61 lines
1.3 KiB
Bash
61 lines
1.3 KiB
Bash
|
#!/bin/sh
|
||
|
|
|
||
|
|
usage() {
|
||
|
|
echo " usage: $0 <example.com> [qpsmtpd username]"
|
||
|
|
echo " "
|
||
|
|
exit
|
||
|
|
}
|
||
|
|
|
||
|
|
if [ -z $1 ];
|
||
|
|
then
|
||
|
|
usage
|
||
|
|
fi
|
||
|
|
|
||
|
|
DOMAIN=$1
|
||
|
|
SMTPD=$2
|
||
|
|
if [ -z $SMTPD ];
|
||
|
|
then
|
||
|
|
SMTPD="smtpd"
|
||
|
|
fi
|
||
|
|
|
||
|
|
# create a directory for each DKIM signing domain
|
||
|
|
mkdir -p $DOMAIN
|
||
|
|
cd $DOMAIN
|
||
|
|
|
||
|
|
# create a selector in the format mmmYYYY (apr2013)
|
||
|
|
date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector
|
||
|
|
|
||
|
|
# generate a private and public keys
|
||
|
|
openssl genrsa -out private 2048
|
||
|
|
chmod 400 private
|
||
|
|
openssl rsa -in private -out public -pubout
|
||
|
|
|
||
|
|
# make it really easy to publish the public key in DNS
|
||
|
|
cat > dns <<EO_DKIM_DNS
|
||
|
|
|
||
|
|
`cat selector | tr -d "\n"`._domainkey TXT "v=DKIM1;p=`grep -v -e '^-' public | tr -d "\n"`"
|
||
|
|
|
||
|
|
_domainkey TXT "o=-; t=y; r=postmaster@$DOMAIN"
|
||
|
|
|
||
|
|
Tell the world that the ONLY mail servers that send mail from this domain bear our MX and A records.
|
||
|
|
|
||
|
|
With SPF:
|
||
|
|
|
||
|
|
SPF "v=spf1 mx a -all"
|
||
|
|
TXT "v=spf1 mx a -all"
|
||
|
|
|
||
|
|
With DMARC:
|
||
|
|
|
||
|
|
_dmarc TXT "v=DMARC1; p=reject; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; adkim=s; aspf=s; pct=100"
|
||
|
|
|
||
|
|
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
|
||
|
|
|
||
|
|
perldoc plugins/dkim
|
||
|
|
perldoc plugins/sender_permitted_from
|
||
|
|
|
||
|
|
|
||
|
|
EO_DKIM_DNS
|
||
|
|
|
||
|
|
cd ..
|
||
|
|
chown -R $SMTPD:$SMTPD $DOMAIN
|