script/postfix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
553f89ebf9
postfix/add_dkim_key.sh

608 lines
14 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/${script_name%%.*}.conf"
LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log"
# ----------
# Base Function(s)
# ----------
usage() {
[[ -n "$1" ]] && error "$1"
[[ $terminal ]] && echo -e "
\033[1mUsage:\033[m
$(basename $0) [OPTION [OPTION ..
\033[1mDescription\033[m
<Some Description>
\033[1mOptions\033[m
<List Options>
\033[1mFiles\033[m
$conf_file: Configuration file
\033[1mExample:\033[m
<description example>
$(basename $0) .. <comand example>
<description another example>
$(basename $0) .. <command another example>
"
clean_up 1
}
clean_up() {
# Perform program exit housekeeping
rm -rf "$LOCK_DIR"
blank_line
exit $1
}
echononl(){
if $terminal ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n " $*\\c" 1>&2
else
echo -e -n " $*" 1>&2
fi
rm /tmp/shprompt$$
fi
}
fatal(){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e " \033[31m\033[1mScript was interupted\033[m!"
else
echo " [ Fatal ]: $*"
echo ""
echo " Script was terminated...."
fi
echo ""
clean_up 1
}
error (){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
else
echo " [ Error ]: $*"
fi
echo ""
}
warn (){
if $terminal ; then
echo ""
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
}
info (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
fi
}
ok (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
echo ""
fi
}
echo_done() {
if $terminal ; then
echo -e "\033[95G[ \033[32mdone\033[m ]"
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[95G[ \033[32mok\033[m ]"
fi
}
echo_warn() {
if $terminal ; then
echo -e "\033[95G[ \033[33mwarn\033[m ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[95G[ \033[1;31mfailed\033[m ]"
fi
}
echo_skipped() {
if $terminal ; then
echo -e "\033[95G[ \033[90m\033[1mskipped\033[m ]"
fi
}
echo_wait(){
if $terminal ; then
echo -en "\033[95G[ \033[5m\033[1m...\033[m ]"
fi
}
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
echo -n "$var"
}
blank_line() {
if $terminal ; then
echo ""
fi
}
# ----------
# - Jobhandling
# ----------
# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
# -
trap clean_up SIGHUP SIGINT SIGTERM
# - Create lock directory '$LOCK_DIR"
#
mkdir "$LOCK_DIR"
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
# -------------
# - Default values
# -------------
# - Give your default values here
# -
DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
DEFAULT_TTL="3600"
DEFAULT_KEY_ALGO="hmac-sha256"
DEFAULT_KEY_NAME="update-dkim"
DEFAULT_DKIM_TYPE="DKIM1"
DEFAULT_KEY_TYPE="rsa"
DEFAULT_DKIM_SELECTOR=""
if [[ -f "$conf_file" ]]; then
source "$conf_file"
else
warn "No configuration file '$conf_file' present.\n
Loading default values.."
fi
if [[ -n "$(trim "$DNS_DKIM_ZONE_MASTER_SERVER")" ]] ; then
DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="${DNS_DKIM_ZONE_MASTER_SERVER}"
DNS_DKIM_ZONE_MASTER_SERVER=""
fi
if [[ -n "$(trim "$KEY_ALGO")" ]] ; then
DEFAULT_KEY_ALGO="${KEY_ALGO}"
KEY_ALGO=""
fi
if [[ -n "$(trim "$KEY_NAME")" ]] ; then
DEFAULT_KEY_NAME="${KEY_NAME}"
KEY_NAME=""
fi
if [[ -n "$(trim "$KEY_SECRET")" ]] ; then
DEFAULT_KEY_SECRET="${KEY_SECRET}"
KEY_SECRET=""
fi
if $terminal ; then
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert a domain name for which DKIM support should be configured."
echo ""
echo ""
echononl " DKIM domain: "
read DKIM_DOMAIN
while [ "X$DKIM_DOMAIN" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " DKIM domain: "
read DKIM_DOMAIN
done
DEFAULT_DKIM_UPDATE_ZONE="_domainkey.${DKIM_DOMAIN}"
echo -e "\033[32m--\033[m"
echo ""
echo " Insert zone which should be updated with the new DKIM key."
