vim scripts/opendkim.sh
#!/bin/bash
# Script Version: 09
# Description: Generate and install OpenDKIM keys for a given domain and append KeyTable + SigningTable entries. Outputs the original generated TXT file directly to stdout and adds DMARC suggestion.
# Set variables
# ========
YEAR=$(date +'%Y')
DOMTLD=$1
KEY_DIR=/etc/opendkim/keys/$DOMTLD
KEYTABLE=/etc/opendkim/KeyTable
SIGNINGTABLE=/etc/opendkim/SigningTable
KEYNAME=${2:-} # optional explicit key label (defaults to leftmost label of domain)
# Functions
# ========
usage() {
echo "Usage: $0 <domain.tld> [keylabel]"
exit 1
}
append_keytable() {
touch "$KEYTABLE"
local KEY_LABEL
if [ -n "$KEYNAME" ]; then
KEY_LABEL="$KEYNAME"
else
KEY_LABEL="${DOMTLD%%.*}" # leftmost label of domain (e.g., intxtonic for intxtonic.net)
fi
local SELECTOR="$YEAR"
local LINE_DOMAIN_PART="${DOMTLD}:${SELECTOR}:${KEY_DIR}/${SELECTOR}.private"
local LINE
LINE=$(printf '%s\t%s' "$KEY_LABEL" "$LINE_DOMAIN_PART")
if ! grep -Pq "^${KEY_LABEL}\t" "$KEYTABLE" && ! grep -Fq "$LINE_DOMAIN_PART" "$KEYTABLE"; then
printf '%s\n' "$LINE" >> "$KEYTABLE"
fi
}
append_signingtable() {
touch "$SIGNINGTABLE"
local KEY_LABEL
if [ -n "$KEYNAME" ]; then
KEY_LABEL="$KEYNAME"
else
KEY_LABEL="${DOMTLD%%.*}"
fi
local PATTERN="*@${DOMTLD}"
local LINE
LINE=$(printf '%s\t%s' "$PATTERN" "$KEY_LABEL")
if ! grep -Pq "^\Q${PATTERN}\E\t\Q${KEY_LABEL}\E$" "$SIGNINGTABLE"; then
sed -i -e "/^\Q${PATTERN}\E\t/d" "$SIGNINGTABLE"
printf '%s\n' "$LINE" >> "$SIGNINGTABLE"
fi
}
# Main Process
# ========
[ -z "$DOMTLD" ] && usage
mkdir -p "$KEY_DIR"
cd "$KEY_DIR"
opendkim-genkey -s "$YEAR" -d "$DOMTLD"
chown opendkim:opendkim "${YEAR}.private"
chmod 600 "${YEAR}.private"
append_keytable
append_signingtable
# Output the original generated TXT file to stdout
cat "$KEY_DIR/${YEAR}.txt"
echo # empty line for readability
echo "; ✅ DMARC (aligns DKIM/SPF)"
echo "_dmarc IN TXT \"v=DMARC1; p=quarantine; rua=mailto:dmarc@bubuit.net\""
echo # final empty line for readability
systemctl restart opendkim postfix