-
-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathdkim-setup
executable file
·120 lines (100 loc) · 3.84 KB
/
dkim-setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/usr/bin/env bash
#
# dkim-setup
#
# See: https://russell.ballestrini.net/quickstart-to-dkim-sign-email-with-python/
#
# Create a new Email DKIM key for your company's licensing... subdomin, eg.
#
# licensing.awesome-inc.com
#
# This sub-domain exists solely to host a DKIM key to validate emails
# generated by the company's product's Licensing verification code.
# Signs an Email envelope for the singular purpose of sending Licensing
# messages. This allows your software to send an SMTP email claiming to be from
# the domain licensing.awesome-inc.com; DKIM-signed fields are indicated
# by >:
#
# > From: [email protected]
# > To: [email protected]
# Reply-To: [email protected]
# > Subject: "Something Awesome" License: 123456
#
# > Dear Something Awesome Client;
# >
# > Your unique Client ID the Subject: line of this email.
# >
# > Please enter this Client ID when prompted, to complete your Licensing
# > procedure for Example Inc's Awesome Product. Once you've entered
# > the Client ID above, you will be authorized to use Something Awesome.
# >
# > Thanks,
# > --
# > Something Awesome
# > Product Support
#
# The From/To and body are signed, the the Subject: is not, because we must
# send a different Client ID in each email's Subject: line. An auto-responder
# must be set up on your Company's (eg. awesome-inc.com) email server, for the
# new "licensing" recipient email address:
#
#
# Each email arriving at [email protected] must simply be bounced
# back to the Reply-To: address indicated. This accomplishes:
# 1) Informs [email protected] of the potential new client's email
# address + Client ID, which are used to generate the MultiPayoutERC20
# contract's .forwarder_address(<salt>), generating the unique Cryptocurrency
# account address into which the client will deposit their payment.
# 2) Ensures that the client has personal control over the indicated email
# address, preventing the generation of "Spam" installations and allow
# communications with the client. Even though your product itself generates
# the unique ID, it demands that the client receive it via email to complete
# the verification, because the email address is used as part of the hash,
# and we do not want people using the same email address, or other people's
# email addresses.
KTYPE="rsa" # "ed25519" # but not well supported yet; even by Cloudflare
COMPANY=""
while [ "${COMPANY}" == "" ]; do
echo -n "What is your company's name: "
read COMPANY
done
DOMAIN=""
while [ "${DOMAIN}" == "" ]; do
echo -n "What is your domain name: "
read DOMAIN
done
SUB="licensing"
# See if we've already got a DKIM .dns/.key pair w/ a certain "selector";
# If not, create one with the present date
SELECTOR=""
for f in $( ls -1 ${SUB}.${DOMAIN}.*.dns | sort | tail -1 ); do
f=${f%.dns}
SELECTOR=${f#${SUB}.${DOMAIN}.}
done
if [ -z "${SELECTOR}" ]; then
SELECTOR=$( date +%Y%m%d )
fi
TXTFILE="${SUB}.${DOMAIN}.${SELECTOR}.dns"
if [ ! -r "${TXTFILE}" ]; then
dknewkey --ktype ${KTYPE} ${SUB}.${DOMAIN}.${SELECTOR}
fi
ls -l ${TXTFILE}
echo "Found DKIM key: $( cat ${TXTFILE} )"
# See if it's installed in DNS. Dig always returns TXT as string literals: "..."
TXTREC="${SELECTOR}._domainkey.${SUB}.${DOMAIN}"
echo -n "Checking DNS at ${TXTREC} ..."
TXT=$( python3 -m crypto_licensing.licensing.doh --no-json dig ${TXTREC} TXT )
echo ${TXT}
if (( $? )); then
echo "Failed attempting to query DNS for ${TXTREC}";
exit 1
elif [ -z "${TXT}" ]; then
echo "No TXT record found at ${TXTREC}"
exit 1
elif ! echo -n ${TXT//\"} | diff ${TXTFILE} -; then
echo "${TXTFILE} doesn't match ${TXTREC} TXT record"
exit 1
fi
echo "DKIM properly set up for ${TXTREC}: ${TXT}"