install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add script 'update_postfix_dh_parameters.sh'.

Browse Source
This commit is contained in:
Christoph 2023-11-15 17:49:01 +01:00
parent 2291f6efa9
commit ccc527abc2
1 changed files with 286 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
update_postfix_dh_parameters.sh Executable file
View File

@ -0,0 +1,286 @@
#!/usr/bin/env bash
script_dir="$(dirname $(realpath $0))"
script_name="$(basename "$0")"
conf_dir=$(dirname $0)/conf
conf_file="${conf_dir}/install_postfix_base.conf"
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
log_file=$(mktemp)
# -------------
# --- Some functions
# -------------
clean_up() {
# Perform program exit housekeeping
rm -f $log_file
exit $1
}
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fatal error: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
echo ""
clean_up 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
}
blank_line() {
if $terminal ; then
echo ""
fi
}
detect_os () {
if $(which lsb_release > /dev/null 2>&1) ; then
DIST="$(lsb_release -i | awk '{print tolower($3)}')"
DIST_VERSION="$(lsb_release -r | awk '{print tolower($2)}')"
DIST_CODENAME="$(lsb_release -c | awk '{print tolower($2)}')"
if [[ "$DIST" = "debian" ]]; then
if $(echo "$DIST_VERSION" | grep -q '\.') ; then
DIST_VERSION=$(echo "$DIST_VERSION" | cut --delimiter='.' -f1)
fi
fi
elif [[ -e "/etc/os-release" ]]; then
. /etc/os-release
DIST=$ID
DIST_VERSION=${VERSION_ID}
fi
# remove whitespace from DIST and DIST_VERSION
DIST="${DIST// /}"
DIST_VERSION="${DIST_VERSION// /}"
}
# -------------
# --- Some default settings
# -------------
DEFAULT_ADMIN_EMAIL="argus@oopen.de"
DEFAULT_RELAY_HOST="b.mx.oopen.de"
DEFAULT_SASL_AUTH=false
# - Is this a systemd system?
# -
if [[ "X`which systemd`" = "X" ]]; then
systemd_exists=false
else
systemd_exists=true
fi
echo ""
# - Read Configuration File if exists
# -
if [[ -f "$conf_file" ]]; then
source $conf_file
fi
# -------------
# --- Set default values for some non existent variables (i.e. no configuration file is present)
# -------------
[[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL"
[[ -z "$_SASL_AUTH" ]] && _SASL_AUTH="$DEFAULT_SASL_AUTH"
if [[ -z "$_HOSTNAME" ]] ; then
_HOSTNAME="$(hostname -f)"
_HOSTNAME_SHORT="$(hostname)"
[[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME=""
fi
blank_line
echononl "Detect distribution/release of running OS.."
detect_os > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
else
echo_ok
fi
blank_line
blank_line
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
if [[ ! -d "/etc/postfix/ssl" ]] ; then
fatal "Certification directory \033[1m/etc/postfix/ssl\033[m not found!"
fi
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then
if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
else
echo_skipped
fi
fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then
if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
else
echo_skipped
fi
fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then
if [[ $DIST_VERSION -gt 11 ]] ; then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
else
openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
fi
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
if [[ $DIST_VERSION -gt 11 ]] ; then
if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then
openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
echo_skipped
fi
else
echo_skipped
fi
fi
## - restart postfix
## -
echononl " Restart postfix"
if $systemd_exists ; then
systemctl restart postfix > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
else
/etc/init.d/postfix restart > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
echo ""
clean_up 0