diff options
Diffstat (limited to 'postfix/postfix.sh')
| -rwxr-xr-x | postfix/postfix.sh | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index e015ac9..b5be435 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -26,7 +26,13 @@ exit1() { # Favor specific CA for our own server and client certificates # (comment out to trust any CA) -cacert="/etc/ssl/certs/cacert.org.pem" +cacert_smtpd="/etc/ssl/certs/cacert.org.pem" +cacert_smtp= +cacert_lmtp= + +# File containing all trusted CA certificates +# (comment out if no chroot or it contains all individual files) +cacert_default="/etc/ssl/certs/ca-certificates.crt" realmsdir='/etc/local-REDPILL' configdirs='/etc/local/postfix /etc/local-ORG/postfix /etc/local-REDPILL/postfix /etc/local-COMMON/postfix' @@ -226,8 +232,9 @@ if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then $postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs' $postconf -c "$tempdir" -e 'smtpd_tls_CApath = /etc/ssl/certs' $postconf -c "$tempdir" -e 'lmtp_tls_CApath = /etc/ssl/certs' - $postconf -c "$tempdir" -e smtpd_tls_CAfile="$cacert" - $postconf -c "$tempdir" -e smtp_tls_CAfile= + $postconf -c "$tempdir" -e smtpd_tls_CAfile="${cacert_smptd:-$cacert_default}" + $postconf -c "$tempdir" -e smtp_tls_CAfile="${cacert_smtp:-$cacert_default}" + $postconf -c "$tempdir" -e lmtp_tls_CAfile="${cacert_lmtp:-$cacert_default}" $postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache' $postconf -c "$tempdir" -e 'smtpd_tls_session_cache_timeout = 3600s' $postconf -c "$tempdir" -e 'tls_random_exchange_name = ${data_directory}/prng_exch' |