echo ""
echo ""
echononl " DKIM Zone [${DEFAULT_DKIM_UPDATE_ZONE}]: "
read DKIM_UPDATE_ZONE
if [[ "X$DKIM_UPDATE_ZONE" = "X" ]] ; then
DKIM_UPDATE_ZONE="${DEFAULT_DKIM_UPDATE_ZONE}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert DKIM selector"
echo ""
echo ""
echononl " DKIM selector: "
read DKIM_SELECTOR
while [ "X$DKIM_SELECTOR" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " DKIM selector: "
read DKIM_SELECTOR
done
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert DKIM Key"
echo ""
echo ""
echononl " DKIM Key: "
read DKIM_KEY
while [ "X$DKIM_KEY" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " DKIM Key: "
read DKIM_KEY
done
blank_line
blank_line
echononl " Create (splitted 'p' value of DNS record.."
length="${#DKIM_KEY}"
declare -i pos_begin=0
declare -i pos_end=64
_failed=false
p_val=""
while [[ $pos_end -lt $length ]] ; do
p_val+="\"$(echo "${DKIM_KEY:$pos_begin:64}")\" "
[[ $? -gt 0 ]] && _failed=true
pos_begin=$pos_end
pos_end=$(expr $pos_end + 64)
[[ $? -gt 0 ]] && _failed=true
done
p_val+="\"$(echo "${DKIM_KEY:$pos_begin}")\""
[[ $? -gt 0 ]] && _failed=true
if $_failed ; then
echo_failed
fatal "Cannot create p vaalue of DNS Record"
else
echo_ok
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo -e " Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
echo ""
echo ""
if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
echononl " DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
read DNS_DKIM_ZONE_MASTER_SERVER
if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
fi
else
echononl " DNS master server: "
read KEY_SECRET
while [[ "X$KEY_SECRET" = "X" ]] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " Key secret: "
read KEY_SECRET
done
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert Key name"
echo ""
echo ""
echononl " Key name [${DEFAULT_KEY_NAME}]: "
read KEY_NAME
if [[ "X$KEY_NAME" = "X" ]] ; then
KEY_NAME="${DEFAULT_KEY_NAME}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert Key secret"
echo ""
echo ""
if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
echononl " Key secret [${DEFAULT_KEY_SECRET}]: "
read KEY_SECRET
if [[ "X$KEY_SECRET" = "X" ]] ; then
KEY_SECRET="${DEFAULT_KEY_SECRET}"
fi
else
echononl " Key secret: "
read KEY_SECRET
while [[ "X$KEY_SECRET" = "X" ]] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl " Key secret: "
read KEY_SECRET
done
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Specifies the algorithm to use for the TSIG key."
echo ""
if [[ "hmac-md5" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [1] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [1] hmac-md5"
fi
if [[ "hmac-sha1" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [2] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [2] hmac-sha1"
fi
if [[ "hmac-sha224" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [3] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [3] hmac-sha224"
fi
if [[ "hmac-sha256" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [4] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [4] hmac-sha256"
fi
if [[ "hmac-sha384" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [5] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [5] hmac-sha384"
fi
if [[ "hmac-sha512" = "${DEFAULT_KEY_ALGO}" ]] ; then
echo -e " [6] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
else
echo " [6] hmac-sha512"
fi
echo ""
echo " Type a number or press <RETURN> to choose highlighted value"
echo ""
echononl " Key algorithm [${DEFAULT_KEY_ALGO}]: "
while [[ "$KEY_ALGO" != "hmac-md5" ]] \
&& [[ "$KEY_ALGO" != "hmac-sha1" ]] \
&& [[ "$KEY_ALGO" != "hmac-sha224" ]] \
&& [[ "$KEY_ALGO" != "hmac-sha256" ]] \
&& [[ "$KEY_ALGO" != "hmac-sha384" ]] \
&& [[ "$KEY_ALGO" != "hmac-sha512" ]] ; do
read OPTION
case $OPTION in
1) KEY_ALGO="hmac-md5" ;;
2) KEY_ALGO="hmac-sha1" ;;
3) KEY_ALGO="hmac-sha224" ;;
4) KEY_ALGO="hmac-sha256" ;;
5) KEY_ALGO="hmac-sha384" ;;
6) KEY_ALGO="hmac-sha512" ;;
'') KEY_ALGO="${DEFAULT_KEY_ALGO}" ;;
*) echo ""
echo -e " \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m"
echo ""
echononl " Key algorithm [hmac-sha256]:"
;;
esac
done
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert DKIM Type (i.e. 'DKIM1')"
echo ""
echo ""
echononl " Key name [${DEFAULT_DKIM_TYPE}]: "
read DKIM_TYPE
if [[ "X$DKIM_TYPE" = "X" ]] ; then
DKIM_TYPE="${DEFAULT_DKIM_TYPE}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert Key Type (i.e. 'rsa')"
echo ""
echo ""
echononl " Key type [${DEFAULT_KEY_TYPE}]: "
read KEY_TYPE
if [[ "X$KEY_TYPE" = "X" ]] ; then
KEY_TYPE="${DEFAULT_KEY_TYPE}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Insert TTL for dns entry"
echo ""
echo ""
echononl " TTL [${DEFAULT_TTL}]: "
read TTL
if [[ "X$TTL" = "X" ]] ; then
TTL="${DEFAULT_TTL}"
fi
fi
if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then
fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!"
