From 2eef56af8c47207f520fe3e1c3ce350a848a9214 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sun, 9 May 2004 20:23:19 +0000 Subject: Make warnings nore explicit. Avoid asking for client certificate - Outlook Express is broken and can't do SMTP AUTH if enabled (misinterprets as requirement which it does not handle). --- postfix/postfix.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'postfix') diff --git a/postfix/postfix.sh b/postfix/postfix.sh index beba3bd..ebcdbc5 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2004 Jonas Smedegaard # -# $Id: postfix.sh,v 1.28 2004-05-07 13:21:45 jonas Exp $ +# $Id: postfix.sh,v 1.29 2004-05-09 20:23:19 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -28,7 +28,7 @@ pftls= if [ -x /usr/lib/postfix/tlsmgr ]; then pftls=1 else - echo "Not enabling encryption: TLS-patched postfix required." + echo "WARNING: Not enabling encryption: TLS-patched postfix required." echo " (on Debian: install the package postfix-tls)" fi # FIXME: We really want to check for at least 2.1.1 but that's tricky... @@ -36,7 +36,7 @@ sasl2= if saslauthd -v 2>&1 | grep -q '^saslauthd 2.1'; then sasl2=1 else - echo "Not enabling encryption: sasl tools 2.1.1 or greater is required." + echo "WARNING: Not enabling encryption: sasl tools 2.1.1 or greater is required." echo " (on Debian: install the package sasl2-bin)" fi @@ -150,11 +150,13 @@ if [ -n "$pftls" -a -n "$sasl2" -a -f /etc/ssl/certs/postfix.pem ]; then $postconf -e 'smtp_tls_CApath = /etc/ssl/certs' $postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option $postconf -e 'smtp_tls_session_cache_database = sdbm:/var/spool/postfix/smtp_scache' - # This makes Netscape ask for a certificate, so make sure it IS public! - $postconf -e 'smtpd_tls_ask_ccert = yes' + # Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic) + $postconf -e 'smtpd_tls_ask_ccert = no' + else + echo "WARNING: CA certificate not found - consider using proper signed certificates!" fi else - echo 'TLS not activated - check the script for requirements...' + echo 'WARNING: TLS not activated - check the script for requirements...' fi if [ -x /usr/sbin/amavisd -o -x /usr/sbin/amavisd-new ]; then -- cgit v1.2.3