#! /bin/bash KEYSIZE=4096 SELECTOR=mail DOMAINS= function __usage { echo -e "\e[35mOPEN-DKIM\e[31m(\e[93m8\e[31m) \e[38;5;214mNAME\e[39m open-dkim - configure DomainKeys Identified Mail (DKIM) \e[38;5;214mSYNOPSIS\e[39m ./setup.sh config dkim [ OPTIONS\e[31m...\e[39m ] \e[38;5;214mDESCRIPTION\e[39m Configures DKIM keys. OPTIONS can be used to configure a more complex setup. LDAP setups require these options. \e[38;5;214mOPTIONS\e[39m \e[94mGeneric Program Information\e[39m help Print the usage information. \e[94mConfiguration adjustments\e[39m keysize Set the size of the keys to be generated. Possible are 1024, 2024 and 4096 (default). selector Set a manual selector (default is 'mail') for the key. (\e[96mATTENTION\e[39m: NOT IMPLEMENTED YET!) domains Provide the domains for which keys are to be generated. \e[38;5;214mEXAMPLES\e[39m \e[37m./setup.sh config dkim size 2048\e[39m Creates keys of length 2048 bit in a default setup where domains are obtained from your accounts. \e[37m./setup.sh config dkim size 2048 selector 2021-dkim\e[39m Creates keys of length 2048 bit in a default setup where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'. \e[37m./setup.sh config dkim size 2048 selector 2021-dkim domain 'whoami.com,whoareyou.org'\e[39m Appropriate for an LDAP setup. Creates keys of length 2048 bit in a default setup where domains are obtained from your accounts. The DKIM selector used is '2021-dkim'. The domains for which DKIM keys are generated are 'whoami.com' and 'whoareyou.org'. \e[38;5;214mEXIT STATUS\e[39m Exit status is 0 if command was successful. If wrong arguments are provided or arguments contain errors, the script will exit early with exit status 2. " } if [[ ${1:-} == 'help' ]] then __usage exit 0 fi while [[ ${#} -gt 0 ]] do case ${1} in keysize ) if [[ -n ${2+'set'} ]] then KEYSIZE="${2}" shift shift else echo "No keysize provided after 'size' argument. Aborting." >&2 exit 2 fi ;; selector ) if [[ -n ${2+'set'} ]] then # shellcheck disable=SC2034 SELECTOR="${2}" shift shift else echo "No selector provided after 'selector' argument. Aborting." >&2 exit 2 fi ;; domain ) if [[ -n ${2+'set'} ]] then DOMAINS="${2}" break break else echo "No domain(s) provided after 'domain' argument. Aborting." >&2 exit 2 fi ;; * ) __usage echo -e "\nUnknown options ${1} ${2:-}. Aborting." >&2 exit 2 ;; esac done touch /tmp/vhost.dkim.tmp if [[ -z ${DOMAINS} ]] then # getting domains FROM mail accounts if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] then # shellcheck disable=SC2034 while IFS=$'|' read -r LOGIN PASS do DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) fi # getting domains FROM mail aliases if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] then # shellcheck disable=SC2034 while read -r FROM TO do UNAME=$(echo "${FROM}" | cut -d @ -f1) DOMAIN=$(echo "${FROM}" | cut -d @ -f2) [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.dkim.tmp done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) fi else tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.dkim.tmp fi sort < /tmp/vhost.dkim.tmp | uniq >/tmp/vhost rm /tmp/vhost.dkim.tmp if [[ ! -s /tmp/vhost ]] then echo "No entries found, no keys to make." exit 0 fi while read -r DOMAINNAME do mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] then echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" opendkim-genkey \ --bits="${KEYSIZE}" \ --subdomains \ --DOMAIN="${DOMAINNAME}" \ --selector=mail \ -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" fi # write to KeyTable if necessary KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] then echo "Creating DKIM KeyTable" echo "${KEYTABLEENTRY}" >/tmp/docker-mailserver/opendkim/KeyTable else if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable" then echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable fi fi # write to SigningTable if necessary SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] then echo "Creating DKIM SigningTable" echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable else if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable then echo "${SIGNINGTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/SigningTable fi fi done < <(grep -vE '^(\s*$|#)' /tmp/vhost) # create TrustedHosts if missing if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]] then echo "Creating DKIM TrustedHosts" echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts fi