Correct a bug in the sed script.

Do a few more checks before enabling TLS (make sure the certificate exists).
Spit out a hint if TLS not activated.

1 files changed, 5 insertions, 3 deletions

diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
index fc7ecf9..4913523 100755
--- a/postfix/anti-uce.sh
+++ b/postfix/anti-uce.sh
@@ -18,15 +18,15 @@ postconf -e "`getlinesfromfile maps_rbl_domains`"
 postconf -e "`getlinesfromfile smtpd_recipient_restrictions`"
 
 # These options can be fatal if no SASL plugins are available!
-if dpkg -L libsasl-modules-plain &> /dev/null; then
+if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.crt -a -f /etc/ssl/certs/postfix.key; then
 	mkdir -p $confdir/sasl
 	echo "pwcheck_method: pam" >$confdir/sasl/smtpd.conf
 	echo "auto_transition: false" >>$confdir/sasl/smtpd.conf
 	groups postfix | grep shadow &>/dev/null || adduser postfix shadow
 	cp -a $confdir/master.cf $confdir/master.cf.old
 	cat $confdir/master.cf.old | sed \
-		"s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
-		"s/^#?\(\(smtps|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
+		-e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
+		-e "s/^#?\(\(smtps|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
 		> $confdir/master.cf
 	postconf -e "smtpd_use_tls = yes"
 	postconf -e "smtpd_tls_auth_only = yes"
@@ -38,6 +38,8 @@ if dpkg -L libsasl-modules-plain &> /dev/null; then
 	postconf -e "smtpd_tls_key_file = /etc/ssl/certs/postfix.key"
 	postconf -e "tls_random_source = dev:/dev/urandom"
 	postconf -e "tls_daemon_random_source = dev:/dev/urandom"
+else
+	echo "TLS not activated - check the script for requirements..."
 fi
 
 /etc/init.d/postfix reload