2021-02-18 09:29:34 +00:00
|
|
|
#! /bin/bash
|
|
|
|
|
2022-03-26 08:30:09 +00:00
|
|
|
# shellcheck source=../scripts/helpers/index.sh
|
|
|
|
source /usr/local/bin/helpers/index.sh
|
|
|
|
|
2021-02-18 09:29:34 +00:00
|
|
|
KEYSIZE=4096
|
|
|
|
SELECTOR=mail
|
|
|
|
DOMAINS=
|
|
|
|
|
|
|
|
function __usage
|
|
|
|
{
|
2022-05-10 15:50:33 +00:00
|
|
|
printf '%s' "${PURPLE}OPEN-DKIM${RED}(${YELLOW}8${RED})
|
2021-02-18 09:29:34 +00:00
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}NAME${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
open-dkim - configure DomainKeys Identified Mail (DKIM)
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}SYNOPSIS${RESET}
|
|
|
|
./setup.sh config dkim [ OPTIONS${RED}...${RESET} ]
|
2021-02-18 09:29:34 +00:00
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}DESCRIPTION${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
Configures DKIM keys. OPTIONS can be used to configure a more complex setup.
|
|
|
|
LDAP setups require these options.
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}OPTIONS${RESET}
|
|
|
|
${BLUE}Generic Program Information${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
help Print the usage information.
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${BLUE}Configuration adjustments${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default).
|
2022-05-10 15:50:33 +00:00
|
|
|
selector Set a manual selector (default is 'mail') for the key. (${LCYAN}ATTENTION${RESET}: NOT IMPLEMENTED YET!)
|
2021-02-21 21:05:35 +00:00
|
|
|
domain Provide the domain(s) for which keys are to be generated.
|
2021-02-18 09:29:34 +00:00
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}EXAMPLES${RESET}
|
|
|
|
${LWHITE}./setup.sh config dkim keysize 2048${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
Creates keys of length 2048 bit in a default setup where domains are obtained from
|
|
|
|
your accounts.
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${LWHITE}./setup.sh config dkim keysize 2048 selector 2021-dkim${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
Creates keys of length 2048 bit in a default setup where domains are obtained from
|
|
|
|
your accounts. The DKIM selector used is '2021-dkim'.
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${LWHITE}./setup.sh config dkim keysize 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup
|
|
|
|
where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'.
|
|
|
|
The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'.
|
|
|
|
|
2022-05-10 15:50:33 +00:00
|
|
|
${ORANGE}EXIT STATUS${RESET}
|
2021-02-18 09:29:34 +00:00
|
|
|
Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain
|
|
|
|
errors, the script will exit early with exit status 2.
|
2021-02-18 12:11:45 +00:00
|
|
|
|
2021-02-18 09:29:34 +00:00
|
|
|
"
|
|
|
|
}
|
|
|
|
|
2021-02-23 19:03:01 +00:00
|
|
|
[[ ${1:-} == 'help' ]] && { __usage ; exit 0 ; }
|
2021-02-18 09:29:34 +00:00
|
|
|
|
|
|
|
while [[ ${#} -gt 0 ]]
|
|
|
|
do
|
2022-03-26 08:30:09 +00:00
|
|
|
case "${1}" in
|
|
|
|
( 'keysize' )
|
|
|
|
if [[ -n ${2+set} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
|
|
|
KEYSIZE="${2}"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
else
|
2022-03-26 08:30:09 +00:00
|
|
|
_exit_with_error "No keysize provided after 'keysize' argument"
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
;;
|
|
|
|
|
2022-03-26 08:30:09 +00:00
|
|
|
( 'selector' )
|
|
|
|
if [[ -n ${2+set} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
SELECTOR="${2}"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
else
|
2022-03-26 08:30:09 +00:00
|
|
|
_exit_with_error "No selector provided after 'selector' argument"
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
;;
|
|
|
|
|
2022-03-26 08:30:09 +00:00
|
|
|
( 'domain' )
|
|
|
|
if [[ -n ${2+set} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
|
|
|
DOMAINS="${2}"
|
2021-02-18 18:20:48 +00:00
|
|
|
shift
|
|
|
|
shift
|
2021-02-18 09:29:34 +00:00
|
|
|
else
|
2022-03-26 08:30:09 +00:00
|
|
|
_exit_with_error "No domain(s) provided after 'domain' argument"
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
;;
|
|
|
|
|
2022-03-26 08:30:09 +00:00
|
|
|
( * )
|
2021-02-18 09:29:34 +00:00
|
|
|
__usage
|
2022-03-26 08:30:09 +00:00
|
|
|
_exit_with_error "Unknown options '${1}' ${2:+and \'${2}\'}"
|
2021-02-18 09:29:34 +00:00
|
|
|
;;
|
|
|
|
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2022-06-06 13:07:30 +00:00
|
|
|
