[33m- Not set -\033[m"
|
||||
else
|
||||
echo " Service Type.....................: ${SERVICE_TYPE}"
|
||||
fi
|
||||
echo ""
|
||||
echo " DKIM Key.........................: $DKIM_KEY"
|
||||
echo -e " \033[1m----------\033[m"
|
||||
echo ""
|
||||
echo -e " DNS Record to add:\n\n\033[33m${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT \"v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email p=\" ${p_val}\033[m"
|
||||
echo -e " DNS Record to add:\n\n\033[33m${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT ${txt_val}\033[m"
|
||||
echo ""
|
||||
echo -e "\n\n The following 'nsupdate'command will be used:"
|
||||
cat <<END
|
||||
|
||||
cat <<EOF | nsupdate -v -L3
|
||||
server $DNS_DKIM_ZONE_MASTER_SERVER
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. $TTL IN TXT ${txt_val}
|
||||
send
|
||||
EOF
|
||||
|
||||
END
|
||||
|
||||
echo ""
|
||||
echo -n " Type upper case 'YES' to start: "
|
||||
@ -572,7 +662,7 @@ server $DNS_DKIM_ZONE_MASTER_SERVER
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT "v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email; p=" ${p_val}
|
||||
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT ${txt_val}
|
||||
send
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@ -589,7 +679,7 @@ server $DNS_DKIM_ZONE_MASTER_SERVER
|
||||
zone $DKIM_UPDATE_ZONE
|
||||
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
|
||||
update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
|
||||
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. $TTL IN TXT "v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email; p=" ${p_val}
|
||||
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. $TTL IN TXT ${txt_val}
|
||||
send
|
||||
EOF
|
||||
END
|
||||
|
||||
71
conf/add_cname_for_dkim_entry.conf.sample
Normal file
71
conf/add_cname_for_dkim_entry.conf.sample
Normal file
@ -0,0 +1,71 @@
|
||||
# --------------------------------------------------------------
|
||||
# - Parameter Settings for script 'add_cname_for_dkim_entry.sh'.
|
||||
# --------------------------------------------------------------
|
||||
|
||||
|
||||
# ----------
|
||||
# DNS Server
|
||||
# ----------
|
||||
|
||||
# - DNS_DKIM_ZONE_MASTER_SERVER
|
||||
# -
|
||||
# - The DNS Server who is serving the update zone and is used
|
||||
# - for the dynamic updates (nsupdate)
|
||||
# -
|
||||
# - Example:
|
||||
# -
|
||||
# - DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
|
||||
# - DNS_DKIM_ZONE_MASTER_SERVER="dns0.warenform.de"
|
||||
#
|
||||
#DNS_DKIM_ZONE_MASTER_SERVER=""
|
||||
|
||||
|
||||
# - TTL
|
||||
# -
|
||||
# - TTL for the DKIM TXT Record.
|
||||
# -
|
||||
# - Defaults to "3600" if update_dns=true
|
||||
# -
|
||||
#TTL=3600
|
||||
|
||||
|
||||
# ----------
|
||||
# TSIG Key
|
||||
# ----------
|
||||
|
||||
# - KEY_SECRET
|
||||
# -
|
||||
# - Sectret Key used by 'nsupdate' to create/update the
|
||||
# - DKIM TXT record.
|
||||
# -
|
||||
# - Example:
|
||||
# -
|
||||
# - # Key b.ns.oopen.de
|
||||
# - KEY_SECRET="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
|
||||
# -
|
||||
# - # Key dns0.warenform.de
|
||||
# - KEY_SECRET="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
|
||||
# -
|
||||
#KEY_SECRET=""
