system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Direktori : /sbin/ |
|
Current File : //sbin/opendkim-reportstats |
#!/bin/sh
#
# Copyright (c) 2012, The Trusted Domain Project. All rights reserved.
#
# Script to upload OpenDKIM statistics data. Original contributed
# by John Wood.
#
#
##
## opendkim(8) configuration file location
##
OPENDKIMCONFIG="/etc/mail/opendkim.conf"
##
## Owner and group of the statistics file
## (Leave empty to skip the re-creation step and let opendkim(8) do it)
##
OPENDKIMDATOWNER="opendkim:opendkim"
## ===========================================
## NO USER SERVICEABLE PARTS BEYOND THIS POINT
## ===========================================
PROGNAME=`basename $0`
OPENDKIMSTATS=`awk '$1 == "Statistics" { print $2 }' $OPENDKIMCONFIG`
if [ x"$OPENDKIMSTATS" = x"" ]
then
echo "${PROGNAME}: can't determine statistics file location from ${OPENDKIMCONFIG}"
exit 1
fi
OPENDKIMSTATSDIR=`dirname $OPENDKIMSTATS`
OPENDKIMSTATSFILE=`basename $OPENDKIMSTATS`
REPORTERNAME="OpenDKIM Filter User"
REPORTEREMAIL="<`whoami`@$HOSTNAME>"
UNIXDATE=`date +%s`
HOSTNAME=`hostname`
OPENDKIMSTATSDAT="${OPENDKIMSTATSDIR}/${OPENDKIMSTATSFILE}"
REPORTSTUB="${OPENDKIMSTATSDIR}/report_stub.txt"
GNUPGDIR="${OPENDKIMSTATSDIR}/.gnupg"
STATEMAIL="OpenDKIM Statistics Reporting Key <stats-report@opendkim.org>"
STATEMAILSIMPLE="stats-report@opendkim.org"
REGISTEREMAIL="OpenDKIM Stats Registration <stats-registration@opendkim.org>"
SENDMAILFLAGS="-t -f $REPORTEREMAIL"
ODKGNUPGURL="http://www.opendkim.org/stats/stats_opendkim_org.pub"
ODKGNUPGMD5URL="http://www.opendkim.org/stats/stats_opendkim_org.pub.md5"
ODKGNUPGCERT="${GNUPGDIR}/opendkim_org.pem"
ODKGNUPGMD5="${GNUPGDIR}/stats_opendkim_org.pub.md5"
OPENDKIMSTATS="2.11.0"
#
# VERSION -- output version string
#
version()
{
echo "${PROGNAME} v{OPENDKIMSTATS}"
exit 0
}
#
# USAGE -- output usage message
#
usage()
{
echo "${PROGNAME}: usage: ${PROGNAME} <mode>"
echo
echo "Valid modes:"
echo
echo " -register Downloads the opendkim.org public key,"
echo " generates stats reporting GPG setup, and"
echo " sends a registration request"
echo
echo " -sendregistration Sends pre-setup GPG registration to"
ecoh " opendkim.org in case initial registration"
echo " has problems sending email"
echo
echo " -sendstats Sends latest OpenDKIM stats to opendkim.org"
echo
echo " -version Displays the version and exits"
exit 0
}
#
# SET_PATHS -- set PATH and SENDMAIL variables
#
set_paths()
{
# Try to ensure proper execution by adding likely paths
PATH=$PATH:/usr/sbin:/sbin:/usr/bin:/usr/lib
for i in /usr/local/bin /usr/local/sbin /opt/local/bin \
/opt/local/sbin /usr/sfw/bin /usr/sfw/sbin
do
