Enable/add tlsmgr in master.cf and enable TLS session caching again.

1 files changed, 6 insertions, 2 deletions

diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
index 8f72a71..7be4edc 100755
--- a/postfix/anti-uce.sh
+++ b/postfix/anti-uce.sh
@@ -32,14 +32,18 @@ if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem
 	cat $confdir/master.cf.old | sed \
 		-e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
 		-e "s/^#\?\(\(smtps\|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
+		-e "s/^#\(tlsmgr$sp\)/\1/" \
 		> $confdir/master.cf
+	if cat $confdir/master.cf | egrep "^tlsmgr$sp" > /dev/null; then
+		echo 'tlsmgr   fifo  -       -       -       300     1       tlsmgr' >> $confdir/master.cf
+	fi
 	postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
 	if [ -f /etc/ssl/private/postfix.pem ]; then
 		postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
 	fi
 	postconf -e 'smtpd_tls_loglevel = 1'
 	postconf -e 'smtpd_use_tls = yes'
-#	postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache'
+	postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache'
 	postconf -e 'smtpd_tls_auth_only = yes'
 	postconf -e 'smtpd_sasl_auth_enable = no'
 	postconf -e 'smtpd_sasl_security_options = noanonymous'
@@ -63,7 +67,7 @@ if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem
 		postconf -e 'smtp_use_tls = yes'
 		postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
 		postconf -e 'smtp_tls_note_starttls_offer = yes' # Useful when collecting info for smtp_tls_per_site option
-#		postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache'
+		postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache'
 		# This makes Netscape ask for a certificate, so make sure it IS public!
 		postconf -e 'smtpd_tls_ask_ccert = yes'
 	fi