Handle postfix 2.2 with slightly different official TLS support.

1 files changed, 30 insertions, 9 deletions

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index ebcdbc5..ec70560 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
 # /etc/local-COMMON/postfix/postfix.sh
 # Copyright 2002-2004 Jonas Smedegaard <dr@jones.dk>
 #
-# $Id: postfix.sh,v 1.29 2004-05-09 20:23:19 jonas Exp $
+# $Id: postfix.sh,v 1.30 2005-04-15 16:16:17 jonas Exp $
 #
 # Auto-tweak plain installed postfix Debian package
 #
@@ -24,6 +24,10 @@ pf2=
 if $postconf -d mail_version | grep -q '= 2'; then
 	pf2=1
 fi
+pf22=
+if $postconf -d mail_version | grep -q '= 2\.2'; then
+	pf22=1
+fi
 pftls=
 if [ -x /usr/lib/postfix/tlsmgr ]; then
 	pftls=1
@@ -39,6 +43,10 @@ else
 	echo "WARNING: Not enabling encryption: sasl tools 2.1.1 or greater is required."
 	echo "    (on Debian: install the package sasl2-bin)"
 fi
+sasldir="$confdir/sasl"
+if [ -n "$pf22" ]; then
+		sasldir="$confdir/sasl2"
+fi
 
 #function getlinesfromfile() {
 #	param="$1"
@@ -102,11 +110,11 @@ fi
 # TLS breaks postfix if no SASL modules available (and doesn't make sense either)
 # (change the test if using some other modules and avoid the plain ones)
 if [ -n "$pftls" -a -n "$sasl2" -a -f /etc/ssl/certs/postfix.pem ]; then
-	mkdir -p $confdir/sasl
-	echo 'mech_list: plain login' >$confdir/sasl/smtpd.conf
-	echo 'minimum_layer: 0' >>$confdir/sasl/smtpd.conf
-	echo 'pwcheck_method: saslauthd' >>$confdir/sasl/smtpd.conf
-	echo 'auto_transition: false' >>$confdir/sasl/smtpd.conf
+	mkdir -p "$sasldir"
+	echo 'mech_list: plain login' > "$sasldir/smtpd.conf"
+	echo 'minimum_layer: 0' >> "$sasldir/smtpd.conf"
+	echo 'pwcheck_method: saslauthd' >> "$sasldir/smtpd.conf"
+	echo 'auto_transition: false' >> "$sasldir/smtpd.conf"
 	groups postfix | grep -q sasl || adduser postfix sasl
 	# Release TLS-related daemons from chroot jail (bringing SASL into the jail is just too messy)
 	cp -a $confdir/master.cf $confdir/master.cf.old
@@ -116,14 +124,23 @@ if [ -n "$pftls" -a -n "$sasl2" -a -f /etc/ssl/certs/postfix.pem ]; then
 		-e "s/^#\(tlsmgr$sp\)/\1/" \
 		> $confdir/master.cf
 	cat $confdir/master.cf | egrep -q "^tlsmgr$sp" || \
-		echo 'tlsmgr	  fifo	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
+		if [ -n "$pf22" ]; then
+			echo 'tlsmgr	  unix	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
+		else
+			echo 'tlsmgr	  fifo	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
+		fi
 	$postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
 	if [ -f /etc/ssl/private/postfix.pem ]; then
 		$postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
 	fi
 	$postconf -e 'smtpd_tls_loglevel = 1'
 	$postconf -e 'smtpd_use_tls = yes'
-	$postconf -e 'smtpd_tls_session_cache_database = sdbm:/var/spool/postfix/smtpd_scache'
+	$postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
+	if [ -n "$pf22" ]; then
+		$postconf -e 'smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_scache'
+	else
+		$postconf -e 'smtpd_tls_session_cache_database = sdbm:/var/spool/postfix/smtpd_scache'
+	fi
 	$postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
 	$postconf -e 'tls_random_exchange_name = /var/spool/postfix/prng_exch'
 	$postconf -e 'smtpd_tls_auth_only = yes'
@@ -149,7 +166,11 @@ if [ -n "$pftls" -a -n "$sasl2" -a -f /etc/ssl/certs/postfix.pem ]; then
 		$postconf -e 'smtp_use_tls = yes'
 		$postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
 		$postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option
-		$postconf -e 'smtp_tls_session_cache_database = sdbm:/var/spool/postfix/smtp_scache'
+		if [ -n "$pf22" ]; then
+			$postconf -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache'
+		else
+			$postconf -e 'smtp_tls_session_cache_database = sdbm:/var/spool/postfix/smtp_scache'
+		fi
 		# Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic)
 		$postconf -e 'smtpd_tls_ask_ccert = no'
 	else