if [ -d "$i" ]; then
PATH=$PATH:$i
export PATH
fi
done
# Solaris
if [ -f '/usr/lib/sendmail' ]
then
SENDMAIL="/usr/lib/sendmail"
else
SENDMAIL="/usr/sbin/sendmail"
fi
}
#
# CHECK_OPENSSL -- try to find the openssl binary
#
check_openssl()
{
OPENSSL=`which openssl`
if [ -z "$OPENSSL" ]; then
echo "${PROGNAME}: cannot locate openssl binary"
exit 1
fi
}
#
# CHECK_GPG -- try to find the gpg binary
#
check_gpg()
{
GPG=`which gpg`
if [ -z "$GPG" ]; then
echo "${PROGNAME}: cannot locate gpg binary"
exit 1
fi
}
#
# CHECK_GPG_SETUP -- verify the OpenDKIM public key is in the local keyring
#
check_gpg_setup()
{
GPGVERIFY=`gpg --homedir="$GNUPGDIR" --no-permission-warning --list-keys | \
grep "$STATEMAIL" | \
awk -FO '{print "O"$2}'`
if [ "$GPGVERIFY" != "$STATEMAIL" ]
then
echo "${PROGNAME}: could not verify imported GPG key for $STATEMAIL"
echo "${PROGNAME}: run \"${PROGNAME} -register\" first"
exit 1
fi
GPGSETUP=`gpg --homedir="$GNUPGDIR" --no-permission-warning --list-keys | \
grep -v "$STATEMAIL" | \
grep "OpenDKIM"`
if [ -z "$GPGSETUP" ]
then
echo "${PROGNAME}: GPG setup incomplete"
echo "${PROGNAME}: run \"${PROGNAME}\" again"
exit 1
fi
}
#
# CHECK_WEB_APP -- figure out what web "GET" application is available
#
check_web_app()
{
WGET=`which wget`
if [ ! -z "$WGET" ]
then
WEBAPP=wget
elif [ -z "$WGET" ]
then
CURL=`which curl`
if [ -z "$CURL" ]
then
echo "${PROGNAME}: cannot locate wget or curl"
exit 1
fi
WEBAPP=curl
fi
}
#
# GET_OPENDKIM_ORG_PUB_CERT -- go get the OpenDKIM public key for signing
#
get_opendkim_org_pub_cert()
{
# safety net
if [ $? != 0 ]
then
echo "${PROGNAME}: cannot locate wget or curl"
exit 1
fi
# get the md5 sum file first
if [ x"$WEBAPP" = x"wget" ]
then
"$WEBAPP" -q -c --tries=10 -T 340 \
-O "$ODKGNUPGMD5" "$ODKGNUPGMD5URL"
elif [ "$WEBAPP" = curl ]
then
"$WEBAPP" -s -m 340 "$ODKGNUPGMD5URL" > "$ODKGNUPGMD5"
fi
if [ $? != 0 ]
then
echo "${PROGNAME}: failed to retrieve ${ODKGNUPGMD5URL}"
exit 1
fi
# get the public cert
if [ "$WEBAPP" = wget ]
then
"$WEBAPP" -q -c --tries=10 -T 340 \
-O "$ODKGNUPGCERT" "$ODKGNUPGURL"
elif [ "$WEBAPP" = curl ]
then
"$WEBAPP" -s -m 340 "$ODKGNUPGURL" > "$ODKGNUPGCERT"
fi
if [ $? != 0 ]
then
echo "${PROGNAME}: failed to retrieve ${ODKGNUPGURL}"
exit 1
fi
# verify the md5 sum of the public cert
if [ -f "$ODKGNUPGMD5" ] && [ -f "$ODKGNUPGCERT" ]
then
ODKORGSUM=`cat "$ODKGNUPGMD5"`
LOCALSUM=`"$OPENSSL" md5 "$ODKGNUPGCERT" | awk '{print $2}'`
else
echo "${PROGNAME}: $ODKGNUPGMD5 or ${ODKGNUPGCERT} absent/unreadable"
exit 1
fi
if [ "$ODKORGSUM" != "$LOCALSUM" ]
then
echo "${PROGNAME}: MD5 checksum for $ODKGNUPGCERT failed"
echo "${PROGNAME}: (expecting ${ODKORGSUM}, got ${LOCALSUM})"
exit 1
fi
