#dnsbl.sorbs.net
#t1.dnsbl.net.au
#checked 2025-07-12 by preference order
-bl.spamcop.net
-sbl.spamhaus.org
-pbl.spamhaus.org
-xbl.spamhaus.org
-b.barracudacentral.org
-bl.blocklist.de
-ips.backscatterer.org
-dnsbl.dronebl.org
-all.s5h.net #http://s5h.net/rbl
-#hostkarma.junkemailfilter.com #
+-1 127.0.0.2 bl.spamcop.net
+-1 127.0.0.2 sbl.spamhaus.org
+-1 127.0.0.2 pbl.spamhaus.org
+-1 127.0.0.2 xbl.spamhaus.org
+-1 127.0.0.2 b.barracudacentral.org
+-1 127.0.0.2 bl.blocklist.de
+-1 127.0.0.2 ips.backscatterer.org
+-1 127.0.0.2 dnsbl.dronebl.org
+-1 127.0.0.2 all.s5h.net #http://s5h.net/rbl
+-1 127.0.0.2 hostkarma.junkemailfilter.com #
%attr(0754,root,root) %{_libdir}/%{name}/support/crdb.sh
%attr(0754,root,root) %{_libdir}/%{name}/support/dummy-cert.sh
%attr(0754,root,root) %{_libdir}/%{name}/support/starting.sh
+%attr(0754,root,root) %{_libdir}/%{name}/support/do_dns_tlsa.sh
%attr(0750,%{name},mail) %{_libdir}/%{name}/support/mailleur-reset-db.sh
%attr(0750,%{name},mail) %{_libdir}/%{name}/support/mailleur-settest-db.sh
%attr(0755,%{name},mail) %dir %{spooldir}/%{name}
DFLT '1970-01-01',
lastupdate DBTIMESTAMP //record creation
DFLT NOW(),
- credit INTEGER //Remote IP current credit (-100..+100)
+ credit INTEGER //Remote IP current credit (-100..+100)
DFLT -1,
reverse TEXT //Remote official revers address
DFLT NULL,
#comment in if working in production
DRY_RUN="--dry-run"
#-------------------------------------------------------------------
-WRKDIR=/tmp
+WRKDIR=/etc/certbot/data
MRKR=`date +"%F"`
-(
-#Set working directory
-cd $WRKDIR
-mkdir -p data
+gen_cnf()
-#Generate an Elliptic Curve Digital Signature Algorithm
-openssl ecparam \
- -out ./data/ec_key.pem \
- -genkey \
- -name prime256v1
-
-#generate a config file
-cat > ./data/cnffile << EOT
+{
+if [ ! -f ./data/cnffile ] ; then
+ #generate a config file
+ cat > ./data/cnffile << EOT
[req]
distinguished_name=req_dn
[req_dn]
[SAN]
subjectAltName=DNS:`uname -n`
EOT
+ fi
+}
+
+genkey()
+{
+#Generate an Elliptic Curve Digital Signature Algorithm
+if [ ! -f ./data/ec_key.pem ] ; then
+ openssl ecparam \
+ -out ./data/ec_key.pem \
+ -genkey \
+ -name prime256v1
+ fi
+}
+
+
+gen_req()
+
+{
#Generate the CSR request
openssl req \
-config ./data/cnffile \
-out ./data/request.csr \
-keyout ./data/privkey.pem \
-key ./data/ec_key.pem
+}
+gen_cert()
+
+{
#Request certificate (with a steady key) via cerbot
#Note" this is done in dry-run mode (remove it to
#pass in production mode)
--logs-dir ./data \
--config-dir ./data \
$DRY_RUN
+}
+
+gen_dane ()
+
+{
+SUM=`openssl ec -in ./data/privkey -pubout -outform DER | sha256sum`
+
+echo ";--------------------------------------------"
+echo ";TLSA record to be inserted in domain DNS"
+echo -e "_25._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
+echo ";--------------------------------------------"
+}
+
+#Set working directory
+cd $WRKDIR
+mkdir -p data
+
+gen_cnf
+gen_key
+gen_cert
+gen_dane
-)