docker-mailserver/target/bin/open-dkim

192 lines
5.7 KiB
Plaintext
Raw Normal View History

#! /bin/bash
KEYSIZE=4096
SELECTOR=mail
DOMAINS=
function __usage
{
printf "\e[35mOPEN-DKIM\e[31m(\e[93m8\e[31m)
\e[38;5;214mNAME\e[39m
open-dkim - configure DomainKeys Identified Mail (DKIM)
\e[38;5;214mSYNOPSIS\e[39m
./setup.sh config dkim [ OPTIONS\e[31m...\e[39m ]
\e[38;5;214mDESCRIPTION\e[39m
Configures DKIM keys. OPTIONS can be used to configure a more complex setup.
LDAP setups require these options.
\e[38;5;214mOPTIONS\e[39m
\e[94mGeneric Program Information\e[39m
help Print the usage information.
\e[94mConfiguration adjustments\e[39m
keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!)
domain Provide the domain(s) for which keys are to be generated.
\e[38;5;214mEXAMPLES\e[39m
\e[37m./setup.sh config dkim keysize 2048\e[39m
Creates keys of length 2048 bit in a default setup where domains are obtained from
your accounts.
\e[37m./setup.sh config dkim keysize 2048 selector 2021-dkim\e[39m
Creates keys of length 2048 bit in a default setup where domains are obtained from
your accounts. The DKIM selector used is '2021-dkim'.
\e[37m./setup.sh config dkim keysize 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'\e[39m
Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup
where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'.
The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'.
\e[38;5;214mEXIT STATUS\e[39m
Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain
errors, the script will exit early with exit status 2.
"
}
[[ ${1:-} == 'help' ]] && { __usage ; exit 0 ; }
while [[ ${#} -gt 0 ]]
do
case ${1} in
keysize )
if [[ -n ${2+'set'} ]]
then
KEYSIZE="${2}"
shift
shift
else
echo "No keysize provided after 'keysize' argument. Aborting." >&2
exit 2
fi
;;
selector )
if [[ -n ${2+'set'} ]]
then
# shellcheck disable=SC2034
SELECTOR="${2}"
shift
shift
else
echo "No selector provided after 'selector' argument. Aborting." >&2
exit 2
fi
;;
domain )
if [[ -n ${2+'set'} ]]
then
DOMAINS="${2}"
shift
shift
else
echo "No domain(s) provided after 'domain' argument. Aborting." >&2
exit 2
fi
;;
* )
__usage
echo -e "\nUnknown options ${1} ${2:-}. Aborting." >&2
exit 2
;;
esac
done
touch /tmp/vhost.dkim.tmp
if [[ -z ${DOMAINS} ]]
then
# getting domains FROM mail accounts
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then
# shellcheck disable=SC2034
while IFS=$'|' read -r LOGIN PASS
do
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true)
fi
# getting domains FROM mail aliases
if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]]
then
# shellcheck disable=SC2034
while read -r FROM TO
do
UNAME=$(echo "${FROM}" | cut -d @ -f1)
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
fi
else
tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.dkim.tmp
fi
sort < /tmp/vhost.dkim.tmp | uniq >/tmp/vhost
rm /tmp/vhost.dkim.tmp
if [[ ! -s /tmp/vhost ]]
then
echo "No entries found, no keys to make."
exit 0
fi
while read -r DOMAINNAME
do
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private" ]]
then
echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
opendkim-genkey \
--bits="${KEYSIZE}" \
--subdomains \
--DOMAIN="${DOMAINNAME}" \
--selector="${SELECTOR}" \
-D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}"
fi
# write to KeyTable if necessary
KEYTABLEENTRY="${SELECTOR}._domainkey.${DOMAINNAME} ${DOMAINNAME}:${SELECTOR}:/etc/opendkim/keys/${DOMAINNAME}/${SELECTOR}.private"
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
then
echo "Creating DKIM KeyTable"
echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable
else
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
then
echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
fi
fi
# write to SigningTable if necessary
SIGNINGTABLEENTRY="*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}"
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
then
echo "Creating DKIM SigningTable"
echo "*@${DOMAINNAME} ${SELECTOR}._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable
else
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
then
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
fi
fi
done < <(grep -vE '^(\s*$|#)' /tmp/vhost)
# create TrustedHosts if missing
if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
then
echo "Creating DKIM TrustedHosts"
echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
fi