|
||||
|
||||
# - KEY_ALGO
|
||||
# -
|
||||
# - The key algorithm used for key creation. Available choices are: hmac-md5,
|
||||
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
|
||||
# - default is hmac-sha256. Options are case-insensitive.
|
||||
# -
|
||||
# - Example:
|
||||
# - KEY_ALGO="hmac-md5"
|
||||
# -
|
||||
# - Defaults to 'hmac-sha256'
|
||||
# -
|
||||
#KEY_ALGO="hmac-sha256"
|
||||
|
||||
# - KEY_NAME
|
||||
# -
|
||||
# - Name of the Key
|
||||
# -
|
||||
# - Defaults to "$update_zone"
|
||||
# -
|
||||
#KEY_NAME="update-dkim"
|
||||
|
||||
@ -17,7 +17,11 @@ log_file="${LOCK_DIR}/${script_name%%.*}.log"
|
||||
# -
|
||||
LOGGING=false
|
||||
BATCH_MODE=false
|
||||
|
||||
DEFAULT_dns_dkim_zone_master_server="b.ns.oopen.de"
|
||||
DEFAULT_key_algo="hmac-sha256"
|
||||
DEFAULT_key_name="update-dkim"
|
||||
DEFAULT_key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
|
||||
DEFAULT_ttl="43200"
|
||||
|
||||
DEFAULT_dns_ssh_user="manage-bind"
|
||||
@ -29,11 +33,12 @@ DEFAULT_create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegatio
|
||||
DEFAULT_add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
|
||||
DEFAULT_add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
|
||||
|
||||
opendkim_dir="/etc/opendkim"
|
||||
|
||||
signing_table_file="${opendkim_dir}/signing.table"
|
||||
key_table_file="${opendkim_dir}/key.table"
|
||||
key_base_dir=${opendkim_dir}/keys
|
||||
# - We use actual timestamp as DEKIM Selector
|
||||
# -
|
||||
DEFAULT_dkim_selector=$(date +%s)
|
||||
|
||||
DEFAULT_opendkim_dir="/etc/opendkim"
|
||||
|
||||
|
||||
|
||||
@ -119,7 +124,25 @@ usage() {
|
||||
|
||||
clean_up() {
|
||||
|
||||
# SIGHUP SIGINT SIGTERM
|
||||
if is_number ${1} && [[ ${1} -eq 127 ]] ; then
|
||||
|
||||
blank_line
|
||||
|
||||
if [[ -n "${key_dir}" ]] && [[ -d "${key_dir}" ]] ; then
|
||||
echononl "Clean up OpenDKIM key directory \033[1m${key_dir}\033[m .."
|
||||
if [[ -f "${key_dir}/${dkim_selector}.*" ]]; then
|
||||
rm -f "${key_dir}/${dkim_selector}.*"
|
||||
echo_ok
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
fi
|
||||
blank_line
|
||||
fi
|
||||
|
||||
# Perform program exit housekeeping
|
||||
|
||||
rm -rf "$LOCK_DIR"
|
||||
blank_line
|
||||
exit $1
|
||||
@ -241,6 +264,17 @@ containsElement () {
|
||||
return 1
|
||||
}
|
||||
|
||||
# Check for positive number
|
||||
is_number() {
|
||||
|
||||
return $(test ! -z "${1##*[!0-9]*}" > /dev/null 2>&1);
|
||||
|
||||
# - also possible
|
||||
# -
|
||||
#[[ ! -z "${1##*[!0-9]*}" ]] && return 0 || return 1
|
||||
#return $([[ ! -z "${1##*[!0-9]*}" ]])
|
||||
}
|
||||
|
||||
# - Remove leading/trailling whitespaces
|
||||
# -
|
||||
trim() {
|
||||
@ -276,7 +310,7 @@ delete_generated_files() {
|
||||
|
||||
# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
|
||||
# -
|
||||
trap clean_up SIGHUP SIGINT SIGTERM
|
||||
trap 'clean_up 127' SIGHUP SIGINT SIGTERM
|
||||
|
||||
# - Create lock directory '$LOCK_DIR"
|
||||
#
|
||||
@ -418,6 +452,8 @@ elif $update_dns && $terminal ; then
|
||||
echo -e "\033[32m--\033[m"
|
||||
info "Zone \033[37m\033[1m${update_zone}\033[m is used for DKIM TXT record"
|
||||
fi
|
||||
else
|
||||
update_zone="_domainkey.${dkim_domain}"
|
||||
fi
|
||||
|
||||
|
||||
@ -487,15 +523,23 @@ if $update_dns && [[ -z "$update_zone" ]] ; then
|
||||
fi
|
||||
if $update_dns && [[ -z "$key_secret" ]] ; then
|
||||
fatal "No secret for the update key used by nsupdate is given!"