}
#
# INPUT_CONTACT_INFO -- prompt for details we want to store in the key
#
input_contact_info()
{
NAMEVALID=0
INPUTNAME=""
EMAILVALID=0
INPUTEMAIL=""
NAMELENGTH=0
CONTACTEMAIL=""
until [ "$NAMEVALID" = 1 ]
do
printf "Please enter your name: "
read INPUTNAME
NAMELENGTH=`echo "$INPUTNAME" | wc -c`
if [ "$NAMELENGTH" -lt 5 ]
then
INPUTNAME=""
echo "${PROGNAME}: name must be at least five characters long"
fi
if [ ! -z "$INPUTNAME" ]
then
NAMEVALID=1
fi
done
until [ "$EMAILVALID" = 1 ]
do
printf "Please enter your contact email for OpenDKIM stats: "
read INPUTEMAIL
CONTACTEMAIL=`echo $INPUTEMAIL | egrep '[^[:space:]]+\>@[a-zA-Z0-9_\.]+\.[a-zA-Z]{2,3}'`
if [ ! -z "$CONTACTEMAIL" ]
then
EMAILVALID=1
else
echo "${PROGNAME}: invalid email address syntax"
fi
done
}
#
# OPENDKIM_GPG_IMPORT -- set up GPG and import the OpenDKIM key
#
opendkim_gpg_import()
{
echo "${PROGNAME}: retrieving opendkim.org public GPG certificate"
get_opendkim_org_pub_cert
if [ $? != 0 ]
then
echo "${PROGNAME}: failed to retrieve opendkim.org public GPG certificate"
exit 1
fi
echo "${PROGNAME}: importing opendkim.org public GPG certificate"
if [ ! -d "$GNUPGDIR" ]
then
echo "${PROGNAME}: directory ${GNUPGDIR} missing"
exit 1
fi
cat > "${GNUPGDIR}/gpg.conf" <<EOF
no-secmem-warning
keyserver-options no-auto-key-retrieve
no-random-seed-file
trust-model always
no-permission-warning
EOF
gpg --homedir="$GNUPGDIR" --no-permission-warning --import \
--trust-model always "$ODKGNUPGCERT"
if [ $? != 0 ]
then
echo "${PROGNAME}: certificate import failed"
exit 1
fi
GPGVERIFY=`gpg --homedir="$GNUPGDIR" --no-permission-warning --list-keys | \
grep "$STATEMAIL" | awk -FO '{print "O"$2}'`
if [ "$GPGVERIFY" != "$STATEMAIL" ]
then
echo "${PROGNAME}: could not verify imported GPG key for: ${STATEMAIL}"
exit 1
fi
}
#
# REGISTER -- generate a signing key and send it to OpenDKIM
#
register()
{
mkdir -p "$GNUPGDIR"
if [ $? != 0 ]
then
echo "${PROGNAME}: unable to create ${GNUPGDIR}"
exit 1
fi
chmod 700 "$GNUPGDIR"
echo "${PROGNAME}: configuring local GPG for statstics reporting"
# get name/email for non-interactive GPG cert/key generation
until [ x"$AGREE" = x"y" ]
do
input_contact_info
printf "$INPUTNAME <$INPUTEMAIL> is correct? [y/n]: "
read AGREE
done
if [ -z "$INPUTNAME" ] || [ -z "$INPUTEMAIL" ]
then
echo "${PROGNAME}: missing contact information, cannot generate GPG certificates"
echo "${PROGNAME}: run \"${PROGNAME} -register\""
exit 1
fi
# Generate the key
INPUTFILE="${GNUPGDIR}/${UNIXDATE}.temp.gpg"
echo "# input file to generate GnuPG keys automatically" > $INPUTFILE
echo >> $INPUTFILE
echo "%echo Generating a standard key" >> $INPUTFILE
echo >> $INPUTFILE
