Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DKIM is very special as it needs keys to be added into the DNS. The DNS update is not automated in this document (yet). I just generate the keys and then paste them into the DNS.

However, it takes time doing this manually so this is the script that creates what I need – OBSERVE THAT THIS IS ONLY AN EXAMPLE ON HOW WE DO IT:

Code Block
languagebash
themeEmacsDJango
titledkim.sh
#!/bin/bash

YYYYMM=$(date +%Y%m)

path=/etc/opendkim/keys
okey=$(which opendkim-genkey)

dkimu=$(grep dkim /etc/group|grep postfix)
if [ "" = "$dkimu" ] ; then
 echo "postfix user must be present in group for dkim"
 exit
fi

if [ ! -d /etc/opendkim ] ; then
 ln -sv /var/tornevall/system/etc/opendkim /etc/opendkim
fi

rl=$(readlink /etc/opendkim.conf)
if [ -f /etc/opendkim.conf ] ; then
 if [ "" = "$rl" ] ; then
 mv /etc/opendkim.conf /etc/opendkim.conf.old
 ln -sv /var/tornevall/system/etc/opendkim.conf /etc/opendkim.conf
 fi
 chmod u=rw,go=r /etc/opendkim.conf
 chmod u=rw,go=r /var/tornevall/system/etc/opendkim.conf
else
 if [ -f /var/tornevall/system/etc/opendkim.conf ] ; then
 ln -sv /var/tornevall/system/etc/opendkim.conf /etc/opendkim.conf
 fi
fi

if [ "" = "$okey" ] ; then
 echo "opendkim missing, trying to install..."
 apt-get -y -f install opendkim opendkim-tools >/dev/null 2>&1
 okey=$(which opendkim-genkey)
 if [ "" = "$okey" ] ; then
 echo "Could not install opendkim ..."
 exit
 fi
 echo "OK, ready!"
fi

if [ "" = "$2" ] ; then
 echo "Usage: $0 domain shortname"
 exit
fi

domain=$1
short=$2

if [ ! -f /etc/opendkim/signing.table ] ; then
 touch /etc/opendkim/signing.table
fi
if [ ! -f /etc/opendkim/key.table ] ; then
 touch /etc/opendkim/key.table
fi

echo "$domain - /etc/opendkim/signing.table"
dom=$(grep $domain /etc/opendkim/signing.table)
if [ "" = "$dom" ] ; then
 echo "*@${domain} ${short}" >>/etc/opendkim/signing.table
 echo "Added $domain (short=$short) to /etc/opendkim/signing.table"
else
 echo "Domain already exists in signing.table - please remove it from that table and the key.table to start over."
 exit
fi

dom=$(grep $domain /etc/opendkim/key.table)
if [ "" = "$dom" ] ; then
 echo "${short} ${domain}:${YYYYMM}:/etc/opendkim/keys/${short}.private" >>/etc/opendkim/key.table
 echo "Added $domain (short=$short) to /etc/opendkim/keys/${short}.private"
fi

echo opendkim-genkey -b 2048 -h rsa-sha256 -r -s ${YYYYMM} -d $domain -v
opendkim-genkey -b 2048 -h rsa-sha256 -r -s ${YYYYMM} -d $domain -v

rm -vf keys/${short}.private
rm -vf ${short}.txt

mv -v ${YYYYMM}.private keys/${short}.private
mv -v ${YYYYMM}.txt ${short}.txt

chown -R opendkim:opendkim /etc/opendkim
chmod -R go-rwx /etc/opendkim/keys

echo "Fixing SHA-problem by sed ..."
sed -i 's/h=rsa-sha256/h=sha256/' ${short}.txt

chown opendkim:postfix -Rv /etc/opendkim/

echo "Restarting dkim ..."
service opendkim restart

...