|
||||
elif [[ -z "$key_secret" ]] ; then
|
||||
key_secret="${DEFAULT_key_secret}"
|
||||
fi
|
||||
if $update_dns && [[ -z "$key_algo" ]]; then
|
||||
key_algo="$DEFAULT_key_algo"
|
||||
else
|
||||
key_algo="${DEFAULT_key_algo}"
|
||||
fi
|
||||
if $update_dns && [[ -z "$key_name" ]]; then
|
||||
key_name="$update_zone"
|
||||
key_name="${DEFAULT_key_name}"
|
||||
else
|
||||
key_name="${DEFAULT_key_name}"
|
||||
fi
|
||||
if $update_dns && [[ -z "$ttl" ]]; then
|
||||
ttl="$DEFAULT_ttl"
|
||||
else
|
||||
ttl="$DEFAULT_ttl"
|
||||
fi
|
||||
if $update_dns && [[ -z "$dns_dkim_zone_master_server" ]]; then
|
||||
fatal "No DNS server for updating given!"
|
||||
@ -521,17 +565,46 @@ fi
|
||||
|
||||
blank_line
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert DKIM selector or type <return> using actual timestamp ."
|
||||
echo ""
|
||||
echo ""
|
||||
while [[ -z "${dkim_selector}" ]]; do
|
||||
echononl " DKIM selector [ \033[1m${DEFAULT_dkim_selector}\033[m ]: "
|
||||
read dkim_selector
|
||||
if [[ -z "$(trim ${dkim_selector})" ]] ; then
|
||||
dkim_selector=${DEFAULT_dkim_selector}
|
||||
fi
|
||||
done
|
||||
|
||||
# - We use actual timestamp as DEKIM Selector
|
||||
# -
|
||||
time_stamp=$(date +%s)
|
||||
echo ""
|
||||
echo ""
|
||||
echo -e "\033[32m--\033[m"
|
||||
echo ""
|
||||
echo " Insert OpenDKIM directory or type <return> using idefault ."
|
||||
echo ""
|
||||
echo ""
|
||||
while [[ -z "${opendkim_dir}" ]]; do
|
||||
echononl " DKIM (base) directory [ \033[1m${DEFAULT_opendkim_dir}\033[m ]: "
|
||||
read opendkim_dir
|
||||
if [[ -z "$(trim ${opendkim_dir})" ]] ; then
|
||||
opendkim_dir=${DEFAULT_opendkim_dir}
|
||||
fi
|
||||
done
|
||||
|
||||
signing_table_file="${opendkim_dir}/signing.table"
|
||||
key_table_file="${opendkim_dir}/key.table"
|
||||
key_base_dir=${opendkim_dir}/keys
|
||||
|
||||
|
||||
if $terminal ; then
|
||||
echo ""
|
||||
echo -e " \033[1m----------\033[m"
|
||||
echo " DKIM Domain......................: $dkim_domain"
|
||||
echo " DKIM Selector....................: $time_stamp"
|
||||
echo " DKIM Selector....................: $dkim_selector"
|
||||
if $update_dns ; then
|
||||
echo -e " Create/Update DKIM TXT record....: \033[32mYes\033[m"
|
||||
echo " Domain used for DKIM TXT record..: $update_zone"
|
||||
@ -542,7 +615,11 @@ if $terminal ; then
|
||||
echo -e " Create/Update DKIM TXT record....: \033[33mNo\033[m"
|
||||
fi
|
||||
echo ""
|
||||
echo " DNS Master Server................: $dns_dkim_zone_master_server"
|
||||
if [[ -z "${dns_dkim_zone_master_server}" ]] ; then
|
||||
echo -e " DNS Master Server................: \033[33m- Updating DNS was not requested -\033[m"
|
||||
else
|
||||
echo " DNS Master Server................: $dns_dkim_zone_master_server"
|
||||
fi
|
||||
if [[ -z "$ttl" ]] || [[ "${ttl,,}" = "none" ]] ; then
|
||||
echo -e " TTL for the DKIM TXT Record......: \033[33m- Not set -\033[m"
|
||||
else
|
||||
@ -889,7 +966,15 @@ if $_create_dkim_zone ; then
|
||||
$dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script check" > /dev/null 2>&1
|
||||
if [[ $? -gt 0 ]] ;then
|
||||
echo_failed
|
||||
fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh!"
