diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-03 04:26:26 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:20 +0200 |
| commit | 1c357b55931a0d4fbd15d51d61ec4e81d4f38aa5 (patch) | |
| tree | d5f37b52487f75c3ffe40a39c94ea570c32816a5 /roles/common/files/usr/local | |
| parent | dfe8b222dc5067e1019d7ab5744df55b2c314ce8 (diff) | |
Install amavisd-new on the outgoing SMTP proxy.
For DKIM signing and virus checking.
Diffstat (limited to 'roles/common/files/usr/local')
| -rwxr-xr-x | roles/common/files/usr/local/bin/genkeypair.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index 16f9658..c5dfb30 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -23,41 +23,41 @@ set -ue PATH=/usr/bin:/bin # Default values type=rsa bits= hash= force= config= pubkey=pubkey.pem privkey=privkey.pem dns= usage() { cat >&2 <<- EOF Usage: $0 command [OPTIONS] Command: x509: generate a self-signed X.509 server certificate csr: generate a Certificate Signing Request - dkim: generate a DKIM private key + dkim: generate a private key (to use for DKIM signing) Options: -t type: key type (default: rsa) -b bits: key length or EC curve (default: 2048 for RSA, 1024 for DSA, secp224r1 for ECDSA) -h digest: digest algorithm --dns CN: common name (default: \$(hostname --fqdn); can be repeated -f force: overwrite key files if they exist --config: configuration file --pubkey: public key file (default: pubkey.pem) --privkey: private key file (default: privkey.pem; created with og-rwx) Return values: 0 The key pair was successfully generated 1 The public or private key file exists, and -f is not set 2 The key generation failed EOF } [ $# -gt 0 ] || { usage; exit 2; } cmd="$1"; shift @@ -152,31 +152,31 @@ if [ -z "$config" -a \( "$cmd" = x509 -o "$cmd" = csr \) ]; then organizationName = Fripost commonName = $cn [ v3_req ] subjectAltName = email:admin@fripost.org, DNS:$cn$names basicConstraints = critical, CA:FALSE EOF fi if [ "$force" != 0 ]; then # Ensure "$privkey" is created with umask 0077 mv "$(mktemp)" "$privkey" || exit 2 chmod og-rwx "$privkey" || exit 2 openssl $genkey -rand /dev/urandom $genkeyargs >"$privkey" || exit 2 fi if [ "$cmd" = x509 -o "$cmd" = csr ]; then [ "$cmd" = x509 ] && x509=-x509 || x509= openssl req -config "$config" -new $x509 ${hash:+-$hash} -key "$privkey" >"$pubkey" || exit 2 elif [ "$cmd" = dkim ]; then - echo "Add the following TXT record to your DNS zone:" >&2 + echo "Add the following TXT record to your DNS zone:" echo "${dns:-$(date +%Y%m%d)}._domainkey\tIN\tTXT ( " # See https://tools.ietf.org/html/rfc4871#section-3.6.1 # t=s: the "i=" domain in signature headers MUST NOT be a subdomain of "d=" # s=email: limit DKIM signing to email openssl pkey -pubout <"$privkey" | sed '/^--.*--$/d' \ | { echo -n "v=DKIM1; k=$type; t=s; s=email; p="; tr -d '\n'; } \ | fold -w 250 \ | { sed 's/.*/\t"&"/'; echo ' )'; } [ "$force" != 0 ] || exit 1 fi |