diff options
Diffstat (limited to 'postfix')
-rwxr-xr-x | postfix/postfix.sh | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 2ff8430..14d2cf3 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002 Jonas Smedegaard <dr@jones.dk> # -# $Id: postfix.sh,v 1.4 2002-12-31 15:17:25 jonas Exp $ +# $Id: postfix.sh,v 1.5 2002-12-31 15:26:14 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -24,12 +24,12 @@ function getlinesfromfile() { } # Some badly configured setup use hostname instead of FQDN -if postconf myhostname | grep '.' &> /dev/null; then - postconf -e 'smtpd_helo_required = yes' +if /usr/sbin/postconf myhostname | grep '.' &> /dev/null; then + /usr/sbin/postconf -e 'smtpd_helo_required = yes' fi -postconf -e "`getlinesfromfile permit_mx_backup_networks`" -postconf -e "`getlinesfromfile maps_rbl_domains`" -postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" +/usr/sbin/postconf -e "`getlinesfromfile permit_mx_backup_networks`" +/usr/sbin/postconf -e "`getlinesfromfile maps_rbl_domains`" +/usr/sbin/postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" # TLS breaks postfix if no SASL modules available (and doesn't make sense either) # (change the test if using some other modules and avoid the plain ones) @@ -47,39 +47,39 @@ if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem > $confdir/master.cf cat $confdir/master.cf | egrep "^tlsmgr$sp" > /dev/null || \ echo 'tlsmgr fifo - - - 300 1 tlsmgr' >> $confdir/master.cf - postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' + /usr/sbin/postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' if [ -f /etc/ssl/private/postfix.pem ]; then - postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' + /usr/sbin/postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' fi - postconf -e 'smtpd_tls_loglevel = 1' - postconf -e 'smtpd_use_tls = yes' - postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' - postconf -e 'smtpd_tls_auth_only = yes' - postconf -e 'smtpd_sasl_auth_enable = no' - postconf -e 'smtpd_sasl_security_options = noanonymous' - postconf -e 'smtpd_sasl_local_domain = $myhostname' - postconf -e 'smtpd_tls_received_header = yes' - postconf -e 'broken_sasl_auth_clients = yes' - postconf -e 'tls_random_source = dev:/dev/urandom' - postconf -e 'tls_daemon_random_source = dev:/dev/urandom' + /usr/sbin/postconf -e 'smtpd_tls_loglevel = 1' + /usr/sbin/postconf -e 'smtpd_use_tls = yes' + /usr/sbin/postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' + /usr/sbin/postconf -e 'smtpd_tls_auth_only = yes' + /usr/sbin/postconf -e 'smtpd_sasl_auth_enable = no' + /usr/sbin/postconf -e 'smtpd_sasl_security_options = noanonymous' + /usr/sbin/postconf -e 'smtpd_sasl_local_domain = $myhostname' + /usr/sbin/postconf -e 'smtpd_tls_received_header = yes' + /usr/sbin/postconf -e 'broken_sasl_auth_clients = yes' + /usr/sbin/postconf -e 'tls_random_source = dev:/dev/urandom' + /usr/sbin/postconf -e 'tls_daemon_random_source = dev:/dev/urandom' # Check if using a proper key exists (not just a self-signed one) # (it is assumed that a CA certificate is made public if used!) if [ -f /etc/ssl/certs/cacert.pem ]; then - postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' - postconf -e 'smtp_tls_CAfile = $smtpd_tls_CAfile' - postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem' + /usr/sbin/postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' + /usr/sbin/postconf -e 'smtp_tls_CAfile = $smtpd_tls_CAfile' + /usr/sbin/postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem' # Client side TLS only makes sense if a publicly available certificate is available # (and DON'T publish a self-signed certificate!) if [ -f /etc/ssl/private/postfix.pem ]; then - postconf -e 'smtp_tls_key_file = $smtpd_tls_key_file' + /usr/sbin/postconf -e 'smtp_tls_key_file = $smtpd_tls_key_file' fi - postconf -e 'smtp_tls_loglevel = 1' - postconf -e 'smtp_use_tls = yes' - postconf -e 'smtp_tls_CApath = /etc/ssl/certs' - postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option - postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' + /usr/sbin/postconf -e 'smtp_tls_loglevel = 1' + /usr/sbin/postconf -e 'smtp_use_tls = yes' + /usr/sbin/postconf -e 'smtp_tls_CApath = /etc/ssl/certs' + /usr/sbin/postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option + /usr/sbin/postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' # This makes Netscape ask for a certificate, so make sure it IS public! - postconf -e 'smtpd_tls_ask_ccert = yes' + /usr/sbin/postconf -e 'smtpd_tls_ask_ccert = yes' fi else echo 'TLS not activated - check the script for requirements...' |