|
||||
echo -e "\n command was:
|
||||
|
||||
ssh -q -p $dns_ssh_port \\
|
||||
-o BatchMode=yes \\
|
||||
-o StrictHostKeyChecking=no \\
|
||||
-i $dns_ssh_key \\
|
||||
$dns_ssh_user@$dns_dkim_zone_master_server \"sudo $add_dkim_zone_master_script check\"\n"
|
||||
|
||||
fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh at ${dns_dkim_zone_master_server}!"
|
||||
else
|
||||
echo_ok
|
||||
fi
|
||||
@ -1066,7 +1151,7 @@ fi
|
||||
# -
|
||||
echononl " Create Key Directory '${key_dir}'"
|
||||
if [[ ! -d "$key_dir" ]]; then
|
||||
mkdir $key_dir 2> $log_file
|
||||
mkdir -p $key_dir 2> $log_file
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -1089,11 +1174,11 @@ fi
|
||||
# - 'bind' nameservers (TXT recors are restricted to 255 characters)
|
||||
# -
|
||||
echononl " Generate private key for domain '$dkim_domain'.."
|
||||
opendkim-genkey -D $key_dir -d $dkim_domain -b 2048 -r -s $time_stamp > $log_file 2>&1
|
||||
opendkim-genkey -D $key_dir -d $dkim_domain -b 2048 -r -s $dkim_selector > $log_file 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
generated_files_arr+=("${key_dir}/${time_stamp}.private")
|
||||
generated_files_arr+=("${key_dir}/${time_stamp}.txt")
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.private")
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.txt")
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
@ -1101,16 +1186,20 @@ fi
|
||||
|
||||
# - Set up ownership an permissions
|
||||
# -
|
||||
echononl " Set ownership on '${key_dir}/${time_stamp}.private'"
|
||||
chown opendkim ${key_dir}/${time_stamp}.private > $log_file 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
echononl " Set ownership on '${key_dir}/${dkim_selector}.private'"
|
||||
if id -u "opendkim" >/dev/null 2>&1; then
|
||||
chown opendkim ${key_dir}/${dkim_selector}.private > $log_file 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
fi
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
echo_skipped
|
||||
fi
|
||||
echononl " Set permissions on '${key_dir}/${time_stamp}.private'"
|
||||
chmod 600 ${key_dir}/${time_stamp}.private > $log_file 2>&1
|
||||
echononl " Set permissions on '${key_dir}/${dkim_selector}.private'"
|
||||
chmod 600 ${key_dir}/${dkim_selector}.private > $log_file 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -1120,15 +1209,29 @@ fi
|
||||
|
||||
|
||||
echononl " Print out public key for domain '$dkim_domain'.."
|
||||
openssl rsa -in ${key_dir}/${time_stamp}.private -pubout -out ${key_dir}/${time_stamp}.public > $log_file 2>&1
|
||||
openssl rsa -in ${key_dir}/${dkim_selector}.private -pubout -out ${key_dir}/${dkim_selector}.public > $log_file 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
generated_files_arr+=("${key_dir}/${time_stamp}.public ")
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.public ")
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
fi
|
||||
|
||||
echononl " Print out public key as one line.."
