Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: Better organize open-dkim config generator

This commit is contained in:
Brennan Kinney 2025-02-15 14:21:16 +13:00 committed by GitHub
parent 8fa186ae76
commit 466602c66d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 100 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
target/bin/open-dkim
View File

@ -12,9 +12,17 @@ if [[ -f /etc/dms-settings ]] && [[ $(_get_dms_env_value 'ENABLE_RSPAMD') -eq 1
fi fi
fi fi
KEYSIZE=2048 function _main() {
SELECTOR=mail # Default parameters (updated by `_parse_arguments()`):
DOMAINS= local KEYSIZE=2048
local SELECTOR=mail
local DOMAINS=
_require_n_parameters_or_print_usage 0 "${@}"
_parse_arguments "${@}"
_generate_dkim_keys
}
function __usage() { function __usage() {
printf '%s' "${PURPLE}OPEN-DKIM${RED}(${YELLOW}8${RED}) printf '%s' "${PURPLE}OPEN-DKIM${RED}(${YELLOW}8${RED})
@ -62,10 +70,9 @@ ${ORANGE}EXIT STATUS${RESET}
" "
} }
_require_n_parameters_or_print_usage 0 "${@}" function _parse_arguments() {
# Parse the command args through iteration:
# Parse the command args through iteration: while [[ ${#} -gt 0 ]]; do
while [[ ${#} -gt 0 ]]; do
case "${1}" in case "${1}" in
( 'keysize' ) ( 'keysize' )
@ -108,8 +115,32 @@ while [[ ${#} -gt 0 ]]; do
# Discard these two args (option + value) now that they've been processed: # Discard these two args (option + value) now that they've been processed:
shift 2 shift 2
done done
}
function _generate_dkim_keys() {
_generate_domains_config
if [[ ! -s ${DATABASE_VHOST} ]]; then
_log 'warn' 'No entries found, no keys to make'
exit 0
fi
# Generate the keypairs and associated OpenDKIM config files:
OPENDKIM_BASE_DIR='/tmp/docker-mailserver/opendkim'
while read -r DKIM_DOMAIN; do
_create_dkim_key "${DKIM_DOMAIN}"
# Create / Update OpenDKIM configs with new DKIM key:
KEY_TABLE_ENTRY="${SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private"
_update_keytable "${KEY_TABLE_ENTRY}"
SIGNING_TABLE_ENTRY="*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}"
_update_signingtable "${SIGNING_TABLE_ENTRY}"
done < <(_get_valid_lines_from_file "${DATABASE_VHOST}")
# Create TrustedHosts if missing:
_create_trustedhosts
}
# Prepare a file with one domain per line: # Prepare a file with one domain per line:
# Depends on methods from `scripts/helpers/postfix.sh`: # Depends on methods from `scripts/helpers/postfix.sh`:
@ -127,24 +158,18 @@ function _generate_domains_config() {
tr ',' '\n' <<< "${DOMAINS}" >"${TMP_VHOST}" tr ',' '\n' <<< "${DOMAINS}" >"${TMP_VHOST}"
fi fi
# uses DATABASE_VHOST + TMP_VHOST: # Uses DATABASE_VHOST + TMP_VHOST:
_create_vhost _create_vhost
} }
_generate_domains_config function _create_dkim_key() {
if [[ ! -s ${DATABASE_VHOST} ]]; then DKIM_DOMAIN=${1?Expected to be provided a domain}
_log 'warn' 'No entries found, no keys to make'
exit 0
fi
# Generate the keypairs and associated OpenDKIM config files:
OPENDKIM_BASE_DIR='/tmp/docker-mailserver/opendkim'
while read -r DKIM_DOMAIN; do
OPENDKIM_DOMAINKEY_DIR="${OPENDKIM_BASE_DIR}/keys/${DKIM_DOMAIN}" OPENDKIM_DOMAINKEY_DIR="${OPENDKIM_BASE_DIR}/keys/${DKIM_DOMAIN}"
