From aa47b8f390bce038eb5e12f421c8d15b4591e668 Mon Sep 17 00:00:00 2001
From: Shanti Chellaram <shanti@shanti.im>
Date: Fri, 1 Oct 2021 23:35:31 -0400
Subject: [PATCH] regenerate postfix cert script

---
 regenerate-mail-cert.sh | 53 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 regenerate-mail-cert.sh

diff --git a/regenerate-mail-cert.sh b/regenerate-mail-cert.sh
new file mode 100644
index 0000000..9ae3e73
--- /dev/null
+++ b/regenerate-mail-cert.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -x
+set -e
+
+domain="$1"
+passphrase_file="${domain}.passphrase"
+key_file="${domain}.key"
+csr_file="${domain}.csr"
+cert_file="${domain}.crt"
+key_nopass_file="${domain}.nopass.key"
+ca_key_file="${domain}.ca.key"
+ca_cert_file="${domain}.ca.crt"
+postfix_dir="/etc/postfix/${domain}"
+
+head -c 36 /dev/urandom | base64 >"$passphrase_file"
+
+openssl genrsa -aes128 -passout "file:$passphrase_file" -out "$key_file" 2048
+openssl req -new -key "$key_file" -out "$csr_file" -passin "file:$passphrase_file" \
+  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"
+
+openssl x509 -req -days 365 -in "$csr_file" -signkey "$key_file" -out "$cert_file" -passin "file:$passphrase_file"
+
+openssl rsa -passin "file:$passphrase_file" -in "$key_file" -out "$key_nopass_file"
+
+openssl req -new -x509 -extensions v3_ca -keyout "$ca_key_file" -out "$ca_cert_file" -days 3650 -passout "file:$passphrase_file"\
+  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"
+
+chmod 0600 "$key_file" "$key_nopass_file" "$ca_key_file"
+
+mkdir "$postfix_dir"
+chmod 0700 "$postfix_dir"
+
+cp "$key_nopass_file" "$cert_file" "$ca_cert_file" "$postfix_dir"
+
+chown -R postfix:postfix "$postfix_dir"
+
+#client options
+postconf -e 'smtp_use_tls = yes'
+postconf -e 'smtp_tls_note_starttls_offer = yes'
+
+#server options
+postconf -e 'smtpd_use_tls = yes'
+postconf -e "smtpd_tls_key_file = ${postfix_dir}/${key_nopass_file}"
+postconf -e "smtpd_tls_cert_file = ${postfix_dir}/${cert_file}"
+postconf -e "smtpd_tls_CAfile = ${postfix_dir}/${ca_cert_file}"
+
+postconf -e 'smtpd_tls_loglevel = 1'
+postconf -e 'smtpd_tls_received_header = yes'
+postconf -e 'mydomain = shanti.im'
+postconf -e 'myhostname = mail.shanti.im'
+
+rc-service postfix restart