From 733e3991ac90d4e036027047ac7cc1a33770ef76 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 31 Dec 2002 05:27:24 +0000
Subject: Rename anti-uce.sh to the more general postfix.sh.

---
 postfix/anti-uce.sh | 87 -----------------------------------------------------
 postfix/postfix.sh  | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 87 deletions(-)
 delete mode 100755 postfix/anti-uce.sh
 create mode 100755 postfix/postfix.sh

(limited to 'postfix')

diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
deleted file mode 100755
index d7fab85..0000000
--- a/postfix/anti-uce.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/bash
-
-set -e
-
-paramdir='/etc/local-COMMON/postfix'
-confdir='/etc/postfix'
-sp='[[:space:]]'
-
-function getlinesfromfile() {
-	param="$1"
-	echo -n "$param = "
-	cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr '\n' ',' | sed -e 's/^[, ]*//' -e 's/[, ]\+/,/g' -e 's/,$//'
-}
-
-# Some badly configured setup use hostname instead of FQDN
-if postconf myhostname | grep '.' &> /dev/null; then
-	postconf -e 'smtpd_helo_required = yes'
-fi
-postconf -e "`getlinesfromfile permit_mx_backup_networks`"
-postconf -e "`getlinesfromfile maps_rbl_domains`"
-postconf -e "`getlinesfromfile smtpd_recipient_restrictions`"
-
-# TLS breaks postfix if no SASL modules available (and doesn't make sense either)
-# (change the test if using some other modules and avoid the plain ones)
-if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem ]; then
-	mkdir -p $confdir/sasl
-	echo 'pwcheck_method: pam' >$confdir/sasl/smtpd.conf
-	echo 'auto_transition: false' >>$confdir/sasl/smtpd.conf
-	groups postfix | grep shadow &>/dev/null || adduser postfix shadow
-	# Release TLS-related daemons from chroot jail (bringing SASL into the jail is just too messy)
-	cp -a $confdir/master.cf $confdir/master.cf.old
-	cat $confdir/master.cf.old | sed \
-		-e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
-		-e "s/^#\?\(\(smtps\|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
-		-e "s/^#\(tlsmgr$sp\)/\1/" \
-		> $confdir/master.cf
-	cat $confdir/master.cf | egrep "^tlsmgr$sp" > /dev/null || \
-		echo 'tlsmgr	  fifo	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
-	postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
-	if [ -f /etc/ssl/private/postfix.pem ]; then
-		postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
-	fi
-	postconf -e 'smtpd_tls_loglevel = 1'
-	postconf -e 'smtpd_use_tls = yes'
-	postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache'
-	postconf -e 'smtpd_tls_auth_only = yes'
-	postconf -e 'smtpd_sasl_auth_enable = no'
-	postconf -e 'smtpd_sasl_security_options = noanonymous'
-	postconf -e 'smtpd_sasl_local_domain = $myhostname'
-	postconf -e 'smtpd_tls_received_header = yes'
-	postconf -e 'broken_sasl_auth_clients = yes'
-	postconf -e 'tls_random_source = dev:/dev/urandom'
-	postconf -e 'tls_daemon_random_source = dev:/dev/urandom'
-	# Check if using a proper key exists (not just a self-signed one)
-	# (it is assumed that a CA certificate is made public if used!)
-	if [ -f /etc/ssl/certs/cacert.pem ]; then
-		postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
-		postconf -e 'smtp_tls_CAfile = $smtpd_tls_CAfile'
-		postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem'
-		# Client side TLS only makes sense if a publicly available certificate is available
-		# (and DON'T publish a self-signed certificate!)
-		if [ -f /etc/ssl/private/postfix.pem ]; then
-			postconf -e 'smtp_tls_key_file = $smtpd_tls_key_file'
-		fi
-		postconf -e 'smtp_tls_loglevel = 1'
-		postconf -e 'smtp_use_tls = yes'
-		postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
-		postconf -e 'smtp_tls_note_starttls_offer = yes' # Useful when collecting info for smtp_tls_per_site option
-		postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache'
-		# This makes Netscape ask for a certificate, so make sure it IS public!
-		postconf -e 'smtpd_tls_ask_ccert = yes'
-	fi
-else
-	echo 'TLS not activated - check the script for requirements...'
-fi
-
-/etc/init.d/postfix reload
-
-# Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
-# Support for trusted MX backup networks added
-# PCRE stuff avoided, as PCRE is only optional on newest Debian packages