echo "#######################################" >> $INPUTFILE
echo "# parameters for the key" >> $INPUTFILE
echo >> $INPUTFILE
echo "Key-Type: DSA" >> $INPUTFILE
echo "Key-Length: 1024" >> $INPUTFILE
echo "Subkey-Type: ELG-E" >> $INPUTFILE
echo "Subkey-Length: 2048" >> $INPUTFILE
echo >> $INPUTFILE
echo "Name-Real: $INPUTNAME" >> $INPUTFILE
echo "Name-Comment: OpenDKIM GnuPG key" >> $INPUTFILE
echo "Name-Email: $INPUTEMAIL" >> $INPUTFILE
echo >> $INPUTFILE
echo "Expire-Date: 0" >> $INPUTFILE
echo >> $INPUTFILE
echo "######################################" >> $INPUTFILE
echo >> $INPUTFILE
echo "# the keyring files" >> $INPUTFILE
echo "%pubring ${GNUPGDIR}/pubring.gpg" >> $INPUTFILE
echo "%secring ${GNUPGDIR}/secring.gpg" >> $INPUTFILE
echo >> $INPUTFILE
echo "# perform key generation" >> $INPUTFILE
echo "%commit" >> $INPUTFILE
echo >> $INPUTFILE
echo "%echo done" >> $INPUTFILE
echo "#EOF" >> $INPUTFILE
echo >> $INPUTFILE
if [ ! -f "$INPUTFILE" ]
then
echo "${PROGNAME}: failed to create temporary file for GPG key generation"
exit 1
fi
# call GPG on the temp file
echo "${PROGNAME}: generating signing key"
gpg --batch --gen-key --homedir="$GNUPGDIR" \
--keyring="${GNUPGDIR}/pubring.gpg" \
--secret-keyring="${GNUPGDIR}/secring.gpg" "$INPUTFILE"
if [ $? != 0 ]
then
echo "${PROGNAME}: signing key generation failed"
exit 1
fi
rm "$INPUTFILE"
}
#
# NAME_FROM_KEY -- try to get name/email from gnupg key
#
name_from_key()
{
REPORTER=`gpg --homedir="$GNUPGDIR" --list-keys | grep 'OpenDKIM GnuPG key' | sed 's/^uid *//'`
if [ ! -z "$REPORTER" ]
then
REPORTERNAME=`echo $REPORTER | awk -F\< '{print $1}'`
REPORTEREMAIL=`echo $REPORTER | awk -F\< '{print "<"$2}'`
if [ -z "$REPORTERNAME" ] || [ -z "$REPORTEREMAIL" ]
then
REPORTERNAME="OpenDKIM Filter User"
REPORTEREMAIL="<`whoami`@$HOSTNAME>"
fi
fi
# re-eval flags to set the envelope as well
SENDMAILFLAGS="-t -f $REPORTEREMAIL"
}
#
# SEND_REGISTRATION -- send registration
#
send_registration()
{
echo "${PROGNAME}: preparing signing key submission"
gpg --batch -a --export --homedir="$GNUPGDIR" \
--out="/tmp/$HOSTNAME.public.key"
if [ $? != 0 ]
then
echo "${PROGNAME}: unable to export public key"
exit 1
fi
if [ -f /tmp/$HOSTNAME.public.key ]
then
mv /tmp/$HOSTNAME.public.key "${GNUPGDIR}"/
fi
# encrypt public key and prep for sending to OpenDKIM
gpg -a --homedir="$GNUPGDIR" -o \
"${GNUPGDIR}/${HOSTNAME}.${UNIXDATE}.gpg" -e \
-r "$STATEMAILSIMPLE" -- "${GNUPGDIR}/${HOSTNAME}.public.key" 2>/dev/null
if [ ! -f "${GNUPGDIR}/${HOSTNAME}.${UNIXDATE}.gpg" ]
then
echo "${PROGNAME}: encrypted key generation failed"
rm /tmp/"{$HOSTNAME}".public.key
exit 1
fi
name_from_key
# create a one time stub
echo "From: ${REPORTERNAME} ${REPORTEREMAIL}" > $REPORTSTUB