|
||||
: > ${key_dir}/${dkim_selector}.public.one-line
|
||||
while IFS='' read -r _line || [[ -n $_line ]] ; do
|
||||
|
||||
if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
echo -n "${_line}" >> ${key_dir}/${dkim_selector}.public.one-line
|
||||
|
||||
done < "${key_dir}/${dkim_selector}.public"
|
||||
echo_ok
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.public.one-line")
|
||||
|
||||
|
||||
# - Generate TXT record for use in bind9
|
||||
# -
|
||||
@ -1143,22 +1246,23 @@ fi
|
||||
if $terminal ; then
|
||||
echo " Write bind9 dekim TXT record to file"
|
||||
fi
|
||||
echononl " '${key_dir}/${time_stamp}.bind9'"
|
||||
echo "; ----- DKIM key $time_stamp for ${dkim_domain}" > ${key_dir}/${time_stamp}.bind9
|
||||
echo -n "${time_stamp}._domainkey.${dkim_domain}. $ttl IN TXT ( \"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.bind9
|
||||
echononl " '${key_dir}/${dkim_selector}.bind9'"
|
||||
echo "; ----- DKIM key $dkim_selector for ${dkim_domain}" > ${key_dir}/${dkim_selector}.bind9
|
||||
echo -n "${dkim_selector}._domainkey.${dkim_domain}. $ttl IN TXT ( \"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${dkim_selector}.bind9
|
||||
while IFS='' read -r _line || [[ -n $_line ]] ; do
|
||||
|
||||
if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
echo "" >> ${key_dir}/${time_stamp}.bind9
|
||||
echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.bind9
|
||||
echo "" >> ${key_dir}/${dkim_selector}.bind9
|
||||
echo -n " \"$_line\"" >> ${key_dir}/${dkim_selector}.bind9
|
||||
|
||||
done < "${key_dir}/${time_stamp}.public"
|
||||
echo " )" >> ${key_dir}/${time_stamp}.bind9
|
||||
|
||||
done < "${key_dir}/${dkim_selector}.public"
|
||||
echo " )" >> ${key_dir}/${dkim_selector}.bind9
|
||||
echo_ok
|
||||
generated_files_arr+=("${key_dir}/${time_stamp}.bind9")
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.bind9")
|
||||
|
||||
# - Write TXT record as string for 'nsupdate'
|
||||
# -
|
||||
@ -1166,32 +1270,65 @@ if $terminal ; then
|
||||
echo " Write TXT record as string for 'nsupdate' to file"
|
||||
fi
|
||||
|
||||
echononl " '${key_dir}/${time_stamp}.nsupdate'"
|
||||
echo -n "\"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.nsupdate
|
||||
echononl " '${key_dir}/${dkim_selector}.nsupdate'"
|
||||
echo -n "\"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${dkim_selector}.nsupdate
|
||||
while IFS='' read -r _line || [[ -n $_line ]] ; do
|
||||
|
||||
if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.nsupdate
|
||||
echo -n " \"$_line\"" >> ${key_dir}/${dkim_selector}.nsupdate
|
||||
|
||||
done < "${key_dir}/${time_stamp}.public"
|
||||
done < "${key_dir}/${dkim_selector}.public"
|
||||
echo_ok
|
||||
generated_files_arr+=("${key_dir}/${time_stamp}.nsupdate")
|
||||
generated_files_arr+=("${key_dir}/${dkim_selector}.nsupdate")
|
||||
|
||||
|
||||
|
||||
if ! $update_dns ; then
|
||||
|
||||
[[ -z "${dns_dkim_zone_master_server}" ]] && dns_dkim_zone_master_server=${DEFAULT_dns_dkim_zone_master_server}
|
||||
|
||||
blank_line
|
||||
todo "Now you have to add the TXT Record to your zone file.\n\n Copy/Paste the following data:\n\n$(cat ${key_dir}/${time_stamp}.bind9)"
|
||||
todo "Now you have to add the TXT Record to your zone file.\n\n Copy/Paste the following data:\n\n$(cat ${key_dir}/${dkim_selector}.bind9)"
|
||||
echo ""
|
||||
echo -e "\n\n If you can use 'nsupdate', then issue the following command:\n\n"
|
||||
cat <<END
|
||||
|
||||
cat <<EOF | nsupdate -v -L3
|
||||
server $dns_dkim_zone_master_server
|
||||
zone $update_zone
|
||||
key ${key_algo}:$key_name $key_secret
|
||||
update delete ${dkim_selector}.${update_zone}.