-# RBLs replaced with those recommended by http://www.antispews.org/
-
-# Here's a convenient overview of different blackholes:
-#   http://rbls.org/
-
-# smtpd_tls_CAfile
diff --git a/postfix/postfix.sh b/postfix/postfix.sh
new file mode 100755
index 0000000..d7fab85
--- /dev/null
+++ b/postfix/postfix.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+set -e
+
+paramdir='/etc/local-COMMON/postfix'
+confdir='/etc/postfix'
+sp='[[:space:]]'
+
+function getlinesfromfile() {
+	param="$1"
+	echo -n "$param = "
+	cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr '\n' ',' | sed -e 's/^[, ]*//' -e 's/[, ]\+/,/g' -e 's/,$//'
+}
+
+# Some badly configured setup use hostname instead of FQDN
+if postconf myhostname | grep '.' &> /dev/null; then
+	postconf -e 'smtpd_helo_required = yes'
+fi
+postconf -e "`getlinesfromfile permit_mx_backup_networks`"
+postconf -e "`getlinesfromfile maps_rbl_domains`"
+postconf -e "`getlinesfromfile smtpd_recipient_restrictions`"
+
+# TLS breaks postfix if no SASL modules available (and doesn't make sense either)
+# (change the test if using some other modules and avoid the plain ones)
+if dpkg -L libsasl-modules-plain &> /dev/null && [ -f /etc/ssl/certs/postfix.pem ]; then
+	mkdir -p $confdir/sasl
+	echo 'pwcheck_method: pam' >$confdir/sasl/smtpd.conf
+	echo 'auto_transition: false' >>$confdir/sasl/smtpd.conf
+	groups postfix | grep shadow &>/dev/null || adduser postfix shadow
+	# Release TLS-related daemons from chroot jail (bringing SASL into the jail is just too messy)
+	cp -a $confdir/master.cf $confdir/master.cf.old
+	cat $confdir/master.cf.old | sed \
+		-e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
+		-e "s/^#\?\(\(smtps\|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
+		-e "s/^#\(tlsmgr$sp\)/\1/" \
+		> $confdir/master.cf
+	cat $confdir/master.cf | egrep "^tlsmgr$sp" > /dev/null || \
+		echo 'tlsmgr	  fifo	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
+	postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
+	if [ -f /etc/ssl/private/postfix.pem ]; then
+		postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
+	fi
+	postconf -e 'smtpd_tls_loglevel = 1'
+	postconf -e 'smtpd_use_tls = yes'
+	postconf -e 'smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache'
+	postconf -e 'smtpd_tls_auth_only = yes'
+	postconf -e 'smtpd_sasl_auth_enable = no'
+	postconf -e 'smtpd_sasl_security_options = noanonymous'
+	postconf -e 'smtpd_sasl_local_domain = $myhostname'
+	postconf -e 'smtpd_tls_received_header = yes'
+	postconf -e 'broken_sasl_auth_clients = yes'
+	postconf -e 'tls_random_source = dev:/dev/urandom'
+	postconf -e 'tls_daemon_random_source = dev:/dev/urandom'
+	# Check if using a proper key exists (not just a self-signed one)
+	# (it is assumed that a CA certificate is made public if used!)
+	if [ -f /etc/ssl/certs/cacert.pem ]; then
+		postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
+		postconf -e 'smtp_tls_CAfile = $smtpd_tls_CAfile'
+		postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem'
+		# Client side TLS only makes sense if a publicly available certificate is available
+		# (and DON'T publish a self-signed certificate!)
+		if [ -f /etc/ssl/private/postfix.pem ]; then
+			postconf -e 'smtp_tls_key_file = $smtpd_tls_key_file'
+		fi
+		postconf -e 'smtp_tls_loglevel = 1'
+		postconf -e 'smtp_use_tls = yes'
+		postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
+		postconf -e 'smtp_tls_note_starttls_offer = yes' # Useful when collecting info for smtp_tls_per_site option
+		postconf -e 'smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache'
+		# This makes Netscape ask for a certificate, so make sure it IS public!
+		postconf -e 'smtpd_tls_ask_ccert = yes'
+	fi
+else
+	echo 'TLS not activated - check the script for requirements...'
+fi
+
+/etc/init.d/postfix reload
+
+# Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
+# Support for trusted MX backup networks added
+# PCRE stuff avoided, as PCRE is only optional on newest Debian packages
+# RBLs replaced with those recommended by http://www.antispews.org/
+
+# Here's a convenient overview of different blackholes:
+#   http://rbls.org/
+
+# smtpd_tls_CAfile
-- 
cgit v1.2.3