5 [ "$1" = "configure" ] || exit 0
6 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
9 . /usr/share/carnet-tools/functions.sh
11 cp_check_and_sed '#disable_plaintext_auth' \
12 's/#disable_plaintext_auth/disable_plaintext_auth/g' \
13 /etc/dovecot/conf.d/10-auth.conf || true
15 cp_check_and_sed 'disable_plaintext_auth.*yes' \
16 's/disable_plaintext_auth.*$/disable_plaintext_auth = no/g' \
17 /etc/dovecot/conf.d/10-auth.conf || true
19 if ! grep -q "mail_privileged_group.*mail$" /etc/dovecot/conf.d/10-mail.conf \
20 cp_check_and_sed 'mail_privileged_group' \
21 's/mail_privileged_group.*$/mail_privileged_group = mail/g' \
22 /etc/dovecot/conf.d/10-mail.conf || true
25 cp_check_and_sed '#imap_client_workarounds' \
26 's/#imap_client_workarounds/imap_client_workarounds/g' \
27 /etc/dovecot/conf.d/20-imap.conf || true
29 cp_check_and_sed '#pop3_client_workarounds' \
30 's/#pop3_client_workarounds/pop3_client_workarounds/g' \
31 /etc/dovecot/conf.d/20-pop3.conf || true
33 cp_check_and_sed 'imap_client_workarounds' \
34 's/imap_client_workarounds.*$/imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags/g' \
35 /etc/dovecot/conf.d/20-imap.conf || true
37 cp_check_and_sed 'pop3_client_workarounds' \
38 's/pop3_client_workarounds.*$/pop3_client_workarounds = outlook-no-nuls oe-ns-eoh/g' \
39 /etc/dovecot/conf.d/20-pop3.conf || true
41 cp_check_and_sed '#ssl_cipher_list' \
42 's/#ssl_cipher_list.*/ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:HIGH/g' \
43 /etc/dovecot/conf.d/10-ssl.conf || true
46 cp_check_and_sed 'ssl_cipher_list' \
48 /etc/dovecot/conf.d/10-ssl.conf || true
51 cp_check_and_sed '#ssl =' \
53 /etc/dovecot/conf.d/10-ssl.conf || true
56 cp_check_and_sed 'ssl = no' \
57 's/^ssl = no/ssl = yes/g' \
58 /etc/dovecot/conf.d/10-ssl.conf || true
60 if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
61 && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
63 if [ ! -f /etc/dovecot/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.pem ]; then
64 echo "CN: Generating certificate and key..."
65 /usr/share/dovecot-cn/mkcert.sh || true
68 cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
69 's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
70 /etc/dovecot/conf.d/10-ssl.conf || true
71 cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
72 's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
73 /etc/dovecot/conf.d/10-ssl.conf || true
74 # negdje se pojavljuje dovecot.key umjesto dovecot.pem
75 cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.key' \
76 's|ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
77 /etc/dovecot/conf.d/10-ssl.conf || true
80 ### buster ima ssl_min_protocol umjesto ssl_protocols
81 # ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
83 if ! grep -q "^ssl_min_protocol = TLS" /etc/dovecot/conf.d/10-ssl.conf; then
84 # postavlja minimalni TLS protokol i mijenja ime varijable
85 cp_check_and_sed '#ssl_protocols =' \
86 's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
87 /etc/dovecot/conf.d/10-ssl.conf || true
89 # postavlja minimalni TLS protokol ako je varijabla već uključena
90 cp_check_and_sed 'ssl_protocols =' \
91 's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
92 /etc/dovecot/conf.d/10-ssl.conf || true
94 # samo popravlja inačicu protokola i uključuje varijablu
95 cp_check_and_sed '#ssl_min_protocol =' \
96 's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
97 /etc/dovecot/conf.d/10-ssl.conf || true
99 # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
100 cp_check_and_sed 'ssl_min_protocol =' \
101 's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
102 /etc/dovecot/conf.d/10-ssl.conf || true
105 ### buster ima DH ključ koji se nalazi u paketu dovecot-core
106 # ne radimo ništa ako već postoji ^ssl_dh koji nije prazan
108 if ! grep -q "^ssl_dh = /" /etc/dovecot/conf.d/10-ssl.conf; then
109 # postavlja DH i uključuje varijablu
110 cp_check_and_sed '#ssl_dh =' \
111 's,^#ssl_dh.*,ssl_dh = </usr/share/dovecot/dh.pem,g' \
112 /etc/dovecot/conf.d/10-ssl.conf || true
115 # maknuti kludge kreiran u carnet-upgrade
116 test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
117 test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
118 test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
119 test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
120 # nije više potrebno editirati dovecot.conf koji je samo hrpa includea
121 test -f /etc/dovecot/dovecot.conf.cn6-upgrade && mv /etc/dovecot/dovecot.conf.cn6-upgrade /var/backups || true
122 test -f /etc/dovecot/dovecot.conf.cn7-upgrade && mv /etc/dovecot/dovecot.conf.cn7-upgrade /var/backups || true
123 test -f /etc/dovecot/dovecot.conf.cn8-upgrade && mv /etc/dovecot/dovecot.conf.cn8-upgrade /var/backups || true
124 test -f /etc/dovecot/dovecot.conf.cn9-upgrade && mv /etc/dovecot/dovecot.conf.cn9-upgrade /var/backups || true
126 # staro, može se brisati
127 # dodao ico, gasi SSLv3 protokol
128 #cp_check_and_sed '#ssl_protocols =' \
129 # 's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
130 # /etc/dovecot/conf.d/10-ssl.conf || true
132 # dodao zelja, gasi stare SSL protokole
133 #cp_check_and_sed 'ssl_protocols =' \
135 # /etc/dovecot/conf.d/10-ssl.conf || true
137 # dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
138 #if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
139 # cp_check_and_sed 'ssl_protocols =' \
141 # /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
142 # cp_check_and_sed 'ssl_cipher_list' \
144 # /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
148 service dovecot restart || true