mkdir -p "${OPENDKIM_DOMAINKEY_DIR}" mkdir -p "${OPENDKIM_DOMAINKEY_DIR}"
DKIM_KEY_FILE="${OPENDKIM_DOMAINKEY_DIR}/${SELECTOR}.private" DKIM_KEY_FILE="${OPENDKIM_DOMAINKEY_DIR}/${SELECTOR}.private"
if [[ ! -f "${DKIM_KEY}" ]]; then if [[ ! -f "${DKIM_KEY_FILE}" ]]; then
_log 'info' "Creating DKIM private key '${DKIM_KEY_FILE}'" _log 'info' "Creating DKIM private key '${DKIM_KEY_FILE}'"
opendkim-genkey \ opendkim-genkey \
@ -157,10 +182,12 @@ while read -r DKIM_DOMAIN; do
# Ensure permissions match the user:group of the base directory: # Ensure permissions match the user:group of the base directory:
chown -R "$(stat -c '%U:%G' "${OPENDKIM_BASE_DIR}")" "${OPENDKIM_DOMAINKEY_DIR}" chown -R "$(stat -c '%U:%G' "${OPENDKIM_BASE_DIR}")" "${OPENDKIM_DOMAINKEY_DIR}"
}
function _update_keytable() {
KEY_TABLE_ENTRY=${1?Expected to be provided an entry}
# write to KeyTable if necessary
KEY_TABLE_FILE="${OPENDKIM_BASE_DIR}/KeyTable" KEY_TABLE_FILE="${OPENDKIM_BASE_DIR}/KeyTable"
KEY_TABLE_ENTRY="${SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${SELECTOR}:/etc/opendkim/keys/${DKIM_DOMAIN}/${SELECTOR}.private"
if [[ ! -f "${KEY_TABLE_FILE}" ]]; then if [[ ! -f "${KEY_TABLE_FILE}" ]]; then
_log 'debug' 'Creating DKIM KeyTable' _log 'debug' 'Creating DKIM KeyTable'
echo "${KEY_TABLE_ENTRY}" > "${KEY_TABLE_FILE}" echo "${KEY_TABLE_ENTRY}" > "${KEY_TABLE_FILE}"
@ -170,10 +197,12 @@ while read -r DKIM_DOMAIN; do
echo "${KEY_TABLE_ENTRY}" >> "${KEY_TABLE_FILE}" echo "${KEY_TABLE_ENTRY}" >> "${KEY_TABLE_FILE}"
fi fi
fi fi
}
function _update_signingtable() {
SIGNING_TABLE_ENTRY=${1?Expected to be provided an entry}
# write to SigningTable if necessary
SIGNING_TABLE_FILE="${OPENDKIM_BASE_DIR}/SigningTable" SIGNING_TABLE_FILE="${OPENDKIM_BASE_DIR}/SigningTable"
SIGNING_TABLE_ENTRY="*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}"
if [[ ! -f "${SIGNING_TABLE_FILE}" ]]; then if [[ ! -f "${SIGNING_TABLE_FILE}" ]]; then
_log 'debug' 'Creating DKIM SigningTable' _log 'debug' 'Creating DKIM SigningTable'
echo "*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" > "${SIGNING_TABLE_FILE}" echo "*@${DKIM_DOMAIN} ${SELECTOR}._domainkey.${DKIM_DOMAIN}" > "${SIGNING_TABLE_FILE}"
@ -183,12 +212,15 @@ while read -r DKIM_DOMAIN; do
echo "${SIGNING_TABLE_ENTRY}" >> "${SIGNING_TABLE_FILE}" echo "${SIGNING_TABLE_ENTRY}" >> "${SIGNING_TABLE_FILE}"
fi fi
fi fi
done < <(_get_valid_lines_from_file "${DATABASE_VHOST}") }
# create TrustedHosts if missing function _create_trustedhosts() {
TRUSTED_HOSTS_FILE="${OPENDKIM_BASE_DIR}/TrustedHosts" TRUSTED_HOSTS_FILE="${OPENDKIM_BASE_DIR}/TrustedHosts"
if [[ -d "${OPENDKIM_BASE_DIR}" ]] && [[ ! -f "${TRUSTED_HOSTS_FILE}" ]]; then if [[ -d "${OPENDKIM_BASE_DIR}" ]] && [[ ! -f "${TRUSTED_HOSTS_FILE}" ]]; then
_log 'debug' 'Creating DKIM TrustedHosts' _log 'debug' 'Creating DKIM TrustedHosts'
echo "127.0.0.1" > "${TRUSTED_HOSTS_FILE}" echo "127.0.0.1" > "${TRUSTED_HOSTS_FILE}"
echo "localhost" >> "${TRUSTED_HOSTS_FILE}" echo "localhost" >> "${TRUSTED_HOSTS_FILE}"
fi fi
}
_main "${@}"