50 lines
1.5 KiB
Bash
50 lines
1.5 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
source ./lib.sh
|
|
|
|
log "Installiere DKIM-Helper …"
|
|
|
|
install -d -m 0755 /usr/local/sbin
|
|
|
|
cat >/usr/local/sbin/mailwolt-install-dkim <<'EOF'
|
|
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
DOMAIN="$1" # z.B. sysmail.toastra.com
|
|
SELECTOR="${2:-mwl1}"
|
|
|
|
[[ -n "$DOMAIN" ]] || { echo "Usage: $0 <domain> [selector]"; exit 2; }
|
|
|
|
KEYDIR="/etc/opendkim/keys/${DOMAIN}"
|
|
PRIV="${KEYDIR}/${SELECTOR}.private"
|
|
TXT="${KEYDIR}/${SELECTOR}.txt"
|
|
|
|
install -d -m 0750 -o opendkim -g opendkim "$KEYDIR"
|
|
|
|
if [[ ! -s "$PRIV" ]]; then
|
|
opendkim-genkey -b 2048 -s "$SELECTOR" -d "$DOMAIN" -D "$KEYDIR"
|
|
chown opendkim:opendkim "$PRIV"
|
|
chmod 600 "$PRIV"
|
|
fi
|
|
|
|
grep -q "^${SELECTOR}\._domainkey\.${DOMAIN} " /etc/opendkim/KeyTable 2>/dev/null \
|
|
|| echo "${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${PRIV}" >> /etc/opendkim/KeyTable
|
|
|
|
grep -q "^\*@${DOMAIN} " /etc/opendkim/SigningTable 2>/dev/null \
|
|
|| echo "*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}" >> /etc/opendkim/SigningTable
|
|
|
|
install -d -m 0755 /etc/mailwolt/dns
|
|
[[ -s "$TXT" ]] && cp -f "$TXT" "/etc/mailwolt/dns/dkim-${DOMAIN}.txt" || true
|
|
|
|
systemctl restart opendkim
|
|
EOF
|
|
|
|
chmod 750 /usr/local/sbin/mailwolt-install-dkim
|
|
chown root:root /usr/local/sbin/mailwolt-install-dkim
|
|
|
|
# Sudo-Berechtigung für den App-User (meist www-data)
|
|
APP_USER="${APP_USER:-www-data}"
|
|
echo "${APP_USER} ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-install-dkim *" >/etc/sudoers.d/mailwolt-dkim
|
|
chmod 440 /etc/sudoers.d/mailwolt-dkim
|
|
|
|
log "[✓] DKIM-Helper installiert: /usr/local/sbin/mailwolt-install-dkim" |