diff options
Diffstat (limited to 'postfix')
-rwxr-xr-x | postfix/postfix.sh | 65 |
1 files changed, 33 insertions, 32 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 455c327..9f510b5 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002 Jonas Smedegaard <dr@jones.dk> # -# $Id: postfix.sh,v 1.10 2003-01-14 05:59:22 jonas Exp $ +# $Id: postfix.sh,v 1.11 2003-01-14 13:56:04 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -18,9 +18,10 @@ set -e paramdir='/etc/local-COMMON/postfix' confdir='/etc/postfix' +postconf=/usr/sbin/postconf sp='[[:space:]]' pf2= -if postconf -d mail_version | grep -q '= 2'; then +if $postconf -d mail_version | grep -q '= 2'; then pf2=1 fi @@ -31,10 +32,10 @@ function getlinesfromfile() { } # Some badly configured setup use hostname instead of FQDN -if /usr/sbin/postconf myhostname | grep -q '.'; then - /usr/sbin/postconf -e 'smtpd_helo_required = yes' +if $postconf myhostname | grep -q '\.'; then + $postconf -e 'smtpd_helo_required = yes' fi -/usr/sbin/postconf -e "`getlinesfromfile permit_mx_backup_networks`" +$postconf -e "`getlinesfromfile permit_mx_backup_networks`" if [ "$pf2" ]; then rbl_domains="`getlinesfromfile maps_rbl_domains | sed -e 's/.*=[ ]*//' -e 's/,/ /g'`" rbl_domain_line= @@ -42,11 +43,11 @@ if [ "$pf2" ]; then rbl_domain_line="${rbl_domain_line}reject_rbl_client $rbl_domain," done recipient_restrictions="`getlinesfromfile smtpd_recipient_restrictions | sed 's/.*=[ ]*//' | sed \"s/reject_maps_rbl/$rbl_domain_line/\"`" - /usr/sbin/postconf -e "maps_rbl_domains =" - /usr/sbin/postconf -e "smtpd_recipient_restrictions = $recipient_restrictions" + $postconf -e "maps_rbl_domains =" + $postconf -e "smtpd_recipient_restrictions = $recipient_restrictions" else - /usr/sbin/postconf -e "`getlinesfromfile maps_rbl_domains`" - /usr/sbin/postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" + $postconf -e "`getlinesfromfile maps_rbl_domains`" + $postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" fi # TLS breaks postfix if no SASL modules available (and doesn't make sense either) @@ -65,39 +66,39 @@ if [ -f /usr/lib/postfix/tlsmgr -a -f /usr/lib/sasl/libplain.so -a -f /etc/ssl/c > $confdir/master.cf cat $confdir/master.cf | egrep -q "^tlsmgr$sp" || \ echo 'tlsmgr fifo - - - 300 1 tlsmgr' >> $confdir/master.cf - /usr/sbin/postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' + $postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem' if [ -f /etc/ssl/private/postfix.pem ]; then - /usr/sbin/postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' + $postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' fi - /usr/sbin/postconf -e 'smtpd_tls_loglevel = 1' - /usr/sbin/postconf -e 'smtpd_use_tls = yes' - /usr/sbin/postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' - /usr/sbin/postconf -e 'smtpd_tls_auth_only = yes' - /usr/sbin/postconf -e 'smtpd_sasl_auth_enable = no' - /usr/sbin/postconf -e 'smtpd_sasl_security_options = noanonymous' - /usr/sbin/postconf -e 'smtpd_sasl_local_domain = $myhostname' - /usr/sbin/postconf -e 'smtpd_tls_received_header = yes' - /usr/sbin/postconf -e 'broken_sasl_auth_clients = yes' - /usr/sbin/postconf -e 'tls_random_source = dev:/dev/urandom' - /usr/sbin/postconf -e 'tls_daemon_random_source = dev:/dev/urandom' + $postconf -e 'smtpd_tls_loglevel = 1' + $postconf -e 'smtpd_use_tls = yes' + $postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache' + $postconf -e 'smtpd_tls_auth_only = yes' + $postconf -e 'smtpd_sasl_auth_enable = no' + $postconf -e 'smtpd_sasl_security_options = noanonymous' + $postconf -e 'smtpd_sasl_local_domain = $myhostname' + $postconf -e 'smtpd_tls_received_header = yes' + $postconf -e 'broken_sasl_auth_clients = yes' + $postconf -e 'tls_random_source = dev:/dev/urandom' + $postconf -e 'tls_daemon_random_source = dev:/dev/urandom' # Check if using a proper key exists (not just a self-signed one) # (it is assumed that a CA certificate is made public if used!) if [ -f /etc/ssl/certs/cacert.pem ]; then - /usr/sbin/postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' + $postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' # Client side TLS only makes sense if a publicly available certificate is available # (and DON'T publish a self-signed certificate!) - /usr/sbin/postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/cacert.pem' - /usr/sbin/postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem' + $postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/cacert.pem' + $postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem' if [ -f /etc/ssl/private/postfix.pem ]; then - /usr/sbin/postconf -e 'smtp_tls_key_file = /etc/ssl/private/postfix.pem' + $postconf -e 'smtp_tls_key_file = /etc/ssl/private/postfix.pem' fi - /usr/sbin/postconf -e 'smtp_tls_loglevel = 1' - /usr/sbin/postconf -e 'smtp_use_tls = yes' - /usr/sbin/postconf -e 'smtp_tls_CApath = /etc/ssl/certs' - /usr/sbin/postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option - /usr/sbin/postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' + $postconf -e 'smtp_tls_loglevel = 1' + $postconf -e 'smtp_use_tls = yes' + $postconf -e 'smtp_tls_CApath = /etc/ssl/certs' + $postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option + $postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache' # This makes Netscape ask for a certificate, so make sure it IS public! - /usr/sbin/postconf -e 'smtpd_tls_ask_ccert = yes' + $postconf -e 'smtpd_tls_ask_ccert = yes' fi else echo 'TLS not activated - check the script for requirements...' |