diff options
| -rwxr-xr-x | postfix/anti-uce.sh | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh index 8f72a71..7be4edc 100755 --- a/postfix/anti-uce.sh +++ b/postfix/anti-uce.sh @@ -32,14 +32,18 @@ if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem cat $confdir/master.cf.old | sed \ -e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \ -e "s/^#\?\(\(smtps\|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \ + -e "s/^#\(tlsmgr$sp\)/\1/" \ > $confdir/master.cf + if cat $confdir/master.cf | egrep "^tlsmgr$sp" > /dev/null; then + echo 'tlsmgr fifo - - - 300 1 tlsmgr' >> $confdir/master.cf + fi postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' if [ -f /etc/ssl/private/postfix.pem ]; then postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' fi postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_use_tls = yes' -# postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' + postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' postconf -e 'smtpd_tls_auth_only = yes' postconf -e 'smtpd_sasl_auth_enable = no' postconf -e 'smtpd_sasl_security_options = noanonymous' @@ -63,7 +67,7 @@ if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem postconf -e 'smtp_use_tls = yes' postconf -e 'smtp_tls_CApath = /etc/ssl/certs' postconf -e 'smtp_tls_note_starttls_offer = yes' # Useful when collecting info for smtp_tls_per_site option -# postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' + postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' # This makes Netscape ask for a certificate, so make sure it IS public! postconf -e 'smtpd_tls_ask_ccert = yes' fi |