fi
if [[ -z "$(trim "${DKIM_UPDATE_ZONE}")" ]]; then
fatal "Variable \033[1mDKIM_UPDATE_ZONE\033[m not set!"
fi
if [[ -z "$(trim "${DKIM_SELECTOR}")" ]]; then
fatal "Variable \033[1mDKIM_SELECTOR\033[m not set!"
fi
if [[ -z "$(trim "${DKIM_KEY}")" ]]; then
fatal "\033[1mDKIM_KEY\033[m not given!"
fi
if [[ -z "$(trim "${KEY_SECRET}")" ]]; then
fatal "Variable \033[1mKEY_SECRET\033[m not set!"
fi
if $terminal ; then
echo ""
echo ""
echo -e " \033[1m----------\033[m"
echo " DKIM Domain......................: $DKIM_DOMAIN"
echo " DKIM Selector....................: $DKIM_SELECTOR"
echo " DKIM Key.........................: ${DKIM_KEY:0:15}..${DKIM_KEY:$(expr ${#DKIM_KEY} - 15)}"
echo ""
echo " Domain used for DKIM TXT record..: $DKIM_UPDATE_ZONE"
echo " Secret for the update key........: $KEY_SECRET"
echo " Algorithm used for the TSIG key..: $KEY_ALGO"
echo " Name of the TSIG key.............: $KEY_NAME"
echo ""
echo " DNS Master Server................: $DNS_DKIM_ZONE_MASTER_SERVER"
if [[ -z "$TTL" ]] || [[ "${TTL,,}" = "none" ]] ; then
echo -e " TTL for the DKIM TXT Record......: \033[33m- Not set -\033[m"
else
echo " TTL for the DKIM TXT Record......: $TTL"
fi
echo ""
echo " DKIM Type........................: $DKIM_TYPE"
echo " Key Type.........................: $KEY_TYPE"
echo -e " \033[1m----------\033[m"
echo ""
echo -e " DNS Record to add:\n\n\033[33m${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT \"v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email p=\" ${p_val}\033[m"
echo ""
echo ""
echo -n " Type upper case 'YES' to start: "
read OK
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer iwas not 'YES'"
fi
echo ""
fi
if $terminal ; then
echo ""
echo -e " \033[32mUpdate Zone \033[37m\033[1m${DKIM_UPDATE_ZONE}\033[m\033[32m DNS Server \033[37m\033[1m${DNS_DKIM_ZONE_MASTER_SERVER}\033[m"
echo ""
fi
echononl " Add DKIM entry for domain \033[1m${DKIM_DOMAIN}\033[m with selector \033[1m${DKIM_SELECTOR} .."
cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
server $DNS_DKIM_ZONE_MASTER_SERVER
zone $DKIM_UPDATE_ZONE
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT "v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email; p=" ${p_val}
send
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
cat <<END
Command was:
cat <<EOF | nsupdate -v -L3
server $DNS_DKIM_ZONE_MASTER_SERVER
zone $DKIM_UPDATE_ZONE
key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
update add ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. $TTL IN TXT "v=${DKIM_TYPE}; k=${KEY_TYPE}; s=email; p=" ${p_val}
send
EOF
END
error "$(cat $log_file)"
fi
info "Flush update data from .jnl files of domain \033[1m${DKIM_UPDATE_ZONE}\033[m back to the zone file:
rndc freeze <zone> - \033[1mrndc freeze ${DKIM_UPDATE_ZONE}\033[m
rndc thaw <zone - \033[1mrndc thaw ${DKIM_UPDATE_ZONE}\033[m"
clean_up 0
Reference in New Issue View Git Blame Copy Permalink