#! /bin/bash touch /tmp/vhost.tmp # if no keysize is provided, default to 4096 KEYSIZE=${1:-4096} # optional domain names DOMAINS=${2:-} if [[ -z ${DOMAINS} ]] then # getting domains FROM mail accounts if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] then # shellcheck disable=SC2034 while IFS=$'|' read -r LOGIN PASS do DOMAIN=$(echo "${LOGIN}" | cut -d @ -f2) echo "${DOMAIN}" >>/tmp/vhost.tmp done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf || true) fi # getting domains FROM mail aliases if [[ -f /tmp/docker-mailserver/postfix-virtual.cf ]] then # shellcheck disable=SC2034 while read -r FROM TO do UNAME=$(echo "${FROM}" | cut -d @ -f1) DOMAIN=$(echo "${FROM}" | cut -d @ -f2) [[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) fi else tr ',' '\n' <<< "${DOMAINS}" > /tmp/vhost.tmp fi # keeping unique entries if [[ -f /tmp/vhost.tmp ]] then sort < /tmp/vhost.tmp | uniq >/tmp/vhost && rm /tmp/vhost.tmp fi # exit if no entries found if [[ ! -f /tmp/vhost ]] then echo "No entries found, no keys to make" exit 0 fi while read -r DOMAINNAME do mkdir -p "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" if [[ ! -f "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" ]] then echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}/mail.private" opendkim-genkey --bits="${KEYSIZE}" --subdomains --DOMAIN="${DOMAINNAME}" --selector=mail -D "/tmp/docker-mailserver/opendkim/keys/${DOMAINNAME}" fi # write to KeyTable if necessary KEYTABLEENTRY="mail._domainkey.${DOMAINNAME} ${DOMAINNAME}:mail:/etc/opendkim/keys/${DOMAINNAME}/mail.private" if [[ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]] then echo "Creating DKIM KeyTable" echo "${KEYTABLEENTRY}" > /tmp/docker-mailserver/opendkim/KeyTable else if ! grep -q "${KEYTABLEENTRY}" "/tmp/docker-mailserver/opendkim/KeyTable" then echo "${KEYTABLEENTRY}" >>/tmp/docker-mailserver/opendkim/KeyTable fi fi # write to SigningTable if necessary SIGNINGTABLEENTRY="*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" if [[ ! -f /tmp/docker-mailserver/opendkim/SigningTable ]] then echo "Creating DKIM SigningTable" echo "*@${DOMAINNAME} mail._domainkey.${DOMAINNAME}" >/tmp/docker-mailserver/opendkim/SigningTable else if ! grep -q "${SIGNINGTABLEENTRY}" /tmp/docker-mailserver/opendkim/SigningTable then echo "${SIGNINGTABLEENTRY}" >> /tmp/docker-mailserver/opendkim/SigningTable fi fi done < <(grep -vE '^(\s*$|#)' /tmp/vhost) # creates TrustedHosts if missing if [[ -d /tmp/docker-mailserver/opendkim ]] && [[ ! -f /tmp/docker-mailserver/opendkim/TrustedHosts ]] then echo "Creating DKIM TrustedHosts" echo "127.0.0.1" >/tmp/docker-mailserver/opendkim/TrustedHosts echo "localhost" >>/tmp/docker-mailserver/opendkim/TrustedHosts fi