From 45279a6d28018e87133d243a4fcb3539bf0d6e7d Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Mon, 30 Dec 2002 01:03:15 +0000 Subject: Correct a bug in the sed script. Do a few more checks before enabling TLS (make sure the certificate exists). Spit out a hint if TLS not activated. --- postfix/anti-uce.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh index fc7ecf9..4913523 100755 --- a/postfix/anti-uce.sh +++ b/postfix/anti-uce.sh @@ -18,15 +18,15 @@ postconf -e "`getlinesfromfile maps_rbl_domains`" postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" # These options can be fatal if no SASL plugins are available! -if dpkg -L libsasl-modules-plain &> /dev/null; then +if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.crt -a -f /etc/ssl/certs/postfix.key; then mkdir -p $confdir/sasl echo "pwcheck_method: pam" >$confdir/sasl/smtpd.conf echo "auto_transition: false" >>$confdir/sasl/smtpd.conf groups postfix | grep shadow &>/dev/null || adduser postfix shadow cp -a $confdir/master.cf $confdir/master.cf.old cat $confdir/master.cf.old | sed \ - "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \ - "s/^#?\(\(smtps|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \ + -e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \ + -e "s/^#?\(\(smtps|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \ > $confdir/master.cf postconf -e "smtpd_use_tls = yes" postconf -e "smtpd_tls_auth_only = yes" @@ -38,6 +38,8 @@ if dpkg -L libsasl-modules-plain &> /dev/null; then postconf -e "smtpd_tls_key_file = /etc/ssl/certs/postfix.key" postconf -e "tls_random_source = dev:/dev/urandom" postconf -e "tls_daemon_random_source = dev:/dev/urandom" +else + echo "TLS not activated - check the script for requirements..." fi /etc/init.d/postfix reload -- cgit v1.2.3