forked from evolix/ansible-roles
aligning roles with our conventions, major changes in opendkim-add.sh
This commit is contained in:
parent
66381ae454
commit
36515c9c89
|
@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* tomcat: better tomcat version management
|
* tomcat: better tomcat version management
|
||||||
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
|
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
|
||||||
* evomaintenance: embed version 0.5.0
|
* evomaintenance: embed version 0.5.0
|
||||||
|
* opendkim : aligning roles with our conventions, major changes in opendkim-add.sh
|
||||||
|
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -1,52 +1,37 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
|
||||||
dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q
|
|
||||||
|
|
||||||
if [ "$?" -ne 0 ]; then
|
|
||||||
echo "Require opendkim-tools and opendkim"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$#" -ne 1 ]; then
|
if [ "$#" -ne 1 ]; then
|
||||||
echo "Usage : $0 example.com" >&2
|
echo "Usage : $0 example.com" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
servername="$(cat /etc/hostname)"
|
||||||
domain="$(echo "$1"|xargs)"
|
domain="$(echo "$1"|xargs)"
|
||||||
|
|
||||||
mkdir -pm 0750 "/etc/opendkim/keys/${domain}"
|
if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then
|
||||||
chown opendkim:opendkim "/etc/opendkim/keys/${domain}"
|
|
||||||
|
|
||||||
if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then
|
|
||||||
cd "/etc/opendkim/keys/${domain}"
|
|
||||||
echo "Generate DKIM keys ..."
|
echo "Generate DKIM keys ..."
|
||||||
sudo -u opendkim opendkim-genkey -r -d "${domain}"
|
opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}"
|
||||||
chmod 640 /etc/opendkim/keys/${domain}/*
|
chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private"
|
||||||
fi
|
chmod 640 "/etc/ssl/private/dkim-${servername}.private"
|
||||||
|
mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/"
|
||||||
grep -q "${domain}" /etc/opendkim/TrustedHosts
|
|
||||||
if [ "$?" -ne 0 ]; then
|
|
||||||
echo "Add ${domain} to TrustedHosts ..."
|
|
||||||
echo "${domain}" >> /etc/opendkim/TrustedHosts
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
grep -q "${domain}" /etc/opendkim/KeyTable
|
grep -q "${domain}" /etc/opendkim/KeyTable
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
echo "Add ${domain} to KeyTable ..."
|
echo "Add ${domain} to KeyTable ..."
|
||||||
echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable
|
echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable
|
||||||
fi
|
fi
|
||||||
|
|
||||||
grep -q "${domain}" /etc/opendkim/SigningTable
|
grep -q "${domain}" /etc/opendkim/SigningTable
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
echo "Add ${domain} to SigningTable ..."
|
echo "Add ${domain} to SigningTable ..."
|
||||||
echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable
|
echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable
|
||||||
fi
|
fi
|
||||||
|
|
||||||
systemctl reload opendkim
|
systemctl reload opendkim
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
echo "OpenDKIM successfully reloaded"
|
echo "OpenDKIM successfully reloaded"
|
||||||
echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt"
|
echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt"
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
echo "An error has occurred while opendkim reload, please FIX configuration !" >&2
|
echo "An error has occurred while opendkim reload, please FIX configuration !" >&2
|
||||||
|
|
|
@ -5,7 +5,6 @@ OversignHeaders From
|
||||||
TrustAnchorFile /usr/share/dns/root.key
|
TrustAnchorFile /usr/share/dns/root.key
|
||||||
Selector default
|
Selector default
|
||||||
Canonicalization relaxed/relaxed
|
Canonicalization relaxed/relaxed
|
||||||
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
|
||||||
InternalHosts refile:/etc/opendkim/TrustedHosts
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||||||
KeyTable refile:/etc/opendkim/KeyTable
|
KeyTable refile:/etc/opendkim/KeyTable
|
||||||
LogResults Yes
|
LogResults Yes
|
||||||
|
|
|
@ -6,19 +6,16 @@
|
||||||
with_items:
|
with_items:
|
||||||
- opendkim
|
- opendkim
|
||||||
- opendkim-tools
|
- opendkim-tools
|
||||||
|
- ssl-cert
|
||||||
tags:
|
tags:
|
||||||
- opendkim
|
- opendkim
|
||||||
|
|
||||||
- name: create keys directory
|
- name: Add user opendkim in ssl-cert group
|
||||||
file:
|
user:
|
||||||
name: "{{ item }}"
|
name: opendkim
|
||||||
state: directory
|
groups: ssl-cert
|
||||||
owner: opendkim
|
state: present
|
||||||
group: opendkim
|
append: yes
|
||||||
mode: "0750"
|
|
||||||
with_items:
|
|
||||||
- '/etc/opendkim'
|
|
||||||
- '/etc/opendkim/keys'
|
|
||||||
tags:
|
tags:
|
||||||
- opendkim
|
- opendkim
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue