DKIM Rotator README
The DKIM Rotator script will rotate all generated DKIM keys in a given key directory using the date as the selector. Only the Year and Month fields (YYYYMM) will be leveraged for the selector. This script can easily be modified if you wanted to add an additional serial number at the end.
In order for this script to successfully run, there are a few prereqs and assumptions to consider:
sedbinaries must be in the path of the script. Instead of pre-declaring all these, I just call them for maximum portability. Just keep in mind, you need to account for this.
- You have already installed
opendkimand it's working swimmingly.
- You define your working directory where your keys and key table files are. Right now its set as
- All keys that will be rotated are defined in your key table. Technically you don't need to have pre-existing keys, but it may bark an error on you when it tries to move the old key out of the way.
- You are good with 2048-bit RSA keys and SHA256 for hashing (those are hard coded right now).
Setting up DKIM
Getting DKIM going on your server is outside the scope of this document, but you can refer to this guide for a Debian/Postfix/DKIM setup. One quick note, there is still a mistake in this guide document. When generating keys, the proper
-h flag is
rsa-sha256. You can also check out Debian's OpenDKIM guide.
Pretty simple. Just run the script and be sure you have met the prerequisites above.
Bugs & Contact
This script is provided to you free of charge with no expressed or implied warranty. USE AT YOUR OWN RISK. To file a bug, suggest a patch, or contact me, visit GitHub.