blob: fc7ecf9e42a9312f41a558b56f85d9cfd905c359 (
plain)
- #!/bin/bash
- set -e
- paramdir="/etc/local-COMMON/postfix"
- confdir="/etc/postfix"
- sp='[[:space:]]'
- function getlinesfromfile() {
- param="$1"
- echo -n "$param = "
- cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/^[, ]*//' -e 's/[, ]\+/,/g' -e 's/,$//'
- }
- postconf -e "smtpd_helo_required = yes"
- postconf -e "`getlinesfromfile permit_mx_backup_networks`"
- postconf -e "`getlinesfromfile maps_rbl_domains`"
- postconf -e "`getlinesfromfile smtpd_recipient_restrictions`"
- # These options can be fatal if no SASL plugins are available!
- if dpkg -L libsasl-modules-plain &> /dev/null; then
- mkdir -p $confdir/sasl
- echo "pwcheck_method: pam" >$confdir/sasl/smtpd.conf
- echo "auto_transition: false" >>$confdir/sasl/smtpd.conf
- groups postfix | grep shadow &>/dev/null || adduser postfix shadow
- cp -a $confdir/master.cf $confdir/master.cf.old
- cat $confdir/master.cf.old | sed \
- "s/^\(smtp$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]\(\($sp\+-\)\{2\}$sp\+smtpd\).*/\1n\3 -o smtpd_sasl_auth_enable=yes/" \
- "s/^#?\(\(smtps|587\)$sp\+inet\($sp\+[n-]\)\{2\}$sp\+\)[n-]/\1n/" \
- > $confdir/master.cf
- postconf -e "smtpd_use_tls = yes"
- postconf -e "smtpd_tls_auth_only = yes"
- postconf -e "smtpd_sasl_auth_enable = no"
- postconf -e "broken_sasl_auth_clients = yes"
- postconf -e "smtpd_sasl_security_options = noanonymous"
- postconf -e "smtpd_sasl_local_domain = \$myhostname"
- postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt"
- postconf -e "smtpd_tls_key_file = /etc/ssl/certs/postfix.key"
- postconf -e "tls_random_source = dev:/dev/urandom"
- postconf -e "tls_daemon_random_source = dev:/dev/urandom"
- fi
- /etc/init.d/postfix reload
- # Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
- # Support for trusted MX backup networks added
- # PCRE stuff avoided, as PCRE is only optional on newest Debian packages
- # RBLs replaced with those recommended by http://www.antispews.org/
- # Here's a convenient overview of different blackholes:
- # http://rbls.org/
- # smtpd_tls_CAfile
|