Tell why TLS not activated (there's only one reason: missing SSL certificate).

1 files changed, 10 insertions, 3 deletions

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 4a67e28..e288f32 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
 # /etc/local-COMMON/postfix/postfix.sh
 # Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk>
 #
-# $Id: postfix.sh,v 1.64 2007-12-11 14:44:16 jonas Exp $
+# $Id: postfix.sh,v 1.65 2008-02-28 18:54:22 jonas Exp $
 #
 # Auto-tweak plain installed postfix Debian package
 #
@@ -51,6 +51,13 @@ else
 fi
 saslsubdir="sasl"
 
+sslcert=
+if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
+	sslcert=1
+else
+	echo >&2 "WARNING: Encryption requires SSL certificate at /etc/ssl/certs/postfix.pem."
+fi
+
 catfilefromownrealm() {
 	file="$1"
 	[ -d "$realmsdir" ] || exit 0
@@ -166,7 +173,7 @@ $postconf -c "$tempdir" -e "unverified_recipient_reject_code = 550"
 
 # TLS breaks postfix if no SASL modules available (and doesn't make sense either)
 # (change the test if using some other modules and avoid the plain ones)
-if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
+if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then
 	mkdir -p "$tempdir/$saslsubdir"
 	echo 'mech_list: plain login' > "$tempdir/$saslsubdir/smtpd.conf"
 	echo 'minimum_layer: 0' >> "$tempdir/$saslsubdir/smtpd.conf"
@@ -228,7 +235,7 @@ if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
 		echo >&2 "WARNING: CA certificate not found - consider using proper signed certificates!"
 	fi
 else
-	echo >&2 'WARNING: TLS not activated - check the script for requirements...'
+	echo >&2 'WARNING: TLS not activated due to missing rewuirements...'
 fi
 
 if [ -x /usr/sbin/amavisd ] || [ -x /usr/sbin/amavisd-new ]; then