Last active
March 1, 2024 11:52
-
-
Save bynicolas/b884f00c2aa9e33ef41cb5679f289793 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
## Help message | |
if [ $# -le 1 ]; then | |
echo "Use: $0 <domain name> <selector>" | |
exit 1 | |
fi | |
DOMAIN=$1 | |
SELECTOR=$2 | |
if [ ! -d /etc/exim4/dkim/keys/$DOMAIN ]; then | |
mkdir -p /etc/exim4/dkim/keys/$DOMAIN | |
fi | |
if [ ! -f /etc/exim4/dkim/KeyTable ]; then | |
touch /etc/exim4/dkim/KeyTable | |
fi | |
cd /etc/exim4/dkim/keys/$DOMAIN | |
## Generate Private and public key | |
openssl genrsa -out ${SELECTOR}-${DOMAIN}.privkey 1024 -outform PEM | |
openssl rsa -in ${SELECTOR}-${DOMAIN}.privkey -out ${SELECTOR}-${DOMAIN}.pub -pubout -outform PEM | |
## Set permissions | |
chown -R Debian-exim: /etc/exim4/dkim | |
chmod 750 /etc/exim4/dkim | |
chmod 750 /etc/exim4/dkim/keys | |
chmod 640 /etc/exim4/dkim/keys/$DOMAIN/* | |
chmod 750 /etc/exim4/dkim/keys/$DOMAIN | |
## Format the public key | |
PUBLICKEY=`sudo cat ${SELECTOR}-${DOMAIN}.pub | tail -n +2 | head -n -1 | tr -d '\n'`; | |
## Add data to our KeyTable file | |
echo "${DOMAIN} domain=${DOMAIN} selector=${SELECTOR} privkey=/etc/exim4/dkim/keys/$DOMAIN/${SELECTOR}-${DOMAIN}.privkey" >> /etc/exim4/dkim/KeyTable | |
## Print out the TXT record | |
echo "DKIM key pair created for $DOMAIN" | |
echo | |
echo "Cut and paste the following into your TXT DNS record:" | |
echo | |
echo "$SELECTOR._domainkey.$DOMAIN IN TXT \"v=DKIM1; h=sha256; k=rsa; s=email; p=$PUBLICKEY\"" |
Sorry, I never configured that kind of setup. Good luck in your research!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was wondering if you have any idea how to use multiple keys for a single domain. It would seem using dual keys (ed25519 and rsa) is possible, based on https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_and_spf.html , which states: