#!/bin/sh

usage() {
    echo "   usage: $0 <example.com> [qpsmtpd username]"
    echo " "
    exit
}

if [ -z $1 ];
then
    usage
fi

DOMAIN=$1
SMTPD=$2
if [ -z $SMTPD ];
then
    SMTPD="smtpd"
fi

# create a directory for each DKIM signing domain
mkdir -p $DOMAIN
cd $DOMAIN

# create a selector in the format mmmYYYY (apr2013)
date '+%h%Y' | tr "[:upper:]" "[:lower:]" > selector

# generate a private and public keys
openssl genrsa -out private 2048
chmod 400 private
openssl rsa -in private -out public -pubout

# make it really easy to publish the public key in DNS
cat > dns <<EO_DKIM_DNS

`cat selector | tr -d "\n"`._domainkey TXT "v=DKIM1;p=`grep -v -e '^-' public | tr -d "\n"`"

Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.

With SPF:

        SPF "v=spf1 mx a -all"
        TXT "v=spf1 mx a -all"

With DMARC:

_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; pct=100"

With DomainKeys (deprecated)

_domainkey TXT "o=-; t=y; r=postmaster@$DOMAIN"

For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:

   perldoc plugins/dkim
   perldoc plugins/sender_permitted_from


EO_DKIM_DNS

cd ..
chown -R $SMTPD:$SMTPD $DOMAIN