install_postfix_advanced.sh: get rid of trailling blanks.

install_postfix_advanced.sh

@@ -161,7 +161,7 @@ else
    _IS_SYMPA_LIST_SERVER="$_SYMPA_LIST_SERVER"
 fi
 
-if [[ -z "$_RELAY_HOST" ]]; then 
+if [[ -z "$_RELAY_HOST" ]]; then
    _IS_RELAY_HOST=$DEFAULT_IS_RELAY_HOST
 else
    _IS_RELAY_HOST="$_RELAY_HOST"
@@ -272,7 +272,7 @@ else
       fi
    done
 fi
-if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then 
+if [ "X$IPV6" = "Xnone" -o "X$IPV6" = "XNone" ]; then
    IPV6=disabled
 fi
 
@@ -285,18 +285,18 @@ echo "How will this Mailserver be used?"
 echo ""
 if [[ -n "$_IS_RELAY_HOST" ]]; then
 	if $_IS_RELAY_HOST ; then
-		echo "[1] Complete Mailserver (with mailboxes)" 
+		echo "[1] Complete Mailserver (with mailboxes)"
 		echo -e "\033[37m\033[1m[2] Mailrelay Host\033[m"
 	else
-		echo -e "\033[37m\033[1m[1] complete Mailserver (with mailboxes)\033[m" 
+		echo -e "\033[37m\033[1m[1] complete Mailserver (with mailboxes)\033[m"
 		echo "[2] Mailrelay Host"
 	fi
-	echo "" 
+	echo ""
 	echononl "Choose a number or press <RETURN> for highlighted value: "
 else
 	echo "[1] Complete Mailserver (with mailboxes)"
 	echo "[2] Mailrelay Host"
-	echo "" 
+	echo ""
 	echononl "Choose a Number: "
 fi
 while [[ "$IS_RELAY_HOST" != "true" && "$IS_RELAY_HOST" != "false" ]];do
@@ -316,13 +316,13 @@ while [[ "$IS_RELAY_HOST" != "true" && "$IS_RELAY_HOST" != "false" ]];do
 			fi
          ;;
       *) IS_RELAY_HOST=
-         echo ""   
+         echo ""
 			if [[ -n "$_IS_RELAY_HOST" ]]; then
          	echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host] or type <RETURN>"
 			else
-         	echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host]" 
+         	echo -e "\tWrong entry! [ 1 = Complete Mailserver ; 2 = Mailrelay Host]"
 			fi
-         echo "" 
+         echo ""
          echononl "Reentry: "
          ;;
    esac
@@ -409,7 +409,7 @@ echo "Insert e-mail address where messages to local root should be forwarded"
 echo ""
 echo ""
 if [[ -n "$_ADMIN_EMAIL" ]]; then
-   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "  
+   echononl "Admin e-mail address [$_ADMIN_EMAIL]: "
    read ADMIN_EMAIL
    if [[ "X${ADMIN_EMAIL}" = "X" ]]; then
       ADMIN_EMAIL=$_ADMIN_EMAIL
@@ -491,7 +491,7 @@ else
    echo_ok
 fi
 
-[[ "$IPV6" = "disabled" ]] && IPV6="" 
+[[ "$IPV6" = "disabled" ]] && IPV6=""
 
 
 # - Synchronise package index files with the repository
@@ -580,7 +580,7 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -ne 10 ]] ; then
    #
    #perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--inet=127.0.0.1:10023 --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
    #   /etc/default/postgrey > $log_file 2>&1
-   
+
    # postgrey as unix socket
    #
    perl -i -n -p -e "s#^(\s*)(POSTGREY_OPTS=.*)#\#\1\2\nPOSTGREY_OPTS=\"--unix=/var/spool/postfix/postgrey/postgrey.sock --delay=149 --auto-whitelist-clients=3 --lookup-by-subnet\"#" \
@@ -709,8 +709,8 @@ else
    if ! $(grep -iq -E "^\s*tumgreyspf\s+" 2>/dev/null $postfix_master_cf) ; then
       cat <<EOF >> $postfix_master_cf 2> $log_file
 
