From 4709f98482b8a0e82d4f56dc502cb544e7c31076 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 28 Feb 2008 18:54:22 +0000 Subject: Tell why TLS not activated (there's only one reason: missing SSL certificate). --- postfix/postfix.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'postfix') diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 4a67e28..e288f32 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2007 Jonas Smedegaard # -# $Id: postfix.sh,v 1.64 2007-12-11 14:44:16 jonas Exp $ +# $Id: postfix.sh,v 1.65 2008-02-28 18:54:22 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -51,6 +51,13 @@ else fi saslsubdir="sasl" +sslcert= +if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then + sslcert=1 +else + echo >&2 "WARNING: Encryption requires SSL certificate at /etc/ssl/certs/postfix.pem." +fi + catfilefromownrealm() { file="$1" [ -d "$realmsdir" ] || exit 0 @@ -166,7 +173,7 @@ $postconf -c "$tempdir" -e "unverified_recipient_reject_code = 550" # TLS breaks postfix if no SASL modules available (and doesn't make sense either) # (change the test if using some other modules and avoid the plain ones) -if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then +if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then mkdir -p "$tempdir/$saslsubdir" echo 'mech_list: plain login' > "$tempdir/$saslsubdir/smtpd.conf" echo 'minimum_layer: 0' >> "$tempdir/$saslsubdir/smtpd.conf" @@ -228,7 +235,7 @@ if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then echo >&2 "WARNING: CA certificate not found - consider using proper signed certificates!" fi else - echo >&2 'WARNING: TLS not activated - check the script for requirements...' + echo >&2 'WARNING: TLS not activated due to missing rewuirements...' fi if [ -x /usr/sbin/amavisd ] || [ -x /usr/sbin/amavisd-new ]; then -- cgit v1.2.3