tidy: explicitly escape non-shell postconf variables

1 files changed, 8 insertions, 8 deletions

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 48c6b59..92febc6 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -197,7 +197,7 @@ tempdir=$(mktemp -td postfix.XXXXXX)
 cp -a -t "$tempdir" "$confdir"/*
 
 # Inspired by D. J. Bernstein: http://cr.yp.to/smtp/greeting.html
-_postconf -e smtpd_banner='$myhostname NO UCE ESMTP $mail_name (Debian/GNU)'
+_postconf -e smtpd_banner="\$myhostname NO UCE ESMTP \$mail_name (Debian/GNU)"
 
 # Some badly configured setup use hostname instead of FQDN
 # Disable completely: Effective, but hurts executive type guys using windows servers... :-(
@@ -317,17 +317,17 @@ _postconf -X tls_random_source
 # <http://www.postfix.org/SASL_README.html>
 # <https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/#using-sasl-with-postfix-submission-port>
 if [ -n "$submission" ]; then
-	_postconf -Me submission/inet='
+	_postconf -Me submission/inet="
 submission inet	n	-	y	-	-	smtpd
-	-o syslog_name=postfix/$service_name
+	-o syslog_name=postfix/\$service_name
 	-o smtpd_tls_security_level=encrypt
-'
-	_postconf -Me smtps/inet='
+"
+	_postconf -Me smtps/inet="
 smtps inet	n	-	y	-	-	smtpd
-	-o syslog_name=postfix/$service_name
+	-o syslog_name=postfix/\$service_name
 	-o smtpd_tls_wrappermode=yes
 	-o smtpd_sasl_auth_enable=yes
-'
+"
 	if [ -n "$sasl_inbound" ]; then
 		_postconf -Pe submission/inet/smtpd_sasl_auth_enable=yes
 		_postconf -Pe smtps/inet/smtpd_sasl_auth_enable=yes
@@ -340,7 +340,7 @@ else
 	_postconf -MX smtps/inet
 fi
 if [ -n "$sasl_inbound" ]; then
-	_postconf -e smtpd_sasl_local_domain='$mydomain'
+	_postconf -e smtpd_sasl_local_domain=\$mydomain
 	_postconf -e smtpd_sasl_type=dovecot
 	_postconf -e smtpd_sasl_path=private/auth
 	_postconf -e broken_sasl_auth_clients=yes