Create DKIM keys for rspam

Based on the work from ghusson on linuxfr, I used his script to create DKIM keys for my mail server. Here are the small steps I followed.

DKIM on Debian 8

• Create the script

if [ $# -ne 1 ]; then
  echo "illegal number of parameters"
  echo "$0 <domain name>"
  exit -1
fi
if [ ! -d /etc/dkim/ ]; then
  mkdir -p /etc/dkim/
  chown root:ssl-cert /etc/dkim/
  chmod 640 /etc/dkim/
fi
DOMAIN=${1}
TIMESTAMP=$(date +"%Y%m%d%H%M")
SELECTOR="s${TIMESTAMP}"
PRIVKEY="/etc/dkim/dkim_private_${SELECTOR}._domainkey.${DOMAIN}.pem.key"
PUBKEY="/etc/dkim/dkim_public_${SELECTOR}._domainkey.${DOMAIN}.pem.key"
RMILTERLNK="/etc/dkim/${DOMAIN}.${SELECTOR}.key"
openssl genrsa -out ${PRIVKEY} 1024 -outform PEM
openssl rsa -in ${PRIVKEY} -out ${PUBKEY} -pubout -outform PEM
ln ${PRIVKEY} ${RMILTERLNK}
chown root:ssl-cert ${PRIVKEY} ${PUBKEY} ${RMILTERLNK}
chmod 640 ${PRIVKEY} ${RMILTERLNK}
chmod 664 ${PUBKEY}
DNSDKIM=$(cat ${PUBKEY} | egrep -v "^-----.*-----$" | tr -d "\n" | tr -d "\r")
echo "================================================================================"
echo "-> New DNS DKIM for $DOMAIN. Selector is : $SELECTOR"
echo "   PRIVATE key path  : $PRIVKEY"
echo "                       $RMILTERLNK"
echo "   PUBLIC key path   : $PUBKEY"
echo "-> DNS entries to add:"
echo "   DKIM         : $SELECTOR._domainkey IN 1800 TXT \"v=DKIM1; k=rsa; p=${DNSDKIM}"\"
echo "   SPF          : @ 1800 IN SPF \"v=spf1 mx ?all\""
echo "                : @ 1800 IN TXT \"v=spf1 mx ?all\""
echo "   DMARC LIGHT  : _dmarc 1800 IN TXT \"v=DMARC1; p=none; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""
echo "   DMARC REJECT : _dmarc 1800 IN TXT \"v=DMARC1; p=reject; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""
echo "-> rmilter.conf :"
echo "    domain {"
echo "      key = $RMILTERLNK;"
echo "      domain = \"$DOMAIN\";"
echo "      selector = \"$SELECTOR\";"
echo "    };"
echo "================================================================================"

• Create the DKIM keys

./make_dkim_keys.bash <your_domain>
chown -R _rmilter:_rmilter /etc/dkim
chmod 550 /etc/dkim
chmod 640 /etc/dkim/*

References:

• Recette_de_cuisine_partie2