install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix error creating / installing DH parameters.

Browse Source
This commit is contained in:
Christoph 2023-11-15 15:50:06 +01:00
parent 0bde654616
commit 4dd9611151
2 changed files with 109 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
install_postfix_advanced.sh
View File

@ -1784,9 +1784,6 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
## - ## -
## - or using '-dsaparam' to avoid long creation time:
## - openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter ## - also possible to use 2048 key with that parameter
## - ## -
@ -1797,9 +1794,6 @@ smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
## - ## -
## - or using '-dsaparam' to avoid long creation time:
## - openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
@ -2627,8 +2621,8 @@ fi
## - ## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
#openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 #openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2639,8 +2633,8 @@ else
fi fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
#openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 #openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2651,8 +2645,8 @@ else
fi fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
#openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 #openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else

104
install_postfix_base.sh
View File

@ -78,6 +78,43 @@ echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
} }
blank_line() {
if $terminal ; then
echo ""
fi
}
detect_os () {
if $(which lsb_release > /dev/null 2>&1) ; then
DIST="$(lsb_release -i | awk '{print tolower($3)}')"
DIST_VERSION="$(lsb_release -r | awk '{print tolower($2)}')"
DIST_CODENAME="$(lsb_release -c | awk '{print tolower($2)}')"
if [[ "$DIST" = "debian" ]]; then
if $(echo "$DIST_VERSION" | grep -q '\.') ; then
DIST_VERSION=$(echo "$DIST_VERSION" | cut --delimiter='.' -f1)
fi
fi
elif [[ -e "/etc/os-release" ]]; then
. /etc/os-release
DIST=$ID
DIST_VERSION=${VERSION_ID}
fi
# remove whitespace from DIST and DIST_VERSION
DIST="${DIST// /}"
DIST_VERSION="${DIST_VERSION// /}"
}
# ------------- # -------------
# --- Some default settings # --- Some default settings
@ -118,8 +155,19 @@ if [[ -z "$_HOSTNAME" ]] ; then
[[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME="" [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
fi fi
blank_line
echononl "Detect distribution/release of running OS.."
detect_os > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
else
echo_ok
fi
blank_line
blank_line
clear
#clear
echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m" echo -e "\033[21G\033[32mInstallation script for Postfix basic mailsystem \033[m"
echo echo
@ -998,41 +1046,83 @@ fi
## - with EDH ciphers (length 512 and 1024 ## - with EDH ciphers (length 512 and 1024
## - ## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then
#openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
fi fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
else else
echo_skipped echo_skipped
fi fi
fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then
#openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
fi fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
else else
echo_skipped echo_skipped
fi fi
fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then
#openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
fi fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
else else
echo_skipped echo_skipped
fi fi
fi
echononl " Create Symlink \"$_TLS_CERT_FILE\"" echononl " Create Symlink \"$_TLS_CERT_FILE\""
if [ ! -h "$_TLS_CERT_FILE" ]; then if [ ! -h "$_TLS_CERT_FILE" ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem $_TLS_CERT_FILE