From 32265852e252dbcd0b7f320d5d7344822683664d Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Sat, 11 Jun 2011 14:06:15 +0200 Subject: [PATCH] od sad se koristi ssl-cert, umjesto generiranja svog certifikata --- debian/postinst | 55 +++++++++++++++++++------------------------------------ 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/debian/postinst b/debian/postinst index 8b4eb47..2dad0b1 100755 --- a/debian/postinst +++ b/debian/postinst @@ -247,32 +247,6 @@ if [ "$restart_saslauthd" = "yes" ]; then fi fi -# izgenerirati certifikate -cert="postfix" # basename of certificate -description="Postfix SMTP daemon" # descriptive text -cd /etc/ssl/certs -PATH=$PATH:/usr/bin/ssl -if [ -f "$cert.pem" ]; then - echo "CN: You already have /etc/ssl/certs/$cert.pem" -else - echo "CN: Creating generic self-signed certificate: /etc/ssl/certs/$cert.pem" - echo "CN: (replace with hand-crafted or authorized one if needed)." - HOSTNAME=`hostname -s` - FQDN=`hostname -f` - openssl req -new -x509 -days 365 -nodes -out "$cert.pem" -keyout "$cert.pem" > /dev/null 2>&1 <<+ -. -. -. -$description -$hostname -$fqdn -root@$mailname -+ - ln -sf "$cert.pem" `openssl x509 -noout -hash < "$cert.pem"`.0 - chown root:root "/etc/ssl/certs/$cert.pem" - chmod 0640 "/etc/ssl/certs/$cert.pem" -fi - # TLS stuff postconf -e smtp_use_tls="yes" postconf -e smtp_tls_session_cache_database="sdbm:/var/lib/postfix/smtp_scache" @@ -283,22 +257,31 @@ postconf -e smtpd_tls_session_cache_timeout="3600s" postconf -e tls_random_source="dev:/dev/urandom" postconf -e smtpd_tls_exclude_ciphers="aNULL" postconf -e smtpd_tls_mandatory_exclude_ciphers="aNULL" -# ako je postavljen neki drugi certifikat, ne diraj -smtp_tls_cert_file="`postconf -h smtp_tls_cert_file`" -if [ -z "$smtp_tls_cert_file" ]; then - postconf -e smtp_tls_cert_file="/etc/ssl/certs/$cert.pem" + +# nije potrebno generiranje certifikata jer postfix koristi ssl-cert +# ako je postavljen snakeoil certifikat za smtpd_tls_* postavi isti za smtp_tls_* +smtpd_tls_cert_file="`postconf -h smtpd_tls_cert_file`" +if [ "$smtpd_tls_cert_file" = "/etc/ssl/certs/ssl-cert-snakeoil.pem" ]; then + postconf -e smtp_tls_cert_file="/etc/ssl/certs/ssl-cert-snakeoil.pem" + postconf -e smtp_tls_key_file="/etc/ssl/private/ssl-cert-snakeoil.key" fi + +# ako je prazan, postavi na defaultni iz ssl-cert smtpd_tls_cert_file="`postconf -h smtpd_tls_cert_file`" if [ -z "$smtpd_tls_cert_file" ]; then - postconf -e smtpd_tls_cert_file="/etc/ssl/certs/$cert.pem" -fi -smtp_tls_key_file="`postconf -h smtp_tls_key_file`" -if [ -z "$smtp_tls_key_file" ]; then - postconf -e smtp_tls_key_file="\$smtp_tls_cert_file" + postconf -e smtpd_tls_cert_file="/etc/ssl/certs/ssl-cert-snakeoil.pem" fi smtpd_tls_key_file="`postconf -h smtpd_tls_key_file`" if [ -z "$smtpd_tls_key_file" ]; then - postconf -e smtpd_tls_key_file="\$smtpd_tls_cert_file" + postconf -e smtpd_tls_key_file="/etc/ssl/private/ssl-cert-snakeoil.key" +fi +smtp_tls_cert_file="`postconf -h smtp_tls_cert_file`" +if [ -z "$smtp_tls_cert_file" ]; then + postconf -e smtp_tls_cert_file="/etc/ssl/certs/ssl-cert-snakeoil.pem" +fi +smtp_tls_key_file="`postconf -h smtp_tls_key_file`" +if [ -z "$smtp_tls_key_file" ]; then + postconf -e smtp_tls_key_file="/etc/ssl/private/ssl-cert-snakeoil.key" fi # prije bilo u /etc/postfix/, od verzije 2.1.5-2 je u /var/spool/postfix -- 1.7.10.4