docker-mailserver/target/bin/open-dkim

179 lines
5.9 KiB
Plaintext
Raw Permalink Normal View History

#!/bin/bash
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
# shellcheck source=../scripts/helpers/index.sh
source /usr/local/bin/helpers/index.sh
2023-05-24 07:06:59 +00:00
if [[ -f /etc/dms-settings ]] && [[ $(_get_dms_env_value 'ENABLE_RSPAMD') -eq 1 ]]; then
if [[ $(_get_dms_env_value 'ENABLE_OPENDKIM') -eq 1 ]]; then
log 'error' "You enabled Rspamd and OpenDKIM - OpenDKIM will be implicitly used for DKIM keys"
else
/usr/local/bin/rspamd-dkim "${@}"
exit
fi
fi
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
KEYSIZE=2048
SELECTOR=mail
DOMAINS=
2023-05-25 23:01:41 +00:00
function __usage() {
printf '%s' "${PURPLE}OPEN-DKIM${RED}(${YELLOW}8${RED})
${ORANGE}NAME${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
open-dkim - Configure DKIM (DomainKeys Identified Mail)
${ORANGE}SYNOPSIS${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
setup config dkim [ OPTIONS${RED}...${RESET} ]
${ORANGE}DESCRIPTION${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
Creates DKIM keys and configures them within DMS for OpenDKIM.
OPTIONS can be used when your requirements are not met by the defaults.
When not using 'ACCOUNT_PROVISIONER=FILE' (default), you may need to explicitly
use the 'domain' option to generate DKIM keys for your mail account domains.
${ORANGE}OPTIONS${RESET}
${BLUE}Generic Program Information${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
help Print the usage information.
${BLUE}Configuration adjustments${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
keysize Set the size of the keys to be generated.
Possible values: 1024, 2048 and 4096
Default: 2048
selector Set a manual selector for the key.
Default: mail
domain Provide the domain(s) for which to generate keys for.
Default: The FQDN assigned to DMS, excluding any subdomain.
'ACCOUNT_PROVISIONER=FILE' also sources domains from mail accounts.
${ORANGE}EXAMPLES${RESET}
chore: Change `setup config dkim` default key size to `2048` (`open-dkim`) (#3508) * chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit 4096-bit is excessive in size for DKIM key. 2048-bit is plenty. * chore: Additional revisions to `open-dkim` command help output - The examples use `keysize 2048`, but as that's the new default it makes sense to change that. - Other help text was also revised. - Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values. * docs: Revise DKIM docs Primarily for the change in default key size, but does revise some text to better communicate to the user. - While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys. - Adjusted the domains example to match the new `setup config dkim domain` domains example. - Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively). - Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future. - `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed. - Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_). * docs: Sync DKIM commands help messages and update DKIM docs for LDAP - Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now. - Update `rspamd-dkim` examples help output to align with `open-dkim` command examples. - Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_). - DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary. * tests: Adjust test-cases for `setup config dkim` change `rspamd_dkim.bats`: - Update assert for command help output. - Don't bother creating a DKIM key at 512-bit size. `setup_cli.bats`: - Update assert for command help output of the `setup config dkim` (OpenDKIM) command. * docs: Update DKIM section for large keys to newer RFC The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support. The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM. * docs: Extract out common DKIM generation command from content tabs Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS. * docs: DKIM refactoring - Shifted out the info admonition on key size advice out of the content tabs as it's now generic information. - Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now. - Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet. * docs: Revise DKIM docs Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-28 21:40:02 +00:00
${LWHITE}setup config dkim keysize 4096${RESET}
Creates keys with their length increased to a size of 4096-bit.
${LWHITE}setup config dkim keysize 1024 selector 2023-dkim${RESET}
Creates 1024-bit sized keys, and changes the DKIM selector to '2023-dkim'.
${LWHITE}setup config dkim domain 'example.com,another-example.com'${RESET}
Only generates DKIM keys for the specified domains: 'example.com' and 'another-example.com'.
${ORANGE}EXIT STATUS${RESET}
Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain
errors, the script will exit early with exit status 2.
