From: Jean-Marc Pigeon (Delson) Date: Thu, 24 Jul 2025 12:53:26 +0000 (-0400) Subject: Adding suport script do_dns_tlsa.sh X-Git-Tag: tag-0.14~36 X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=f94c7084a7937c2a9ff4c89a1f3b3d4b33017a83;p=jmp%2Fmailleur Adding suport script do_dns_tlsa.sh --- diff --git a/conf/blacklister.conf b/conf/blacklister.conf index bdaf6ac..0d982a8 100644 --- a/conf/blacklister.conf +++ b/conf/blacklister.conf @@ -1,13 +1,13 @@ #dnsbl.sorbs.net #t1.dnsbl.net.au #checked 2025-07-12 by preference order -bl.spamcop.net -sbl.spamhaus.org -pbl.spamhaus.org -xbl.spamhaus.org -b.barracudacentral.org -bl.blocklist.de -ips.backscatterer.org -dnsbl.dronebl.org -all.s5h.net #http://s5h.net/rbl -#hostkarma.junkemailfilter.com # +-1 127.0.0.2 bl.spamcop.net +-1 127.0.0.2 sbl.spamhaus.org +-1 127.0.0.2 pbl.spamhaus.org +-1 127.0.0.2 xbl.spamhaus.org +-1 127.0.0.2 b.barracudacentral.org +-1 127.0.0.2 bl.blocklist.de +-1 127.0.0.2 ips.backscatterer.org +-1 127.0.0.2 dnsbl.dronebl.org +-1 127.0.0.2 all.s5h.net #http://s5h.net/rbl +-1 127.0.0.2 hostkarma.junkemailfilter.com # diff --git a/mailleur.spec.in b/mailleur.spec.in index 04b8f40..d75fd51 100644 --- a/mailleur.spec.in +++ b/mailleur.spec.in @@ -60,6 +60,7 @@ search about email exchange within time and transaction context. %attr(0754,root,root) %{_libdir}/%{name}/support/crdb.sh %attr(0754,root,root) %{_libdir}/%{name}/support/dummy-cert.sh %attr(0754,root,root) %{_libdir}/%{name}/support/starting.sh +%attr(0754,root,root) %{_libdir}/%{name}/support/do_dns_tlsa.sh %attr(0750,%{name},mail) %{_libdir}/%{name}/support/mailleur-reset-db.sh %attr(0750,%{name},mail) %{_libdir}/%{name}/support/mailleur-settest-db.sh %attr(0755,%{name},mail) %dir %{spooldir}/%{name} diff --git a/sql/mailleur.sql b/sql/mailleur.sql index 7c803ce..3ba9215 100644 --- a/sql/mailleur.sql +++ b/sql/mailleur.sql @@ -106,7 +106,7 @@ CREATE TABLE remotes ( DFLT '1970-01-01', lastupdate DBTIMESTAMP //record creation DFLT NOW(), - credit INTEGER //Remote IP current credit (-100..+100) + credit INTEGER //Remote IP current credit (-100..+100) DFLT -1, reverse TEXT //Remote official revers address DFLT NULL, diff --git a/support/do_dns_tlsa.sh b/support/do_dns_tlsa.sh old mode 100644 new mode 100755 index 38b2f05..877be00 --- a/support/do_dns_tlsa.sh +++ b/support/do_dns_tlsa.sh @@ -6,22 +6,15 @@ #comment in if working in production DRY_RUN="--dry-run" #------------------------------------------------------------------- -WRKDIR=/tmp +WRKDIR=/etc/certbot/data MRKR=`date +"%F"` -( -#Set working directory -cd $WRKDIR -mkdir -p data +gen_cnf() -#Generate an Elliptic Curve Digital Signature Algorithm -openssl ecparam \ - -out ./data/ec_key.pem \ - -genkey \ - -name prime256v1 - -#generate a config file -cat > ./data/cnffile << EOT +{ +if [ ! -f ./data/cnffile ] ; then + #generate a config file + cat > ./data/cnffile << EOT [req] distinguished_name=req_dn [req_dn] @@ -29,7 +22,25 @@ commonName=`uname -n` [SAN] subjectAltName=DNS:`uname -n` EOT + fi +} + +genkey() +{ +#Generate an Elliptic Curve Digital Signature Algorithm +if [ ! -f ./data/ec_key.pem ] ; then + openssl ecparam \ + -out ./data/ec_key.pem \ + -genkey \ + -name prime256v1 + fi +} + + +gen_req() + +{ #Generate the CSR request openssl req \ -config ./data/cnffile \ @@ -41,8 +52,12 @@ openssl req \ -out ./data/request.csr \ -keyout ./data/privkey.pem \ -key ./data/ec_key.pem +} +gen_cert() + +{ #Request certificate (with a steady key) via cerbot #Note" this is done in dry-run mode (remove it to #pass in production mode) @@ -57,5 +72,25 @@ certbot certonly \ --logs-dir ./data \ --config-dir ./data \ $DRY_RUN +} + +gen_dane () + +{ +SUM=`openssl ec -in ./data/privkey -pubout -outform DER | sha256sum` + +echo ";--------------------------------------------" +echo ";TLSA record to be inserted in domain DNS" +echo -e "_25._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM" +echo ";--------------------------------------------" +} + +#Set working directory +cd $WRKDIR +mkdir -p data + +gen_cnf +gen_key +gen_cert +gen_dane -)