DATABASE_ACCOUNTS='/tmp/docker-mailserver/postfix-accounts.cf'
|
|
|
|
DATABASE_VIRTUAL='/tmp/docker-mailserver/postfix-virtual.cf'
|
|
|
|
DATABASE_VHOST='/tmp/vhost'
|
|
|
|
TMP_VHOST='/tmp/vhost.dkim.tmp'
|
|
|
|
touch "${TMP_VHOST}"
|
2021-02-18 09:29:34 +00:00
|
|
|
if [[ -z ${DOMAINS} ]]
|
|
|
|
then
|
|
|
|
# getting domains FROM mail accounts
|
2022-06-06 13:07:30 +00:00
|
|
|
if [[ -f ${DATABASE_ACCOUNTS} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
while IFS=$'|' read -r LOGIN PASS
|
|
|
|
do
|
|
|
|
DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2)
|
2022-06-06 13:07:30 +00:00
|
|
|
echo "${DOMAIN}" >>"${TMP_VHOST}"
|
|
|
|
done < <(_get_valid_lines_from_file "${DATABASE_ACCOUNTS}")
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# getting domains FROM mail aliases
|
2022-06-06 13:07:30 +00:00
|
|
|
if [[ -f ${DATABASE_VIRTUAL} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
while read -r FROM TO
|
|
|
|
do
|
|
|
|
UNAME=$(echo "${FROM}" | cut -d @ -f1)
|
|
|
|
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
|
|
|
|
|
2022-06-06 13:07:30 +00:00
|
|
|
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>"${TMP_VHOST}"
|
|
|
|
done < <(_get_valid_lines_from_file "${DATABASE_VIRTUAL}")
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
else
|
2022-06-06 13:07:30 +00:00
|
|
|
tr ',' '\n' <<< "${DOMAINS}" >"${TMP_VHOST}"
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
|
2022-06-06 13:07:30 +00:00
|
|
|
sort < "${TMP_VHOST}" | uniq >"${DATABASE_VHOST}"
|
|
|
|
rm "${TMP_VHOST}"
|
2021-02-18 09:29:34 +00:00
|
|
|
|
2022-06-06 13:07:30 +00:00
|
|
|
if [[ ! -s ${DATABASE_VHOST} ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
2022-03-26 08:30:09 +00:00
|
|
|
_log 'warn' 'No entries found, no keys to make'
|
2021-02-18 09:29:34 +00:00
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2021-10-30 10:10:32 +00:00
|
|
|
while read -r DKIM_DOMAIN
|
2021-02-18 09:29:34 +00:00
|
|
|
do
|
2021-10-30 10:10:32 +00:00
|
|
|
mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
|
2021-02-18 09:29:34 +00:00
|
|
|
|
2021-10-30 10:10:32 +00:00
|
|
|
if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private" ]]
|
2021-02-18 09:29:34 +00:00
|
|
|
then
|
2022-03-26 08:30:09 +00:00
|
|
|
_log 'info' "Creating DKIM private key '/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private'"
|
2021-02-18 09:29:34 +00:00
|
|
|
|
|
|
|
opendkim-genkey \
|
|
|
|
--bits="${KEYSIZE}" \
|
|
|
|
--subdomains \
|
2021-10-30 10:10:32 +00:00
|
|
|
--domain="${DKIM_DOMAIN}" \
|
2021-02-21 21:05:35 +00:00
|
|
|
--selector="${SELECTOR}" \
|
2021-10-30 10:10:32 +00:00
|
|
|
--directory="/tmp/docker-mailserver/opendkim/keys/${DKIM_DOMAIN}"
|
2021-02-18 09:29:34 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# write to KeyTable if necessary
|
2021-10-30 10:10:32 +00:00
|
|
|
KEYTABLEENTRY="${SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private"
|
2021-02-18 09:29:34 +00:00
|
|
|
if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]]
|
|
|
|
then
|
2022-03-26 08:30:09 +00:00
|
|
|
_log 'debug' 'Creating DKIM KeyTable'
|
2021-02-18 09:29:34 +00:00
|
|
|
echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable
|
|
|
|
else
|
|
|
|
if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable"
|
|
|
|
then
|
|
|
|
echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
# write to SigningTable if necessary
|
2021-10-30 10:10:32 +00:00
|
|
|
SIGNINGTABLEENTRY="*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}"
|
2021-02-18 09:29:34 +00:00
|
|
|
if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]]
|
|
|
|
then
|
2022-03-26 08:30:09 +00:00
|
|
|
_log 'debug' 'Creating DKIM SigningTable'
|
2021-10-30 10:10:32 +00:00
|
|
|
echo "*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" >/tmp/docker-mailserver/opendkim/SigningTable
|
2021-02-18 09:29:34 +00:00
|
|
|
else
|
|
|
|
if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable
|
|
|
|
then
|
|
|
|
echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable
|
|
|
|
fi
|
|
|
|
fi
|
2022-06-06 13:07:30 +00:00
|
|
|
done < <(_get_valid_lines_from_file "${DATABASE_VHOST}")
|
2021-02-18 09:29:34 +00:00
|
|
|
|
|
|
|
# create TrustedHosts if missing
|
|
|
|
if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]]
|
|
|
|
then
|
2022-03-26 08:30:09 +00:00
|
|
|
_log 'debug' 'Creating DKIM TrustedHosts'
|
2021-02-18 09:29:34 +00:00
|
|
|
echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts
|
|
|
|
echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts
|
|
|
|
fi
|