|
||||
update add ${dkim_selector}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${dkim_selector}.nsupdate)
|
||||
send
|
||||
EOF
|
||||
|
||||
END
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e "After adjusting your nameserver continue with this script"
|
||||
echo "Add the TXT record printed above to the relevant name servers"
|
||||
echo "and enter 'yes' to continue. "
|
||||
echo ""
|
||||
echo "To cancel at this point, enter 'no' or press Ctrl-C."
|
||||
echo ""
|
||||
echo -n "Type <return> to continue: "
|
||||
read OK
|
||||
echo
|
||||
echo -n "Continue? [yes/no]: "
|
||||
read OK
|
||||
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
|
||||
echononl "Wrong entry! - Continue? [yes/no]: "
|
||||
read OK
|
||||
done
|
||||
|
||||
if [[ ${OK,,} = "yes" ]] ; then
|
||||
blank_line
|
||||
else
|
||||
delete_generated_files
|
||||
clean_up 1
|
||||
fi
|
||||
|
||||
|
||||
|
||||
fi
|
||||
|
||||
@ -1212,8 +1349,8 @@ if $update_dns ; then
|
||||
server $dns_dkim_zone_master_server
|
||||
zone $update_zone
|
||||
key ${key_algo}:$key_name $key_secret
|
||||
update delete ${time_stamp}.${update_zone}.
|
||||
update add ${time_stamp}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${time_stamp}.nsupdate)
|
||||
update delete ${dkim_selector}.${update_zone}.
|
||||
update add ${dkim_selector}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${dkim_selector}.nsupdate)
|
||||
send
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@ -1225,21 +1362,21 @@ cat <<EOF | nsupdate -v -L3
|
||||
server $dns_dkim_zone_master_server
|
||||
zone $update_zone
|
||||
key ${key_algo}:$key_name $key_secret
|
||||
update delete ${time_stamp}.${update_zone}.
|
||||
update add ${time_stamp}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${time_stamp}.nsupdate)
|
||||
update delete ${dkim_selector}.${update_zone}.
|
||||
update add ${dkim_selector}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${dkim_selector}.nsupdate)
|
||||
send
|
||||
EOF
|
||||
|
||||
END
|
||||
|
||||
cat <<END > ${key_dir}/${time_stamp}.nsupdate.command
|
||||
cat <<END > ${key_dir}/${dkim_selector}.nsupdate.command
|
||||
|
||||
cat <<EOF | nsupdate -v -L3
|
||||
server $dns_dkim_zone_master_server
|
||||
zone $update_zone
|
||||
key ${key_algo}:$key_name $key_secret
|
||||
update delete ${time_stamp}.${update_zone}.
|
||||
update add ${time_stamp}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${time_stamp}.nsupdate)
|
||||
update delete ${dkim_selector}.${update_zone}.
|
||||
update add ${dkim_selector}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${dkim_selector}.nsupdate)
|
||||
send
|
||||
EOF
|
||||
|
||||
@ -1253,8 +1390,8 @@ cat <<EOF | nsupdate -v -L3
|
||||
server $dns_dkim_zone_master_server
|
||||
zone $update_zone
|
||||
key ${key_algo}:$key_name $key_secret
|
||||
update delete ${time_stamp}.${update_zone}.
|
||||
update add ${time_stamp}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${time_stamp}.nsupdate)
|
||||
update delete ${dkim_selector}.${update_zone}.
