From bb831a3c714204162563188c7dde464e26ce09dd Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sat, 10 Oct 2020 23:15:26 +0200 Subject: tidy: explicitly escape non-shell postconf variables --- postfix/postfix.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 48c6b59..92febc6 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -197,7 +197,7 @@ tempdir=$(mktemp -td postfix.XXXXXX) cp -a -t "$tempdir" "$confdir"/* # Inspired by D. J. Bernstein: http://cr.yp.to/smtp/greeting.html -_postconf -e smtpd_banner='$myhostname NO UCE ESMTP $mail_name (Debian/GNU)' +_postconf -e smtpd_banner="\$myhostname NO UCE ESMTP \$mail_name (Debian/GNU)" # Some badly configured setup use hostname instead of FQDN # Disable completely: Effective, but hurts executive type guys using windows servers... :-( @@ -317,17 +317,17 @@ _postconf -X tls_random_source # # if [ -n "$submission" ]; then - _postconf -Me submission/inet=' + _postconf -Me submission/inet=" submission inet n - y - - smtpd - -o syslog_name=postfix/$service_name + -o syslog_name=postfix/\$service_name -o smtpd_tls_security_level=encrypt -' - _postconf -Me smtps/inet=' +" + _postconf -Me smtps/inet=" smtps inet n - y - - smtpd - -o syslog_name=postfix/$service_name + -o syslog_name=postfix/\$service_name -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -' +" if [ -n "$sasl_inbound" ]; then _postconf -Pe submission/inet/smtpd_sasl_auth_enable=yes _postconf -Pe smtps/inet/smtpd_sasl_auth_enable=yes @@ -340,7 +340,7 @@ else _postconf -MX smtps/inet fi if [ -n "$sasl_inbound" ]; then - _postconf -e smtpd_sasl_local_domain='$mydomain' + _postconf -e smtpd_sasl_local_domain=\$mydomain _postconf -e smtpd_sasl_type=dovecot _postconf -e smtpd_sasl_path=private/auth _postconf -e broken_sasl_auth_clients=yes -- cgit v1.2.3