ale/docker-compose-hatthieves
2
Fork 0
Código Incidencias Pull Requests Lanzamientos Wiki Actividad

haraka-wildduck

Explorar el Código
Este commit está contenido en:
Your Name
2020-05-27 17:51:39 +00:00
padre 31d55bf967
commit d44513dbd8
Se han modificado 163 ficheros con 8169 adiciones y 0 borrados
Descargar archivo de parche Descargar archivo de diferencias Expandir todos los archivos Contraer todos los archivos

78
production/haraka-wildduck/haraka/config/dkim/dkim_key_gen.sh Archivo normal
Ver fichero

@@ -0,0 +1,78 @@
#!/bin/sh
usage() {
echo " usage: $0 <example.com> [haraka username]"
echo " "
exit
}
if [ -z "$1" ];
then
usage
fi
DOMAIN=$1
SMTPD=$2
if [ -z "$SMTPD" ];
then
SMTPD="www"
fi
# create a directory for each DKIM signing domain
mkdir -p "$DOMAIN"
cd "$DOMAIN" || exit
# The selector can be any value that is a valid DNS label
# create in the common format: mmmYYYY (apr2014)
date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector
# generate private and public keys
# key length considerations
# The minimum recommended key length for short duration keys (ones that
# will be replaced within a few months) is 1024. If you are unlikely to
# rotate your keys frequently, choose 2048, at the expense of more CPU.
openssl genrsa -out private 2048
chmod 400 private
openssl rsa -in private -out public -pubout
DNS_NAME="$(tr -d "\n" < selector)._domainkey"
DNS_ADDRESS="v=DKIM1;p=$(grep -v -e '^-' public | tr -d "\n")"
# fold width is arbitrary, any value between 80 and 255 is reasonable.
BIND_SPLIT_ADDRESS="$(echo "$DNS_ADDRESS" | fold -w 110 | sed -e 's/^/ "/g; s/$/"/g')"
# make it really easy to publish the public key in DNS
# by creating a file named 'dns', with instructions
cat > dns <<EO_DKIM_DNS
Add this TXT record to the $DOMAIN DNS zone.
$DNS_NAME IN TXT $DNS_ADDRESS
BIND zone file formatted:
$DNS_NAME IN TXT (
$BIND_SPLIT_ADDRESS
)
Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
With SPF:
SPF "v=spf1 mx a -all"
TXT "v=spf1 mx a -all"
With DMARC:
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100"
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
haraka -h dkim_sign
haraka -h spf
EO_DKIM_DNS
cd ..