-#!/bin/sh -e
+#!/bin/sh
+
+set -e
[ "$1" = "configure" ] || exit 0
+[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
# Load CARNet Tools
. /usr/share/carnet-tools/functions.sh
-
-cp_check_and_sed '^protocols' \
- 's/protocols.*$/protocols = imap imaps pop3 pop3s/g' \
- /etc/dovecot/dovecot.conf || true
-
cp_check_and_sed '#disable_plaintext_auth' \
's/#disable_plaintext_auth/disable_plaintext_auth/g' \
- /etc/dovecot/dovecot.conf || true
+ /etc/dovecot/conf.d/10-auth.conf || true
cp_check_and_sed 'disable_plaintext_auth.*yes' \
's/disable_plaintext_auth.*$/disable_plaintext_auth = no/g' \
- /etc/dovecot/dovecot.conf || true
+ /etc/dovecot/conf.d/10-auth.conf || true
-cp_check_and_sed '#client_workarounds' \
- 's/#client_workarounds/client_workarounds/g' \
- /etc/dovecot/dovecot.conf || true
+cp_check_and_sed '#imap_client_workarounds' \
+ 's/#imap_client_workarounds/imap_client_workarounds/g' \
+ /etc/dovecot/conf.d/20-imap.conf || true
-cp_check_and_sed 'client_workarounds' \
- 's/client_workarounds.*$/client_workarounds = outlook-idle/g' \
- /etc/dovecot/dovecot.conf || true
+cp_check_and_sed '#pop3_client_workarounds' \
+ 's/#pop3_client_workarounds/pop3_client_workarounds/g' \
+ /etc/dovecot/conf.d/20-pop3.conf || true
+cp_check_and_sed 'imap_client_workarounds' \
+ 's/imap_client_workarounds.*$/imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags/g' \
+ /etc/dovecot/conf.d/20-imap.conf || true
-# restart
-if [ -x /usr/sbin/invoke-rc.d ]; then
- [ -x /etc/init.d/dovecot ] && invoke-rc.d dovecot restart
-else
- [ -x /etc/init.d/dovecot ] && /etc/init.d/dovecot restart
+cp_check_and_sed 'pop3_client_workarounds' \
+ 's/pop3_client_workarounds.*$/pop3_client_workarounds = outlook-no-nuls oe-ns-eoh/g' \
+ /etc/dovecot/conf.d/20-pop3.conf || true
+
+cp_check_and_sed '#ssl_cipher_list' \
+ 's/#ssl_cipher_list.*/ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:HIGH/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+# izbacujemo SSLv2
+cp_check_and_sed 'ssl_cipher_list' \
+ 's/:\!SSLv2//g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+# trazio zelja
+cp_check_and_sed '#ssl =' \
+ 's/^#ssl =/ssl =/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+# trazio zelja
+cp_check_and_sed 'ssl = no' \
+ 's/^ssl = no/ssl = yes/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
+ && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
+
+ if [ ! -f /etc/dovecot/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.pem ]; then
+ echo "CN: Generating certificate and key..."
+ /usr/share/dovecot-cn/mkcert.sh || true
+ fi
+
+ cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
+ 's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+ cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
+ 's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+ # negdje se pojavljuje dovecot.key umjesto dovecot.pem
+ cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.key' \
+ 's|ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+fi
+
+### buster ima ssl_min_protocol umjesto ssl_protocols
+# ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
+
+if ! grep -q "^ssl_min_protocol = TLS" /etc/dovecot/conf.d/10-ssl.conf; then
+ # postavlja minimalni TLS protokol i mijenja ime varijable
+ cp_check_and_sed '#ssl_protocols =' \
+ 's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+ # postavlja minimalni TLS protokol ako je varijabla već uključena
+ cp_check_and_sed 'ssl_protocols =' \
+ 's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+ # samo popravlja inačicu protokola i uključuje varijablu
+ cp_check_and_sed '#ssl_min_protocol =' \
+ 's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+ # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
+ cp_check_and_sed 'ssl_min_protocol =' \
+ 's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
fi
+
+### buster ima DH ključ koji se nalazi u paketu dovecot-core
+# ne radimo ništa ako već postoji ^ssl_dh koji nije prazan
+
+if ! grep -q "^ssl_dh = /" /etc/dovecot/conf.d/10-ssl.conf; then
+ # postavlja DH i uključuje varijablu
+ cp_check_and_sed '#ssl_dh =' \
+ 's,^#ssl_dh.*,ssl_dh = </usr/share/dovecot/dh.pem,g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+fi
+
+# maknuti kludge kreiran u carnet-upgrade
+test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
+
+# staro, može se brisati
+# dodao ico, gasi SSLv3 protokol
+#cp_check_and_sed '#ssl_protocols =' \
+# 's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
+# /etc/dovecot/conf.d/10-ssl.conf || true
+
+# dodao zelja, gasi stare SSL protokole
+#cp_check_and_sed 'ssl_protocols =' \
+# 's/\!SSLv2 //g' \
+# /etc/dovecot/conf.d/10-ssl.conf || true
+
+# dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
+#if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
+# cp_check_and_sed 'ssl_protocols =' \
+# 's/\!SSLv2 //g' \
+# /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
+# cp_check_and_sed 'ssl_cipher_list' \
+# 's/:\!SSLv2//g' \
+# /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
+#fi
+
+# restart
+service dovecot restart || true
+
+#DEBHELPER#
+
+exit 0
projects / dovecot-cn.git / blobdiff