mail-server/regenerate-mail-cert.sh

#!/bin/bash

set -x
set -e

domain="$1"
passphrase_file="${domain}.passphrase"
key_file="${domain}.key"
csr_file="${domain}.csr"
cert_file="${domain}.crt"
key_nopass_file="${domain}.nopass.key"
ca_key_file="${domain}.ca.key"
ca_cert_file="${domain}.ca.crt"
postfix_dir="/etc/postfix/${domain}"
dovecot_dir="/etc/ssl/dovecot"

head -c 36 /dev/urandom | base64 >"$passphrase_file"

openssl genrsa -aes128 -passout "file:$passphrase_file" -out "$key_file" 2048
openssl req -new -key "$key_file" -out "$csr_file" -passin "file:$passphrase_file" \
  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"

openssl x509 -req -days 365 -in "$csr_file" -signkey "$key_file" -out "$cert_file" -passin "file:$passphrase_file"

openssl rsa -passin "file:$passphrase_file" -in "$key_file" -out "$key_nopass_file"

openssl req -new -x509 -extensions v3_ca -keyout "$ca_key_file" -out "$ca_cert_file" -days 3650 -passout "file:$passphrase_file"\
  -subj "/CN=$domain/O=Shanti Chellaram/C=US/ST=New York/L=New York"

chmod 0600 "$key_file" "$key_nopass_file" "$ca_key_file"

mkdir -p "$postfix_dir"
chmod 0700 "$postfix_dir"

cp "$key_nopass_file" "$cert_file" "$ca_cert_file" "$postfix_dir"

chown -R postfix:postfix "$postfix_dir"

#client options
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'

#server options
postconf -e 'smtpd_use_tls = yes'
postconf -e "smtpd_tls_key_file = ${postfix_dir}/${key_nopass_file}"
postconf -e "smtpd_tls_cert_file = ${postfix_dir}/${cert_file}"
postconf -e "smtpd_tls_CAfile = ${postfix_dir}/${ca_cert_file}"

postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'mydomain = shanti.im'
postconf -e 'myhostname = mail.shanti.im'

rc-service postfix restart

#dovecot config

mkdir -p "$dovecot_dir"

cp "$key_nopass_file" "${dovecot_dir}/$key_nopass_file"
cp "$cert_file" "${dovecot_dir}/$cert_file"

rc-service dovecot restart