5 [ "$1" = "configure" ] || exit 0
6 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
9 . /usr/share/carnet-tools/functions.sh
11 cp_check_and_sed '#disable_plaintext_auth' \
12 's/#disable_plaintext_auth/disable_plaintext_auth/g' \
13 /etc/dovecot/conf.d/10-auth.conf || true
15 cp_check_and_sed 'disable_plaintext_auth.*yes' \
16 's/disable_plaintext_auth.*$/disable_plaintext_auth = no/g' \
17 /etc/dovecot/conf.d/10-auth.conf || true
19 cp_check_and_sed '#imap_client_workarounds' \
20 's/#imap_client_workarounds/imap_client_workarounds/g' \
21 /etc/dovecot/conf.d/20-imap.conf || true
23 cp_check_and_sed '#pop3_client_workarounds' \
24 's/#pop3_client_workarounds/pop3_client_workarounds/g' \
25 /etc/dovecot/conf.d/20-pop3.conf || true
27 cp_check_and_sed 'imap_client_workarounds' \
28 's/imap_client_workarounds.*$/imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags/g' \
29 /etc/dovecot/conf.d/20-imap.conf || true
31 cp_check_and_sed 'pop3_client_workarounds' \
32 's/pop3_client_workarounds.*$/pop3_client_workarounds = outlook-no-nuls oe-ns-eoh/g' \
33 /etc/dovecot/conf.d/20-pop3.conf || true
35 cp_check_and_sed '#ssl_cipher_list' \
36 's/#ssl_cipher_list.*/ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:HIGH/g' \
37 /etc/dovecot/conf.d/10-ssl.conf || true
40 cp_check_and_sed 'ssl_cipher_list' \
42 /etc/dovecot/conf.d/10-ssl.conf || true
45 cp_check_and_sed '#ssl =' \
47 /etc/dovecot/conf.d/10-ssl.conf || true
50 cp_check_and_sed 'ssl = no' \
51 's/^ssl = no/ssl = yes/g' \
52 /etc/dovecot/conf.d/10-ssl.conf || true
54 if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
55 && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
57 if [ ! -f /etc/dovecot/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.pem ]; then
58 echo "CN: Generating certificate and key..."
59 /usr/share/dovecot-cn/mkcert.sh || true
62 cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
63 's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
64 /etc/dovecot/conf.d/10-ssl.conf || true
65 cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
66 's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
67 /etc/dovecot/conf.d/10-ssl.conf || true
68 # negdje se pojavljuje dovecot.key umjesto dovecot.pem
69 cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.key' \
70 's|ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
71 /etc/dovecot/conf.d/10-ssl.conf || true
74 ### buster ima ssl_min_protocol umjesto ssl_protocols
75 # ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
77 if ! grep -q "^ssl_min_protocol = TLS" /etc/dovecot/conf.d/10-ssl.conf; then
78 # postavlja minimalni TLS protokol i mijenja ime varijable
79 cp_check_and_sed '#ssl_protocols =' \
80 's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
81 /etc/dovecot/conf.d/10-ssl.conf || true
83 # postavlja minimalni TLS protokol ako je varijabla već uključena
84 cp_check_and_sed 'ssl_protocols =' \
85 's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
86 /etc/dovecot/conf.d/10-ssl.conf || true
88 # samo popravlja inačicu protokola i uključuje varijablu
89 cp_check_and_sed '#ssl_min_protocol =' \
90 's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
91 /etc/dovecot/conf.d/10-ssl.conf || true
93 # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
94 cp_check_and_sed 'ssl_min_protocol =' \
95 's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
96 /etc/dovecot/conf.d/10-ssl.conf || true
99 ### buster ima DH ključ koji se nalazi u paketu dovecot-core
100 # ne radimo ništa ako već postoji ^ssl_dh koji nije prazan
102 if ! grep -q "^ssl_dh = /" /etc/dovecot/conf.d/10-ssl.conf; then
103 # postavlja DH i uključuje varijablu
104 cp_check_and_sed '#ssl_dh =' \
105 's,^#ssl_dh.*,ssl_dh = </usr/share/dovecot/dh.pem,g' \
106 /etc/dovecot/conf.d/10-ssl.conf || true
109 # maknuti kludge kreiran u carnet-upgrade
110 test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
111 test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
112 test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
113 test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
114 # nije više potrebno editirati dovecot.conf koji je samo hrpa includea
115 test -f /etc/dovecot/dovecot.conf.cn6-upgrade && mv /etc/dovecot/dovecot.conf.cn6-upgrade /var/backups || true
116 test -f /etc/dovecot/dovecot.conf.cn7-upgrade && mv /etc/dovecot/dovecot.conf.cn7-upgrade /var/backups || true
117 test -f /etc/dovecot/dovecot.conf.cn8-upgrade && mv /etc/dovecot/dovecot.conf.cn8-upgrade /var/backups || true
118 test -f /etc/dovecot/dovecot.conf.cn9-upgrade && mv /etc/dovecot/dovecot.conf.cn9-upgrade /var/backups || true
120 # staro, može se brisati
121 # dodao ico, gasi SSLv3 protokol
122 #cp_check_and_sed '#ssl_protocols =' \
123 # 's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
124 # /etc/dovecot/conf.d/10-ssl.conf || true
126 # dodao zelja, gasi stare SSL protokole
127 #cp_check_and_sed 'ssl_protocols =' \
129 # /etc/dovecot/conf.d/10-ssl.conf || true
131 # dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
132 #if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
133 # cp_check_and_sed 'ssl_protocols =' \
135 # /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
136 # cp_check_and_sed 'ssl_cipher_list' \
138 # /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
142 service dovecot restart || true