-# This is tumgreyspf, an external policy checker for the postfix mail server. 
+# This is tumgreyspf, an external policy checker for the postfix mail server.
-# It can optionally greylist and/or use spfquery to check SPF records to 
+# It can optionally greylist and/or use spfquery to check SPF records to
 # determine if email should be accepted by your server.
 #
 tumgreyspf unix  -      n       n       -       -       spawn
@@ -728,10 +728,10 @@ EOF
    echononl "   Create configuration file for whitelisting: /etc/tumgreyspf/disable.conf"
    if [[ ! -f /etc/tumgreyspf/disable.conf ]] ; then
       cat <<EOF > "/etc/tumgreyspf/disable.conf" 2> $log_file
-SPFSEEDONLY=0 
+SPFSEEDONLY=0
-GREYLISTTIME=300 
+GREYLISTTIME=300
-CHECKERS= 
+CHECKERS=
-OTHERCONFIGS= 
+OTHERCONFIGS=
 EOF
       if [[ $? -eq 0 ]] ; then
          echo_ok
@@ -1449,10 +1449,10 @@ cat <<EOF > /etc/postfix/main.cf
 compatibility_level = 2
 
 # With "smtputf8_enable = yes", Postfix requires that non-ASCII address information
-# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not 
+# is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not
-# practical for Postfix to support multiple encodings at the same time. There is no 
+# practical for Postfix to support multiple encodings at the same time. There is no
-# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use 
+# problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", because those use
-# only characters from the ASCII characterset. 
+# only characters from the ASCII characterset.
 #smtputf8_enable = no
 EOF
 if $IS_SYMPA_LIST_SERVER ; then
@@ -1482,7 +1482,7 @@ append_dot_mydomain = no
 readme_directory = /usr/share/doc/postfix
 html_directory = /usr/share/doc/postfix/html
 
-## - The Internet protocols Postfix will attempt to use when making 
+## - The Internet protocols Postfix will attempt to use when making
 ## - or accepting connections.
 ## - DEFAULT: ipv4
 EOF
@@ -1499,19 +1499,19 @@ inet_interfaces = all
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    # +++++++++++++++++++++++++++++++++++++
    # replace 127.0.0.1/8 with 127.0.0.1/32
    # +++++++++++++++++++++++++++++++++++++
    # So we can use i.e 127.0.0.25 (or any other 127.x.x.x address)
-   # to bind to hidden tor service on port 25 without having an 
+   # to bind to hidden tor service on port 25 without having an
    # open relay
    #
    # see also: https://github.com/ehloonion/onionmx/blob/master/open-relay.md
@@ -1556,19 +1556,19 @@ inet_interfaces =
 
 myhostname = $HOSTNAME
 
-mydestination = 
+mydestination =
    $HOSTNAME
    localhost
 
-## - The list of "trusted" SMTP clients that have more 
+## - The list of "trusted" SMTP clients that have more
 ## - privileges than "strangers"
 ## -
-mynetworks = 
+mynetworks =
    # +++++++++++++++++++++++++++++++++++++
    # replace 127.0.0.1/8 with 127.0.0.1/32
    # +++++++++++++++++++++++++++++++++++++
    # So we can use i.e 127.0.0.25 (or any other 127.x.x.x address)
-   # to bind to hidden tor service on port 25 without having an 
+   # to bind to hidden tor service on port 25 without having an
    # open relay
    #
    # see also: https://github.com/ehloonion/onionmx/blob/master/open-relay.md
@@ -1596,18 +1596,18 @@ cat <<EOF >> /etc/postfix/main.cf
 ## - The method to generate the default value for the mynetworks parameter.
 ## -
 ## -   mynetworks_style = host" when Postfix should "trust" only the local machine
-## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
 ## -                       clients in the same IP subnetworks as the local machine.
-## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
 ## -                      IP class A/B/C networks as the local machine.
 ## -
 #mynetworks_style = host
 
