diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2012-03-26 00:51:17 +0200 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2012-03-26 00:51:17 +0200 |
| commit | 09cc4fe1aace7014a317d160961a137382724842 (patch) | |
| tree | 3c3476b4ad7538dd45515b9c99201deba13dfc23 | |
| parent | e4eaf35fc83fb8b4d269067fa3b7f505480b3778 (diff) | |
Support both Dovecot and Cyrus SASL (and both, favoring Dovecot.
| -rwxr-xr-x | postfix/postfix.sh | 41 |
1 files changed, 33 insertions, 8 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index dfbc32a..69a50b7 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -39,9 +39,11 @@ configdirs='/etc/local/postfix /etc/local-ORG/postfix /etc/local-REDPILL/postfix confdir='/etc/postfix' postconf=/usr/sbin/postconf sp='[[:space:]]' -if ! $postconf -d mail_version | egrep -q '= 2\.[2-9]'; then - exit1 "ERROR: Bad postfix version - this script is known to work only for postfix 2.2 and later" -fi +pfver="$($postconf -d mail_version | cut -d= -f2 -s)" +echo "$pfver" | grep -q '2\.[2-9]' \ + || exit1 "ERROR: Bad postfix version - this script is known to work only for postfix 2.2 and later" +pf23= +! echo "$pfver" | grep -q '2\.[3-9]' || pf23=1 if ! [ -d "$realmsdir" ]; then echo >&2 "WARNING: Realms directory \"$realmsdir\" does not exist." fi @@ -59,17 +61,27 @@ if [ -f /etc/ssl/certs/postfix.pem ]; then else echo >&2 "WARNING: TLS encryption requires SSL certificate at /etc/ssl/certs/postfix.pem." fi -sasl2= +sasl_main_type= +sasl_dovecot= +sasl_cyrus= if [ -n "$sslcert" ]; then if saslauthd -v 2>&1 | grep -q '^saslauthd 2.1'; then - sasl2=1 + sasl_cyrus=1 + sasl_main_type=cyrus else - echo >&2 "WARNING: SASL authentication requires sasl tools 2.1.1 (Debian package sasl2-bin)." + echo >&2 "WARNING: Cyrus SASL authentication requires sasl tools 2.1.1 (Debian package sasl2-bin)." + fi + if [ -n "$pf23" ] && dovecot --version | grep -q '^2'; then + sasl_dovecot=1 + sasl_main_type=dovecot + echo >&2 "WARNING: Dovecot SASL authentication requires Dovecot 2.0 (Debian package dovecot-core or dovecot)." + fi + if [ -z "$sasl_main_type" ]; then + echo >&2 "WARNING: Cyrus SASL authentication requires sasl tools 2.1.1 (Debian package sasl2-bin)." fi else echo >&2 "WARNING: SASL authentication requires TLS encryption." fi -saslsubdir="sasl" amavis= if [ -x /usr/sbin/amavisd ] || [ -x /usr/sbin/amavisd-new ]; then amavis=1 @@ -211,7 +223,8 @@ $postconf -c "$tempdir" -e "unverified_sender_reject_code = 550" # Trust recipient verification too $postconf -c "$tempdir" -e "unverified_recipient_reject_code = 550" -if [ -n "$sasl2" ]; then +if [ -n "$sasl_cyrus" ]; then + saslsubdir="sasl" mkdir -p "$tempdir/$saslsubdir" echo 'mech_list: plain login' > "$tempdir/$saslsubdir/smtpd.conf" echo 'minimum_layer: 0' >> "$tempdir/$saslsubdir/smtpd.conf" @@ -227,6 +240,18 @@ if [ -n "$sasl2" ]; then cat $tempdir/master.cf | egrep -q "^tlsmgr$sp" || \ echo 'tlsmgr unix - - - 300 1 tlsmgr' >> $tempdir/master.cf fi +case "$sasl_main_type" in + dovecot) + $postconf -c "$tempdir" -e smtpd_sasl_type=dovecot + $postconf -c "$tempdir" -e smtpd_sasl_path=private/auth + ;; + cyrus) + $postconf -c "$tempdir" -e smtpd_sasl_type=cyrus + [ -z "$pf23" ] || $postconf -c "$tempdir" -e smtpd_sasl_path=smtpd + [ -n "$pf23" ] || $postconf -c "$tempdir" -e smtpd_sasl_application_name=smtpd + ;; + *) exit1 "ERROR: Wrong SASL type \"$sasl_main_type\"!" +esac if [ -n "$sslcert" ]; then $postconf -c "$tempdir" -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' $postconf -c "$tempdir" -e 'smtpd_tls_loglevel = 1' |