Page MenuHomeGitPull.it

Fornire record DKIM
Closed, ResolvedPublic

Description

Fornire DKIM per wikimedia.lol

Related Objects

Event Timeline

ferdi2005 created this task.Wed, Jan 6, 15:00
ferdi2005 created this object in space S1 Public.
Restricted Application added a project: User-valerio.bozzolan. · View Herald TranscriptWed, Jan 6, 15:00
valerio.bozzolan closed this task as Resolved.Wed, Jan 6, 15:20

Dear Ferdino,

Having said I don't have any f****ng idea about why you need that domain, anyway it's your business. Have fun!

WARNING: From great powers, great responsibility!

Please create a DNS TXT record for:

wikipedia202101._domainkey.wikimedia.lol

With this value:

v=DKIM1; h=sha256; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJW6mb4Lkne47vc5nddr5nULdy4rJ6+qx/KFUFDEeQBmehIMeWNw4mQKXeSuhM74dV47mTkG8WnoAEqMOhuPgj3827LyMpoFjYpGP4SNZJaH/mKF+aCTlAF9+8v6mmPGYTn1ZlPG2Xvzpman9Ewla8bU5+cyyKfKtqVXB6PtO1MQIDAQAB

Then you can test it with:

$ opendkim-testkey -d 'wikipedia.lol' -s 'wikipedia202101' -vvv

Feel free to comment with the result of your test (but wait a couple of hours first).


Note that I've generated the DKIM key in the following way:

$ ssh gargantua.reyboz.it
$ ./dkim.sh 
Please insert the domain name and press enter
wikipedia.lol
opendkim-genkey: generating private key
opendkim-genkey: private key written to wikipedia202101.private
opendkim-genkey: extracting public key
opendkim-genkey: DNS TXT record written to wikipedia202101.txt
changed ownership of '/etc/postfix/dkim/dkimkeys/wikipedia202101.private' from root:root to opendkim:opendkim
changed ownership of '/etc/postfix/dkim/dkimkeys/wikipedia202101.txt' from root:root to opendkim:opendkim
wikipedia202101._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJW6mb4Lkne47vc5nddr5nULdy4rJ6+qx/KFUFDEeQBmehIMeWNw4mQKXeSuhM74dV47mTkG8WnoAEqMOhuPgj3827LyMpoFjYpGP4SNZJaH/mKF+aCTlAF9+8v6mmPGYTn1ZlPG2Xvzpman9Ewla8bU5+cyyKfKtqVXB6PtO1MQIDAQAB" )  ; ----- DKIM key wikipedia202101 for wikipedia.lol
$ systemctl reload opendkim

I've used this script:

1#!/bin/bash
2#
3# Generate a DKIM key for Postfix
4#
5# Project info
6# https://gitpull.it/w/kiss_libre_hosting_panel/
7#
8# Updates
9# https://gitpull.it/P13
10#
11# This script is in public domain.
12# 2020 - Valerio Bozzolan
13###################################################
14
15# die in case of errors
16set -e
17
18# expected pathnames
19POSTFIX=/etc/postfix
20DKIM="$POSTFIX"/dkim
21KEYTABLE="$DKIM"/keytable
22SIGNINGTABLE="$DKIM"/signingtable
23DKIM_KEYS="$DKIM"/dkimkeys
24
25# no domain no party
26domain="$1"
27if [ -z "$domain" ]; then
28 echo "Please insert the domain name and press enter"
29 read domain
30fi
31
32# no selector no party
33selector="$2"
34if [ -z "$2" ]; then
35 date="`date +%Y%m`"
36
37 # make domain shorter
38 domainshort="${domain:0:10}"
39
40 # strip dots
41 domainshort=$(echo "$domainshort" | sed 's/\.//g')
42
43 selector="$domainshort""$date"
44fi
45
46# expected pathnames
47keytablename="$selector"key
48expected_filename_prv="$selector".private
49expected_filename_txt="$selector".txt
50expected_filepath_prv="$DKIM_KEYS"/"$expected_filename_prv"
51expected_filepath_txt="$DKIM_KEYS"/"$expected_filename_txt"
52
53# key generation
54opendkim-genkey --verbose --bits=1024 "--domain=$domain" "--selector=$selector" "--directory=$DKIM_KEYS"
55
56# this line should be at the beginning of the file
57sed -i "1s/^/*@$domain $keytablename\n/" "$SIGNINGTABLE"
58
59# this line can be appended at the end of the table
60echo "$keytablename $domain:$selector:$expected_filepath_prv" >> "$KEYTABLE"
61
62# eventually fix privileges
63chown --verbose opendkim: "$expected_filepath_prv" "$expected_filepath_txt"
64
65cat "$expected_filepath_txt"
66echo
67echo "Done!"
68echo " systemctl reload opendkim"
69echo " opendkim-testkey -d '$domain' -s '$selector' -vvv"