Added OpenDKIM to Postfix module

2021-01-29 18:23:16 +01:00
parent 03ff10e36d
commit 8dfef7c493
7 changed files with 123 additions and 9 deletions
--- a/SubModules/postfix/appendCMS-Pre_conf.sh
+++ b/SubModules/postfix/appendCMS-Pre_conf.sh
@@ -0,0 +1,18 @@
+if [ -z "${sitename}" ]; then sitename=${domain//./_};fi
+#ADD DOMAIN
+sudo --user opendkim mkdir /etc/opendkim/keys/"$domain"
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/"$domain" -d "$domain" -s vps
+echo "$domain" >> /etc/opendkim/TrustedHosts
+echo "vps._domainkey."$domain" "$domain":vps:/etc/opendkim/keys/"$domain"/vps.private" >> /etc/opendkim/KeyTable
+
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/config/opendkim-init.sh -o ~/OpenDKIMInit-$sitename.sh
+sed -i -e 's/DOMAINname/'$domain'/'  's/SITEName/'$sitename'/'   ~/OpenDKIMInit-$sitename.sh
+
+cat << EOF > /etc/update-motd.d/51-opendkim-"$sitename"
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for $domain please run Please run bash ~/OpenDKIMInit-$sitename.sh after the first wordpress login"
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-opendkim-"$sitename"
--- a/SubModules/postfix/apt.pkg.list
+++ b/SubModules/postfix/apt.pkg.list
@@ -1 +1 @@
-mailutils
+mailutils opendkim-tools
--- a/SubModules/postfix/conf.sh
+++ b/SubModules/postfix/conf.sh
@@ -1,10 +1,15 @@
+
+systemctl stop postfix opendkim
+
+
 ##-------------##
 #    Postfix    #
 ##-------------##

-sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
-sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
-sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+sed -i "/^inet_interfaces =/c\inet_interfaces = loopback-only" /etc/postfix/main.cf
+sed -i "/recipient_delimiter =/c\recipient_delimiter = +" /etc/postfix/main.cf
+sed -i "/^mydestination =/c\mydestination = \"$hostname\", localhost.\"$hostname\", \"$hostname\"" /etc/postfix/main.cf
+echo "$hostname" > /etc/mailname
 echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
 cat <<EOF > /etc/aliases
 # See man 5 aliases for format
@@ -13,6 +18,50 @@ root:          $email
 EOF
 newaliases

-systemctl start postfix 
-systemctl enable postfix
-systemctl reload postfix
+cat <<EOF >>
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+EOF
+
+
+##--------------##
+#    OpenDKIM    #
+##--------------##
+
+adduser postfix opendkim
+mkdir /etc/opendkim/keys
+chown opendkim:opendkim /etc/opendkim/keys -R
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/config/opendkim.conf -o /etc/opendkim.conf
+cat <<EOF > /etc/opendkim/TrustedHosts
+127.0.0.1
+::1
+localhost
+$(curl -s -4 icanhazip.com)
+$(curl -s -6 icanhazip.com)
+${hostname}
+EOF
+
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    mkdir /var/spool/postfix/opendkim
+    sudo chown opendkim:postfix /var/spool/postfix/opendkim
+    sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim
+    echo "TrustAnchorFile       /usr/share/dns/root.key" >> /etc/opendkim/conf
+    bash /lib/opendkim/opendkim.service.generate
+    systemctl daemon-reload
+fi
+
+cat << EOF > /etc/update-motd.d/51-generalSPF
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for this server add \"ip4:\$(curl -s -4 icanhazip.com) ip6:\$(curl -s -6 icanhazip.com)\" to $hostname SPF"
+printf \$red "remove notice this by running \"rm /etc/update-motd.d/51-generalSPF\""
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-generalSPF
+
+systemctl start postfix opendkim 
+systemctl enable postfix opendkim
--- a/SubModules/postfix/config/opendkim.conf
+++ b/SubModules/postfix/config/opendkim.conf
@@ -0,0 +1,12 @@
+Syslog               yes
+UMask                007
+Socket               local:/var/run/opendkim/opendkim.sock
+PidFile              /var/run/opendkim/opendkim.pid
+OversignHeaders      From
+UserID               opendkim
+Canonicalization     relaxed/simple
+Mode                 s
+KeyTable             refile:/etc/opendkim/KeyTable
+SigningTable         refile:/etc/opendkim/SigningTable
+ExternalIgnoreList   refile:/etc/opendkim/TrustedHosts
+InternalHosts        refile:/etc/opendkim/TrustedHosts
--- a/SubModules/postfix/generic.pkg.list
+++ b/SubModules/postfix/generic.pkg.list
@@ -1 +1 @@
-postfix
+postfix opendkim
--- a/SubModules/postfix/opendkim-init.sh
+++ b/SubModules/postfix/opendkim-init.sh
@@ -0,0 +1,35 @@
+if [ -n "$1" ]; then
+    if [[ "$1" = "--enable" ]]; then
+        echo "Enableing DKIM"
+
+        echo "*@DOMAINname vps._domainkey.DOMAINname >>/etc/opendkim/SigningTable\
+        systemctl reload opendkim
+        #Remove script
+        while true; do
+            read -p "Remove this script -> yes/no?" yn
+            case $yn in
+                [Nn]* )
+                break;;
+                [Yy]* )
+                rm -- "$0"
+                break;;
+                * )echo "Choose yes or no.";;
+            esac
+        done
+        exit
+    fi
+fi
+echo "Required to enable mailing for this system"
+echo "Please add the folloing to your SPF Record in the DNS of DOMAINname"
+echo ""
+echo "Optional to enable dkim" 
+echo "ip4:$(curl -s -4 icanhazip.com) ip6:$(curl -s -6 icanhazip.com)"
+echo "Please add the folloing TXT Record to the DNS of DOMAINname"
+echo "WARNING the output is split, please combine key before inserting into DNS" 
+cat /etc/opendkim/keys/DOMAINname/vps.txt
+
+echo ""
+echo "If DNS is propegated then run \"bash $0 --enable\""
+
+rm -f /etc/update-motd.d/51-opendkim-SITEName
+