From 984537526a7838710ac169456b0482471b3a2dd7 Mon Sep 17 00:00:00 2001
From: Hannu Shemeikka <hannu.shemeikka@kyynel.net>
Date: Sat, 12 Aug 2017 19:09:11 +0300
Subject: [PATCH] New command: generate-dkim-domain

This command can be used for generating DKIM key for a domain,
which is not included in any configuration files. For example,
when using SQL database for transport maps.
---
 .gitignore                      |  1 +
 Makefile                        |  3 +-
 README.md                       |  6 ++++
 target/bin/generate-dkim-domain | 39 +++++++++++++++++++++++
 test/tests.bats                 | 55 +++++++++++++++++++++++++++++++++
 5 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 target/bin/generate-dkim-domain

diff --git a/.gitignore b/.gitignore
index 7f72b1bb..99c99dd0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ docker-compose.yml
 test/config/empty/
 test/config/without-accounts/
 test/config/without-virtual/
+test/config/with-domain/
 test/config/postfix-accounts.cf
 test/config/letsencrypt/mail.my-domain.com/combined.pem
 test/onedir
diff --git a/Makefile b/Makefile
index 70e656bf..496e18d1 100644
--- a/Makefile
+++ b/Makefile
@@ -220,4 +220,5 @@ clean:
 	-sudo rm -rf test/onedir \
 		test/config/empty \
 		test/config/without-accounts \
-		test/config/without-virtual
+		test/config/without-virtual \
+		test/config/with-domain
diff --git a/README.md b/README.md
index be25c308..0dc32005 100644
--- a/README.md
+++ b/README.md
@@ -151,6 +151,12 @@ Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
       -v "$(pwd)/config":/tmp/docker-mailserver \
       -ti tvial/docker-mailserver:latest generate-dkim-config
 
+This generates DKIM keys for domains in configuration files. You can also generate DKIM key for a domain by using command
+
+    docker run --rm \
+      -v "$(pwd)/config":/tmp/docker-mailserver \
+      -ti tvial/docker-mailserver:latest generate-dkim-domain name_of_domain
+
 Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
 
 Note: you can also manage email accounts, DKIM keys and more with the [setup.sh convenience script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh).
diff --git a/target/bin/generate-dkim-domain b/target/bin/generate-dkim-domain
new file mode 100644
index 00000000..16ef6d5b
--- /dev/null
+++ b/target/bin/generate-dkim-domain
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+if [ $# -ne 1 ]; then
+    echo $0: "usage: generate-dkim-domain domain"
+    exit 1
+fi
+
+domainname=$1
+
+mkdir -p /tmp/docker-mailserver/opendkim/keys/$domainname
+
+if [ ! -f "/tmp/docker-mailserver/opendkim/keys/$domainname/mail.private" ]; then
+    echo "Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/$domainname/mail.private"
+    opendkim-genkey --subdomains --domain=$domainname --selector=mail -D /tmp/docker-mailserver/opendkim/keys/$domainname
+fi
+
+# Write to KeyTable if necessary
+keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
+if [ ! -f "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
+    echo "Creating DKIM KeyTable"
+    echo $keytableentry > /tmp/docker-mailserver/opendkim/KeyTable
+else
+    if ! grep -q "$keytableentry" "/tmp/docker-mailserver/opendkim/KeyTable" ; then
+        echo $keytableentry >> /tmp/docker-mailserver/opendkim/KeyTable
+    fi
+fi
+
+# Write to SigningTable if necessary
+signingtableentry="*@$domainname mail._domainkey.$domainname"
+if [ ! -f "/tmp/docker-mailserver/opendkim/SigningTable" ]; then
+    echo "Creating DKIM SigningTable"
+    echo "*@$domainname mail._domainkey.$domainname" > /tmp/docker-mailserver/opendkim/SigningTable
+else
+    if ! grep -q "$signingtableentry" "/tmp/docker-mailserver/opendkim/SigningTable" ; then
+        echo $signingtableentry >> /tmp/docker-mailserver/opendkim/SigningTable
+    fi
+fi
\ No newline at end of file
diff --git a/test/tests.bats b/test/tests.bats
index 0ea4dafc..b729fbf9 100644
--- a/test/tests.bats
+++ b/test/tests.bats
@@ -574,6 +574,61 @@ load 'test_helper/bats-assert/load'
   assert_output 4
 }
 
+@test "checking opendkim: generator creates keys, tables and TrustedHosts using domain name" {  
+  rm -rf "$(pwd)/test/config/with-domain" && mkdir -p "$(pwd)/test/config/with-domain"
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
+    -v "$(pwd)/test/config/postfix-accounts.cf":/tmp/docker-mailserver/postfix-accounts.cf \
+    -v "$(pwd)/test/config/postfix-virtual.cf":/tmp/docker-mailserver/postfix-virtual.cf \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-config | wc -l'
+  assert_success
+  assert_output 6
+  # Generate key using domain name
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/":/tmp/docker-mailserver/ \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'generate-dkim-domain testdomain.tld | wc -l'
+  assert_success
+  assert_output 1
+  # Check keys for localhost.localdomain
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/localhost.localdomain/ | wc -l'
+  assert_success
+  assert_output 2
+  # Check keys for otherdomain.tld
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/otherdomain.tld | wc -l'
+  assert_success
+  assert_output 2
+  # Check keys for testdomain.tld
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c 'ls -1 /etc/opendkim/keys/testdomain.tld | wc -l'
+  assert_success
+  assert_output 2
+  # Check presence of tables and TrustedHosts
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c "ls -1 /etc/opendkim | grep -E 'KeyTable|SigningTable|TrustedHosts|keys' | wc -l"
+  assert_success
+  assert_output 4
+  # Check valid entries actually present in KeyTable
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \
+    "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/KeyTable | wc -l"
+  assert_success
+  assert_output 4
+  # Check valid entries actually present in SigningTable
+  run docker run --rm \
+    -v "$(pwd)/test/config/with-domain/opendkim":/etc/opendkim \
+    `docker inspect --format '{{ .Config.Image }}' mail` /bin/sh -c \
+    "egrep 'localhost.localdomain|otherdomain.tld|localdomain2.com|testdomain.tld' /etc/opendkim/SigningTable | wc -l"
+  assert_success
+  assert_output 4
+}
+
 #
 # ssl
 #