|
||||
update add ${dkim_selector}.${update_zone}. $ttl IN TXT $(cat ${key_dir}/${dkim_selector}.nsupdate)
|
||||
send
|
||||
EOF
|
||||
END
|
||||
@ -1313,7 +1450,7 @@ fi
|
||||
# -
|
||||
echononl " Configure/Adjust key table"
|
||||
if grep -q -E "^\s*$dkim_domain_shortname\s" $key_table_file 2>/dev/null ; then
|
||||
perl -i -n -p -e "s#^\s*$dkim_domain_shortname\s.*#${dkim_domain_shortname}\t\t${dkim_domain}:${time_stamp}:${key_dir}/${time_stamp}.private#" $key_table_file 2> $log_file
|
||||
perl -i -n -p -e "s#^\s*$dkim_domain_shortname\s.*#${dkim_domain_shortname}\t\t${dkim_domain}:${dkim_selector}:${key_dir}/${dkim_selector}.private#" $key_table_file 2> $log_file
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -1321,7 +1458,7 @@ if grep -q -E "^\s*$dkim_domain_shortname\s" $key_table_file 2>/dev/null ; then
|
||||
error "$(cat $log_file)"
|
||||
fi
|
||||
else
|
||||
echo -e "${dkim_domain_shortname}\t\t${dkim_domain}:${time_stamp}:${key_dir}/${time_stamp}.private" >> $key_table_file 2> $log_file
|
||||
echo -e "${dkim_domain_shortname}\t\t${dkim_domain}:${dkim_selector}:${key_dir}/${dkim_selector}.private" >> $key_table_file 2> $log_file
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -1331,7 +1468,7 @@ else
|
||||
fi
|
||||
|
||||
echononl " Adjust file ${key_dir}/generated_keys.selectors"
|
||||
echo "${time_stamp}" >> ${key_dir}/generated_keys.selectors
|
||||
echo "${dkim_selector}" >> ${key_dir}/generated_keys.selectors
|
||||
echo_done
|
||||
|
||||
|
||||
@ -1370,13 +1507,13 @@ fi
|
||||
if $terminal ; then
|
||||
info "DKIM Key for domain \033[1m${dkim_domain}\033[m created/updated."
|
||||
if $update_dns ; then
|
||||
info "DKIM TXT Record with selector \033[1m$time_stamp\033[m created."
|
||||
info "DKIM TXT Record with selector \033[1m$dkim_selector\033[m created."
|
||||
fi
|
||||
else
|
||||
echo ""
|
||||
echo " [ Info ] DKIM Key for domain ${dkim_domain} created/updated."
|
||||
echo ""
|
||||
echo " [ Info ] DKIM TXT Record with selector $time_stamp created."
|
||||
echo " [ Info ] DKIM TXT Record with selector $dkim_selector created."
|
||||
echo ""
|
||||
|
||||
fi
|
||||
@ -1386,7 +1523,7 @@ clean_up 0
|
||||
|
||||
|
||||
|
||||
#txt_record="$(cat ${key_dir}/${time_stamp}.txt | awk -F'"' '{print $2}' | tr -d '\n')"
|
||||
#txt_record="$(cat ${key_dir}/${dkim_selector}.txt | awk -F'"' '{print $2}' | tr -d '\n')"
|
||||
#txt_record_1=${txt_record:0:255}
|
||||
#txt_record_2=${txt_record:255}
|
||||
#new_txt_record="\"$txt_record_1\"\"$txt_record_2\""
|
||||
|
||||
@ -14,12 +14,12 @@ host_name=`hostname -f`
|
||||
from_address="postfix@$host_name"
|
||||
content_type='Content-Type: text/plain;\n charset="utf-8"'
|
||||
|
||||
default_notification_addresses="argus@oopen.de"
|
||||
|
||||
postfix_queue_dir=/var/spool/postfix
|
||||
|
||||
declare -i count_warn
|
||||
|
||||
default_notification_addresses="argus@oopen.de"
|
||||
declare -i default_count_warn=100
|
||||
declare -i default_count_warn=80
|
||||
|
||||
|
||||
# ----------
|
||||
|
||||
Reference in New Issue
Block a user