From a85d338459d6aaed71ed0a7efdfe95b9cfc995d5 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Wed, 5 Dec 2007 09:53:38 +0000
Subject: Major rewrite to prepare in tempdir and show diff before applying.

---
 postfix/postfix.sh | 211 +++++++++++++++++++++++++++++------------------------
 1 file changed, 115 insertions(+), 96 deletions(-)

(limited to 'postfix')

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 66b5a66..3685a04 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
 # /etc/local-COMMON/postfix/postfix.sh
 # Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk>
 #
-# $Id: postfix.sh,v 1.60 2007-09-24 23:15:08 jonas Exp $
+# $Id: postfix.sh,v 1.61 2007-12-05 09:53:38 jonas Exp $
 #
 # Auto-tweak plain installed postfix Debian package
 #
@@ -18,36 +18,38 @@ set -e
 # Let's standardize sort
 export LC_ALL=C
 
+exit1()	{
+	echo >&2 "Error: $1"
+	echo >&2 "Exiting..."
+	exit 1
+}
+
 realmsdir='/etc/local-REDPILL'
 configdirs='/etc/local/postfix /etc/local-ORG/postfix /etc/local-REDPILL/postfix /etc/local-COMMON/postfix'
 confdir='/etc/postfix'
 postconf=/usr/sbin/postconf
 sp='[[:space:]]'
 if ! $postconf -d mail_version | egrep -q '= 2\.[2-9]'; then
-	echo "ERROR: Bad postfix version - this script is known to work only for postfix 2.2 and later"
-	exit 1
+	exit1 "ERROR: Bad postfix version - this script is known to work only for postfix 2.2 and later"
 fi
 if ! [ -d "$realmsdir" ]; then
-	echo "WARNING: Realms directory \"$realmsdir\" does not exist."
+	echo >&2 "WARNING: Realms directory \"$realmsdir\" does not exist."
 fi
 #postgrey=
 #if [ -x /usr/sbin/postgrey ]; then
 #	# FIXME: Use this somehow, and only warn below
 #	postgrey=1
 #else
-#	echo "ERROR: Greylisting support missing."
-#	echo "    (on Debian: install the package postgrey)"
-#	exit 1
+#	exit1 "ERROR: Greylisting support (Debian package postgrey) missing."
 #fi
 # FIXME: We really want to check for at least 2.1.1 but that's tricky...
 sasl2=
 if saslauthd -v 2>&1 | grep -q '^saslauthd 2.1'; then
 	sasl2=1
 else
-	echo "WARNING: Not enabling encryption: sasl tools 2.1.1 or greater is required."
-	echo "    (on Debian: install the package sasl2-bin)"
+	echo >&2 "WARNING: Encryption requires sasl tools 2.1.1 (Debian package sasl2-bin)."
 fi
-sasldir="$confdir/sasl"
+saslsubdir="sasl"
 
 catfilefromownrealm() {
 	file="$1"
@@ -83,8 +85,7 @@ catfirstfile() {
 		fi
 	done
 	if [ -z "$configdir" ]; then
-		echo "ERROR: file \"$file\" not found."
-		exit 1
+		exit1 "ERROR: file \"$file\" not found."
 	fi
 	cat "$configdir/$file"
 }
@@ -119,131 +120,149 @@ getlinesfromfile() {
 	catfirstfile "$param" | sed 's/#.*//' | tr '\n' ',' | sed -e 's/^[, 	]*//;s/[, 	]\+/,/g' -e 's/\^/ /g' -e "s/,\$//$replacements"
 }
 
+postmapfiles=
+
+tempdir="$(mktemp -td postfix.XXXXXX)"
+cp -a -t "$tempdir" "$confdir"/*
+
 # Inspired by D. J. Bernstein: http://cr.yp.to/smtp/greeting.html
-$postconf -e 'smtpd_banner = $myhostname NO UCE ESMTP $mail_name (Debian/GNU)'
+$postconf -c "$tempdir" -e 'smtpd_banner = $myhostname NO UCE ESMTP $mail_name (Debian/GNU)'
 
