qpsmtpd/config.sample/dkim/dkim_key_gen.sh

63 lines
1.4 KiB
Bash
Raw Normal View History

2013-04-15 03:42:21 +02:00
#!/bin/sh
usage() {
echo " usage: $0 <example.com> [qpsmtpd username]"
echo " "
exit
}
if [ -z $1 ];
then
usage
fi
DOMAIN=$1
SMTPD=$2
if [ -z $SMTPD ];
then
SMTPD="smtpd"
fi
# create a directory for each DKIM signing domain
mkdir -p $DOMAIN
cd $DOMAIN
# create a selector in the format mmmYYYY (apr2013)
date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector
# generate a private and public keys
openssl genrsa -out private 2048
chmod 400 private
openssl rsa -in private -out public -pubout
# make it really easy to publish the public key in DNS
cat > dns <<EO_DKIM_DNS
`cat selector | tr -d "\n"`._domainkey TXT "v=DKIM1;p=`grep -v -e '^-' public | tr -d "\n"`"
Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
2013-04-15 03:42:21 +02:00
With SPF:
SPF "v=spf1 mx a -all"
TXT "v=spf1 mx a -all"
With DMARC:
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; pct=100"
With DomainKeys (deprecated)
_domainkey TXT "o=-; t=y; r=postmaster@$DOMAIN"
2013-04-15 03:42:21 +02:00
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
perldoc plugins/dkim
perldoc plugins/sender_permitted_from
EO_DKIM_DNS
cd ..
chown -R $SMTPD:$SMTPD $DOMAIN