echo "To: ${REGISTEREMAIL}" >> $REPORTSTUB
echo "Subject: OpenDKIM stats reporting registration from ${REPORTEREMAIL}" >> $REPORTSTUB
# send registration email
cat $REPORTSTUB ${GNUPGDIR}/${HOSTNAME}.${UNIXDATE}.gpg | \
${SENDMAIL} ${SENDMAILFLAGS}
if [ $? != 0 ]
then
echo "${PROGNAME}: unable to send registration email"
exit 1
fi
echo "${PROGNAME}: registration submitted to OpenDKIM"
rm ${GNUPGDIR}/${HOSTNAME}.${UNIXDATE}.gpg
rm ${GNUPGDIR}/${HOSTNAME}.public.key
rm ${REPORTSTUB}
}
#
# SEND_STATS -- send the current stats batch
#
send_stats()
{
if [ ! -s "$OPENDKIMSTATSDAT" ]
then
echo "{$PROGNAME}: ${OPENDKIMSTATSDAT} empty or missing"
exit 1
fi
GPGVERIFY=`gpg --homedir="$GNUPGDIR" --no-permission-warning --list-keys | \
grep "$STATEMAIL" | awk -FO '{print "O"$2}'`
if [ "$GPGVERIFY" != "$STATEMAIL" ]
then
echo "${PROGNAME}: could not verify imported GPG key for: ${STATEMAIL}"
echo "${PROGNAME}: run \"${PROGNAME} -register\""
exit 1
fi
name_from_key
echo "From: ${REPORTERNAME} ${REPORTEREMAIL}" > $REPORTSTUB
echo "To: $STATEMAIL" >> $REPORTSTUB
echo "Subject: opendkim-stats report from ${HOSTNAME} at ${UNIXDATE}" >> $REPORTSTUB
if [ ! -s "$REPORTSTUB" ]
then
echo "${PROGNAME}: report stub empty or missing"
exit 1
fi
# clearsign statistics data
gpg --homedir="$GNUPGDIR" \
--output "${GNUPGDIR}/${OPENDKIMSTATSFILE}.${HOSTNAME}.${UNIXDATE}.gpg" \
--clearsign $OPENDKIMSTATSDAT
if [ $? != 0 ]
then
echo "${PROGNAME}: GPG clearsign of stats file ${OPENDKIMSTATSDAT} failed"
rm $REPORTSTUB
exit 1
fi
if [ ! -f "${GNUPGDIR}/${OPENDKIMSTATSFILE}.${HOSTNAME}.${UNIXDATE}.gpg" ]
then
echo "${PROGNAME}: GPG clearsign of stats file ${OPENDKIMSTATSDAT} missing"
rm $REPORTSTUB
exit 1
fi
cat $REPORTSTUB ${GNUPGDIR}/${OPENDKIMSTATSFILE}.${HOSTNAME}.${UNIXDATE}.gpg | \
${SENDMAIL} ${SENDMAILFLAGS}
if [ $? != 0 ]
then
echo "${PROGNAME}: sending of ${GNUPGDIR}/${OPENDKIMSTATSFILE}.${HOSTNAME}.${UNIXDATE}.gpg failed"
exit 1
fi
rm ${GNUPGDIR}/${OPENDKIMSTATSFILE}.${HOSTNAME}.${UNIXDATE}.gpg
# change this to cp when testing
mv $OPENDKIMSTATSDAT ${OPENDKIMSTATSDAT}.old
if [ ! -z "$OPENDKIMDATOWNER" ]
then
touch $OPENDKIMSTATSDAT
touch ${OPENDKIMSTATSDIR}/last_report
chown $OPENDKIMDATOWNER $OPENDKIMSTATSDAT
chmod 0660 $OPENDKIMSTATSDAT
fi
rm -f $REPORTSTUB
echo "${PROGNAME}: OpenDKIM stats sent at `date`"
exit 0
}
case "$1" in
-register)
set_paths
check_openssl
check_gpg
check_web_app
register
opendkim_gpg_import
send_registration
;;
-sendregistration)
set_paths
check_openssl
check_gpg
check_gpg_setup
send_registration
;;
-sendstats)
set_paths
check_openssl
check_gpg
send_stats
;;
-version)
version
;;
*)
usage
esac