 # Some badly configured setup use hostname instead of FQDN
 # Disable completely: Effective, but hurts executive type guys using windows servers... :-(
-#if $postconf myhostname | grep -q '\.'; then
-#	$postconf -e 'smtpd_helo_required = yes'
+#if $postconf -c "$tempdir" myhostname | grep -q '\.'; then
+#	$postconf -c "$tempdir" -e 'smtpd_helo_required = yes'
 #fi
-$postconf -e 'smtpd_helo_required = no'
-$postconf -e "`getlinesfromfile permit_mx_backup_networks`"
-$postconf -e "maps_rbl_domains ="
-$postconf -e "`getlinesfromfile smtpd_client_restrictions reject_rhsbl_client`"
-$postconf -e "`getlinesfromfile smtpd_helo_restrictions`"
-$postconf -e "`getlinesfromfile smtpd_sender_restrictions reject_rhsbl_sender`"
-$postconf -e "`getlinesfromfile smtpd_recipient_restrictions reject_maps_rbl=reject_rbl_client=maps_rbl_domains`"
-$postconf -e "`getlinesfromfile smtpd_data_restrictions`"
+$postconf -c "$tempdir" -e 'smtpd_helo_required = no'
+$postconf -c "$tempdir" -e "`getlinesfromfile permit_mx_backup_networks`"
+$postconf -c "$tempdir" -e "maps_rbl_domains ="
+$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_client_restrictions reject_rhsbl_client`"
+$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_helo_restrictions`"
+$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_sender_restrictions reject_rhsbl_sender`"
+$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_recipient_restrictions reject_maps_rbl=reject_rbl_client=maps_rbl_domains`"
+$postconf -c "$tempdir" -e "`getlinesfromfile smtpd_data_restrictions`"
 
 # Verify senders of common suspicious and known verifiable domains
 # (exclude verification of postmaster@ to not verify verification probes)
 # (add own domains before peers for (rare) cases of duplicates)
 # FIXME: somehow do this step only if enabled in smtpd_sender_restrictions
 # TODO: Properly implement exception exclusion like yahoo (which does not want to be checked any longer!)
-cat /etc/local-COMMON/postfix/maildomains | grep -v yahoo | sort | sed 's/$/	reject_unverified_sender/' > "$confdir/sender_access"
+cat /etc/local-COMMON/postfix/maildomains | grep -v yahoo | sort | sed 's/$/	reject_unverified_sender/' > "$tempdir/sender_access"
 ( catfilefromownrealm maildomains | sort; catallfilesfromotherrealms maildomains | sort ) \
-	| sed 's/\(.*\)$/postmaster@\1	permit\n\1	reject_unverified_sender/' >> "$confdir/sender_access"
-postmap "$confdir/sender_access"
-$postconf -e "unverified_sender_reject_code = 550"
+	| sed 's/\(.*\)$/postmaster@\1	permit\n\1	reject_unverified_sender/' >> "$tempdir/sender_access"
+postmapfiles="$postmapfiles sender_access"
+$postconf -c "$tempdir" -e "unverified_sender_reject_code = 550"
 
 # Trust recipient verification too
-$postconf -e "unverified_recipient_reject_code = 550"
+$postconf -c "$tempdir" -e "unverified_recipient_reject_code = 550"
 
