#!/usr/bin/env bash # ------------- # - Settings # ------------- #_src_base_dir="$(realpath $(dirname $0))" #conf_file="${_src_base_dir}/conf/install_opendkim.conf" log_file="$(mktemp)" opendkim_dir="/etc/opendkim" signing_table_file="${opendkim_dir}/signing.table" key_table_file="${opendkim_dir}/key.table" # ------------- # --- Some functions # ------------- usage() { echo [ -n "$1" ] && echo -e "Error: $1\n" cat< the domain for which DKIM support will be configured. If not give, the domain will be requested interactivly. -h Prints this help. EOF exit 1 } containsElement () { local e for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done return 1 } # - Remove leading/trailling whitespaces # - trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters echo -n "$var" } echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ } fatal(){ echo "" echo -e "fatal error: $*" echo "" echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" echo "" exit 1 } error(){ echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo "" } warn (){ echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo "" } info (){ echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo "" } echo_done() { echo -e "\033[80G[ \033[32mdone\033[m ]" } echo_ok() { echo -e "\033[80G[ \033[32mok\033[m ]" } echo_warning() { echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" } echo_failed(){ echo -e "\033[80G[ \033[1;31mfailed\033[m ]" } echo_skipped() { echo -e "\033[80G[ \033[37mskipped\033[m ]" } # ------------- # - Some pre-installation tasks # ------------- # - Is 'systemd' supported on this system # - if [ "X`which systemd`" = "X" ]; then SYSTEMD_EXISTS=false else SYSTEMD_EXISTS=true fi # ------------- # - Read in Commandline arguments # ------------- while getopts hd: opt ; do case $opt in d) domain=$OPTARG ;; h) usage ;; \?) usage esac done clear echo echo if [[ -n "$domain" ]] ; then echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m" else #echo "" echo "" echo -e "\033[32m--\033[m" echo "" if [ -z "$domain" ]; then echo " Insert a domain name for which DKIM support should be configured." echo "" echo "" domain= echononl " Domain: " read domain while [ "X$domain" = "X" ] ; do echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" echononl " Domain: " read domain done echo echo -e " \033[32mCreate DKIM configuration for domain \033[37m\033[1m$domain\033[m" fi fi # ============= # - Start Configuration # ============= echo echo -n " Type upper case 'YES' to start: " read OK if [[ "$OK" != "YES" ]] ; then fatal "Abort by user request - Answer as not 'YES'" fi time_stamp=$(date +%s) key_dir=${opendkim_dir}/keys/${domain} domain_shortname="${domain%.*}" # - Create Key directory for the given domain # - echononl " Create Key Directory '${key_dir}'" if [[ ! -d "$key_dir" ]]; then mkdir $key_dir 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi else echo_skipped fi # - Generate private key # - # - This will give you two files, one containing the key # - and the other containing the TXT record you’ll need to # - set up DNS. # - # - Note: # - The generated TXT record cannot be used directly for # - 'bind' nameservers (TXT recors are restricted to 255 characters) # - echononl " Generate private key for domain '$domain'.." opendkim-genkey -D $key_dir -d $domain -b 2048 -r -s $time_stamp > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi # - Set up ownership an permissions # - echononl " Set ownership on '${key_dir}/${time_stamp}.private'" chown opendkim ${key_dir}/${time_stamp}.private > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi echononl " Set permissions on '${key_dir}/${time_stamp}.private'" chmod 600 ${key_dir}/${time_stamp}.private > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi echononl " Print out public key key for domain '$domain'.." openssl rsa -in ${key_dir}/${time_stamp}.private -pubout -out ${key_dir}/${time_stamp}.public > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi # - Configure/Adjust the signing table # - echononl " Configure/Adjust the signing table.." if grep -q -E "^\s*\*@$domain\s" $signing_table_file 2>/dev/null ; then perl -i -n -p -e "s/^\*@$domain\s.*/*@$domain\t$domain_shortname/" $signing_table_file 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi else echo -e "*@$domain\t$domain_shortname" >> $signing_table_file 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi fi # - Configure/Adjust the key table # - echononl " Configure/Adjustkey table" if grep -q -E "^\s*$domain_shortname\s" $key_table_file 2>/dev/null ; then perl -i -n -p -e "s#^\s*$domain_shortname\s.*#${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private#" $key_table_file 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi else echo -e "${domain_shortname}\t\t${domain}:${time_stamp}:${key_dir}/${time_stamp}.private" >> $key_table_file 2> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi fi # - Generate TXT record for use in bind9 # - echo echo -e " \033[32mGenerate TXT record for use in bind9\033[m" # - Write file with bind9 dekim TXT record # - echo " Write bind9 dekim TXT record to file" echononl " '${key_dir}/${time_stamp}.bind9'" echo "; ----- DKIM key $time_stamp for ${domain}" > ${key_dir}/${time_stamp}.bind9 echo -n "${time_stamp}._domainkey.${domain}. 3600 IN TXT ( \"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.bind9 while IFS='' read -r _line || [[ -n $_line ]] ; do if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then continue fi echo "" >> ${key_dir}/${time_stamp}.bind9 echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.bind9 done < "${key_dir}/${time_stamp}.public" echo " )" >> ${key_dir}/${time_stamp}.bind9 echo_ok # - Write TXT record as string for 'nsupdate' # - echo " Write TXT record as string for 'nsupdate' to file" echononl " '${key_dir}/${time_stamp}.nsupdate'" echo -n "\"v=DKIM1; k=rsa; s=email; p=\"" >> ${key_dir}/${time_stamp}.nsupdate while IFS='' read -r _line || [[ -n $_line ]] ; do if echo "$_line" | grep -i -q -E "^---" 2> /dev/null ; then continue fi echo -n " \"$_line\"" >> ${key_dir}/${time_stamp}.nsupdate done < "${key_dir}/${time_stamp}.public" echo_ok info "Now you have to add the TXT Record to your zone file.\n\n\t Copy/Paste the following data:\n\n$(cat ${key_dir}/${time_stamp}.bind9)" echo "" echo -e "After adjusting your nameserver continue with this script" echo "" echo -n "Type to continue: " read OK echo # - Restart OpenDKIM # - echononl " Restart OpenDKIM.." if $SYSTEMD_EXISTS ; then systemctl restart opendkim > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi else /etc/init.d/opendkim restart > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $log_file)" fi fi if [[ -n "$log_file" ]]; then rm -f "$log_file" fi echo "" exit 0 #txt_record="$(cat ${key_dir}/${time_stamp}.txt | awk -F'"' '{print $2}' | tr -d '\n')" #txt_record_1=${txt_record:0:255} #txt_record_2=${txt_record:255} #new_txt_record="\"$txt_record_1\"\"$txt_record_2\""