"
}
_require_n_parameters_or_print_usage 0 "${@}"
2023-05-25 23:39:39 +00:00
while [[ ${#} -gt 0 ]]; do
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
case "${1}" in
( 'keysize' )
2023-05-24 07:06:59 +00:00
if [[ -n ${2+set} ]]; then
KEYSIZE="${2}"
shift
shift
else
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_exit_with_error "No keysize provided after 'keysize' argument"
fi
;;
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
( 'selector' )
2023-05-24 07:06:59 +00:00
if [[ -n ${2+set} ]]; then
# shellcheck disable=SC2034
SELECTOR="${2}"
shift
shift
else
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_exit_with_error "No selector provided after 'selector' argument"
fi
;;
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
( 'domain' )
2023-05-24 07:06:59 +00:00
if [[ -n ${2+set} ]]; then
DOMAINS="${2}"
shift
shift
else
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_exit_with_error "No domain(s) provided after 'domain' argument"
fi
;;
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
( * )
__usage
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_exit_with_error "Unknown options '${1}' ${2:+and \'${2}\'}"
;;
esac
done
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
DATABASE_VHOST='/tmp/vhost.dkim'
# Prepare a file with one domain per line:
2023-05-25 23:01:41 +00:00
function _generate_domains_config() {
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
local TMP_VHOST='/tmp/vhost.dkim.tmp'
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
# Generate the default vhost (equivalent to /etc/postfix/vhost),
# unless CLI arg DOMAINS provided an alternative list to use instead:
2023-05-24 07:06:59 +00:00
if [[ -z ${DOMAINS} ]]; then
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
_obtain_hostname_and_domainname
# uses TMP_VHOST:
_vhost_collect_postfix_domains
else
tr ',' '\n' <<< "${DOMAINS}" >"${TMP_VHOST}"
fi
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
# uses DATABASE_VHOST + TMP_VHOST:
_create_vhost
}
refactor: Share a common helper (vhost builder) for sourcing domains (#2620) * chore: Split vhost helper method and use filepath vars - Helpers `accounts.sh` and `aliases.sh` can move their vhost code into this helper. - They share duplicate code with `bin/open-dkim` which will also leverage this vhost helper going forward. * chore: Sync vhost generation logic into helper - Chunky commit, but mostly copy/paste of logic into a common method. - `bin/open-dkim` additionally wrapped relevant logic in a function call and revised inline docs. * chore: Include LDAP vhost support - Revises notes for LDAP vhost support. - This now ensures LDAP users get vhost rebuilt to match the startup script for when change detection support is enabled. - `bin/open-dkim` will additionally be able to support the default `DOMAINNAME` var (set via `helpers/dns.sh`) for LDAP users instead of requiring them to provide one explicitly. * chore(`bin/open-dkim`): Ensure `DOMAINNAME` is properly set - This will ensure LDAP users insert the same `DOMAINNAME` value as used during container startup. - The container itself should panic at startup (during `helpers/dns.sh`) if this isn't configured correctly already, thus it should not introduce any breaking change to users of this utility? * chore: Set the 2nd value as blank `_` Line is split by a delimiter such as white-space (or via IFS: `|`), the blank `_` var is to indicate we're not interested in that value, but still leverage how `read -r` works, instead of splitting the var ourselves first thing. * chore: Remove shellcheck disable lines No longer applicable with the switch to `_`
2022-06-09 22:57:10 +00:00
_generate_domains_config
2023-05-24 07:06:59 +00:00
if [[ ! -s ${DATABASE_VHOST} ]]; then
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_log 'warn' 'No entries found, no keys to make'
exit 0
fi
2023-05-25 23:39:39 +00:00
while read -r DKIM_DOMAIN; do
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
2023-05-24 07:06:59 +00:00
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private" ]]; then
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_log 'info' "Creating DKIM private key '/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private'"
opendkim-genkey \
--bits="${KEYSIZE}" \
--subdomains \
--domain="${DKIM_DOMAIN}" \
--selector="${SELECTOR}" \
--directory="/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
fi
# fix permissions to use the same user:group as /tmp/docker-mailserver/opendkim/keys
chown -R "$(stat -c '%U:%G' /tmp/docker-mailserver/opendkim/keys)" "/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
# write to KeyTable if necessary
KEYTABLEENTRY="${SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private"
2023-05-24 07:06:59 +00:00
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]; then
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_log 'debug' 'Creating DKIM KeyTable'
echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable
else
2023-05-24 07:06:59 +00:00
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"; then
echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}"
2023-05-24 07:06:59 +00:00
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]; then
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_log 'debug' 'Creating DKIM SigningTable'
echo "*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" >/tmp/docker-mailserver/opendkim/SigningTable
else
2023-05-24 07:06:59 +00:00
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable; then
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
fi
fi
done < <(_get_valid_lines_from_file "${DATABASE_VHOST}")
# create TrustedHosts if missing
2023-05-24 07:06:59 +00:00
if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]; then
scripts: refactored scripts located under `target/bin/` (#2500) * refactored scripts located under `target/bin/` The scripts under `target/bin/` now use the new log and I replaced some `""` with `''` on the way. The functionality stays the same, this mostly style and log. * corrected fail2ban (script and tests) * corrected OpenDKIM log output in tests * reverted (some) changes to `sedfile` Moreover, a few messages for BATS were streamlined and a regression in the linting script reverted. * apple PR feedback * improve log output from `fail2ban` script The new output has a single, clear message with the '[ ERROR ] ' prefix, and then output that explains the error afterwards. This is coherent with the logging style which should be used while providing more information than just a single line about IPTables not functioning. * simplified `setquota` script * consistently named the `__usage` function Before, scripts located under `target/bin/` were using `usage` or `__usage`. Now, they're using `__usage` as they should. * improved `sedfile` With `sedfile`, we cannot use the helper functions in a nice way because it is used early in the Dockerfile at a stage where the helper scripts are not yet copied. The script has been adjusted to be canonical with all the other scripts under `target/bin/`. * fixed tests * removed `__usage` from places where it does not belong `__usage` is to be used on wrong user input, not on other failures as well. This was fixed in `delquota` and `setquota`. * apply PR review feedback
2022-03-26 08:30:09 +00:00
_log 'debug' 'Creating DKIM TrustedHosts'
echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
fi