 # TLS breaks postfix if no SASL modules available (and doesn't make sense either)
 # (change the test if using some other modules and avoid the plain ones)
 if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
-	mkdir -p "$sasldir"
-	echo 'mech_list: plain login' > "$sasldir/smtpd.conf"
-	echo 'minimum_layer: 0' >> "$sasldir/smtpd.conf"
-	echo 'sasl_pwcheck_method: saslauthd' >> "$sasldir/smtpd.conf"
-	echo 'auto_transition: false' >> "$sasldir/smtpd.conf"
-	groups postfix | grep -q sasl || adduser postfix sasl
+	mkdir -p "$tempdir/$saslsubdir"
+	echo 'mech_list: plain login' > "$tempdir/$saslsubdir/smtpd.conf"
+	echo 'minimum_layer: 0' >> "$tempdir/$saslsubdir/smtpd.conf"
+	echo 'sasl_pwcheck_method: saslauthd' >> "$tempdir/$saslsubdir/smtpd.conf"
+	echo 'auto_transition: false' >> "$tempdir/$saslsubdir/smtpd.conf"
+	groups postfix | grep -q sasl || echo "adduser postfix sasl" >> "$tempdir/COMMANDS"
 	# Release TLS-related daemons from chroot jail (bringing SASL into the jail is just too messy)
-	cp -a $confdir/master.cf $confdir/master.cf.old
-	cat $confdir/master.cf.old | sed \
+	sed --in-place \
 		-e "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
 		-e "s/^#\?\(\(smtps\|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
 		-e "s/^#\(tlsmgr$sp\)/\1/" \
-		> $confdir/master.cf
-	cat $confdir/master.cf | egrep -q "^tlsmgr$sp" || \
-		echo 'tlsmgr	  unix	-	-	-	300	1	tlsmgr' >> $confdir/master.cf
-	$postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
+		"$tempdir/master.cf"
+	cat $tempdir/master.cf | egrep -q "^tlsmgr$sp" || \
+		echo 'tlsmgr	  unix	-	-	-	300	1	tlsmgr' >> $tempdir/master.cf
+	$postconf -c "$tempdir" -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem'
 	if [ -f /etc/ssl/private/postfix.pem ]; then
-		$postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
+		$postconf -c "$tempdir" -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
 	fi
-	$postconf -e 'smtpd_tls_loglevel = 1'
-	$postconf -e 'smtpd_use_tls = yes'
-	$postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
-	$postconf -e 'smtpd_tls_CApath = /etc/ssl/certs'
-	$postconf -e 'lmtp_tls_CApath = /etc/ssl/certs'
-	$postconf -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
-	$postconf -e 'smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_scache'
-	$postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
-	$postconf -e 'tls_random_exchange_name = /var/spool/postfix/prng_exch'
-	$postconf -e 'smtpd_tls_auth_only = yes'
-	$postconf -e 'smtpd_sasl_auth_enable = no' # SASL is enabled explicitly with TLS transport
-	$postconf -e 'smtpd_sasl_security_options = noanonymous'
-	$postconf -e 'smtpd_sasl_local_domain = '
-	$postconf -e 'smtpd_tls_received_header = yes'
-	$postconf -e 'broken_sasl_auth_clients = yes'
-	$postconf -e 'tls_random_source = dev:/dev/urandom'
-	$postconf -e 'tls_daemon_random_source = dev:/dev/urandom'
+	$postconf -c "$tempdir" -e 'smtpd_tls_loglevel = 1'
+	$postconf -c "$tempdir" -e 'smtpd_use_tls = yes'
+	$postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs'
+	$postconf -c "$tempdir" -e 'smtpd_tls_CApath = /etc/ssl/certs'
+	$postconf -c "$tempdir" -e 'lmtp_tls_CApath = /etc/ssl/certs'
+	$postconf -c "$tempdir" -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem'
+	$postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_scache'
+	$postconf -c "$tempdir" -e 'smtpd_tls_session_cache_timeout = 3600s'
+	$postconf -c "$tempdir" -e 'tls_random_exchange_name = /var/spool/postfix/prng_exch'
+	$postconf -c "$tempdir" -e 'smtpd_tls_auth_only = yes'
+	$postconf -c "$tempdir" -e 'smtpd_sasl_auth_enable = no' # SASL is enabled explicitly with TLS transport
+	$postconf -c "$tempdir" -e 'smtpd_sasl_security_options = noanonymous'
+	$postconf -c "$tempdir" -e 'smtpd_sasl_local_domain = '
+	$postconf -c "$tempdir" -e 'smtpd_tls_received_header = yes'
+	$postconf -c "$tempdir" -e 'broken_sasl_auth_clients = yes'
+	$postconf -c "$tempdir" -e 'tls_random_source = dev:/dev/urandom'
+	$postconf -c "$tempdir" -e 'tls_daemon_random_source = dev:/dev/urandom'
 	# Check if using a proper key exists (not just a self-signed one)
 	# (it is assumed that a CA certificate is made public if used!)
 	if [ -f /etc/ssl/certs/cacert.pem ]; then
-		$postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
+		$postconf -c "$tempdir" -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
 		# Client side TLS only makes sense if a publicly available certificate is available
 		# (and DON'T publish a self-signed certificate!)
-		$postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/cacert.pem'
-		$postconf -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem'
+		$postconf -c "$tempdir" -e 'smtp_tls_CAfile = /etc/ssl/certs/cacert.pem'
+		$postconf -c "$tempdir" -e 'smtp_tls_cert_file = /etc/ssl/certs/postfix.pem'
 		if [ -f /etc/ssl/private/postfix.pem ]; then
-			$postconf -e 'smtp_tls_key_file = /etc/ssl/private/postfix.pem'
+			$postconf -c "$tempdir" -e 'smtp_tls_key_file = /etc/ssl/private/postfix.pem'
 		fi
-		$postconf -e 'smtp_tls_loglevel = 1'
-		$postconf -e 'smtp_use_tls = yes'
-		$postconf -e 'smtp_tls_CApath = /etc/ssl/certs'
-		$postconf -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option
-		$postconf -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache'
+		$postconf -c "$tempdir" -e 'smtp_tls_loglevel = 1'
+		$postconf -c "$tempdir" -e 'smtp_use_tls = yes'
+		$postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs'
+		$postconf -c "$tempdir" -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option
+		$postconf -c "$tempdir" -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache'
 		# Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic)
-		$postconf -e 'smtpd_tls_ask_ccert = no'
+		$postconf -c "$tempdir" -e 'smtpd_tls_ask_ccert = no'
 		# Force using TLS for peers
-		catallfilesfromotherrealms mailhost | sort | sed 's/^/[/;s/$/]:submission	secure/' > "$confdir/tls_policy"
-		postmap "$confdir/tls_policy"
-		$postconf -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy'
+		catallfilesfromotherrealms mailhost | sort | sed 's/^/[/;s/$/]:submission	secure/' > "$tempdir/tls_policy"
+		postmapfiles="$postmapfiles tls_policy"
+		$postconf -c "$tempdir" -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy'
 	else
-		echo "WARNING: CA certificate not found - consider using proper signed certificates!"
+		echo >&2 "WARNING: CA certificate not found - consider using proper signed certificates!"
 	fi
 else
-	echo 'WARNING: TLS not activated - check the script for requirements...'
+	echo >&2 'WARNING: TLS not activated - check the script for requirements...'
 fi
 
 if [ -x /usr/sbin/amavisd ] || [ -x /usr/sbin/amavisd-new ]; then
-	$postconf -e 'max_use = 10' # Avoid too much reuse
-	cat $confdir/master.cf | egrep -q "^smtp-amavis$sp" || \
-		echo "smtp-amavis unix -	-	n	-	2	lmtp -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o disable_dns_lookups=yes" >> $confdir/master.cf
-	cat $confdir/master.cf | egrep -q "^127.0.0.1:10025$sp" || \
-		echo '127.0.0.1:10025 inet n	-	n	-	-	smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes' >> $confdir/master.cf
-	$postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
-	$postconf -e 'allow_mail_to_file = yes'
-	mkdir -p /var/lib/amavis/mboxes
-	chown nobody.nogroup /var/lib/amavis/mboxes
-	for mail in virus-quarantine virusalert spam-quarantine spamalert; do
-		touch /var/lib/amavis/mboxes/$mail
-		chown nobody.nogroup /var/lib/amavis/mboxes/$mail
-		if ! grep -q "^$mail:" /etc/aliases; then
-			echo "$mail: /var/lib/amavis/mboxes/$mail" >> /etc/aliases
-			newaliases
-		fi
-	done
-	if ! grep -q "^spam.police:" /etc/aliases; then
-		echo "spam.police: root" >> /etc/aliases
-		newaliases
-	fi
+	$postconf -c "$tempdir" -e 'max_use = 10' # Avoid too much reuse
+	cat $tempdir/master.cf | egrep -q "^smtp-amavis$sp" || \
+		echo "smtp-amavis unix -	-	n	-	2	lmtp -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o disable_dns_lookups=yes" >> $tempdir/master.cf
+	cat $tempdir/master.cf | egrep -q "^127.0.0.1:10025$sp" || \
+		echo '127.0.0.1:10025 inet n	-	n	-	-	smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes' >> $tempdir/master.cf
+	$postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
 fi
 
-# FIXME: restart if master.conf has been edited
-/etc/init.d/postfix reload
+diff -ruN "$confdir" "$tempdir" || if [ $? -gt 1 ]; then exit $?; fi
+
+if [ "$force" = "1" ]; then
+	do_update="y"
+else
+	echo -n "Above is the intended changes. OK to update (y/N)? "
+	read do_update
+fi
+case $do_update in
+    y|Y)
+	if [ -f "$tempdir/COMMANDS" ]; then
+		sh -c "$tempdir/COMMANDS"
+	fi
+	rm -f "$tempdir/COMMANDS"
+
+	cp -a -f -t "$confdir" "$tempdir"/*
+	rm -rf "$tempdir"
+
+	for file in $postmapfiles; do
+		postmap "$confdir/$file"
+	done
+
+	# FIXME: restart if master.conf has been edited
+	invoke-rc.d postfix reload
+
+	echo >&2 "Changes applied!"
+	;;
+    *)
+	exit1 "Aborted!"
+	;;
+esac
 
 # Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
 # Support for trusted MX backup networks added
-- 
cgit v1.2.3