 
-## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - The maximal size of any local(8) individual mailbox or maildir file,
-## - or zero (no limit). In fact, this limits the size of any file that is 
+## - or zero (no limit). In fact, this limits the size of any file that is
-## - written to upon local delivery, including files written by external 
+## - written to upon local delivery, including files written by external
-## - commands that are executed by the local(8) delivery agent. 
+## - commands that are executed by the local(8) delivery agent.
 ## -
 mailbox_size_limit = 0
 
@@ -1631,17 +1631,17 @@ recipient_delimiter = +
 alias_maps =
    hash:/etc/aliases
 
-## - The alias databases for local(8) delivery that are updated 
+## - The alias databases for local(8) delivery that are updated
-## - with "newaliases" or with "sendmail -bi". 
+## - with "newaliases" or with "sendmail -bi".
 ## -
 alias_database =
    hash:/etc/aliases
 
-## - Optional address mapping lookup tables for envelope and header sender 
+## - Optional address mapping lookup tables for envelope and header sender
 ## - addresses. The table format and lookups are documented in canonical(5).
 ## -
-## - Example: you want to rewrite the SENDER address "user@ugly.domain" 
+## - Example: you want to rewrite the SENDER address "user@ugly.domain"
-## - to "user@pretty.domain", while still being able to send mail to the 
+## - to "user@pretty.domain", while still being able to send mail to the
 ## - RECIPIENT address "user@ugly.domain".
 ## -
 ## - Note: \$sender_canonical_maps is processed before \$canonical_maps.
@@ -1660,10 +1660,10 @@ smtp_generic_maps =
    btree:/etc/postfix/generic
 
 
-## - Optional lookup tables with mappings from recipient address 
+## - Optional lookup tables with mappings from recipient address
-## - to (message delivery transport, next-hop destination). 
+## - to (message delivery transport, next-hop destination).
-## - See transport(5) for details. 
+## - See transport(5) for details.
-## - 
+## -
 transport_maps =
    btree:/etc/postfix/transport
    btree:/etc/postfix/relay_domains
@@ -1677,21 +1677,21 @@ fi
 
 cat <<EOF >> /etc/postfix/main.cf
 
-## - The maximal time a message is queued before it is sent back as 
+## - The maximal time a message is queued before it is sent back as
 ## - undeliverable. Defaults to 5d (5 days)
 ## - Specify 0 when mail delivery should be tried only once.
-## - 
+## -
 maximal_queue_lifetime = 12h
 bounce_queue_lifetime = \$maximal_queue_lifetime
 
 ## - delay_warning_time (default: 0h)
 ## -
-## - The time after which the sender receives a copy of the message 
+## - The time after which the sender receives a copy of the message
-## - headers of mail that is still queued. To enable this feature, 
+## - headers of mail that is still queued. To enable this feature,
-## - specify a non-zero time value (an integral value plus an optional 
+## - specify a non-zero time value (an integral value plus an optional
-## - one-letter suffix that specifies the time unit). 
+## - one-letter suffix that specifies the time unit).
-## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
-## - The default time unit is h (hours). 
+## - The default time unit is h (hours).
 delay_warning_time = 4h
 
 
@@ -1709,9 +1709,9 @@ prepend_delivered_header =
 ## - proxy_read_maps
 ## -
 ## - The lookup tables that the proxymap(8) server is allowed to access for the read-only service.
-## - 
+## -
-## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table 
+## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table
-## - references that don't begin with proxy: are ignored. 
+## - references that don't begin with proxy: are ignored.
 ## -
 #proxy_read_maps = \$local_recipient_maps \$mydestination \$virtual_alias_maps \$virtual_alias_domains \$virtual_mailbox_maps \$virtual_mailbox_domains \$relay_recipient_maps \$relay_domains \$canonical_maps \$sender_canonical_maps \$recipient_canonical_maps \$relocated_maps \$transport_maps \$mynetworks \$sender_bcc_maps \$recipient_bcc_maps \$smtp_generic_maps \$lmtp_generic_maps \$smtpd_sender_login_maps
 
@@ -1811,23 +1811,10 @@ smtp_host_lookup = dns
 #
 smtp_dns_support_level = dnssec
 
+
 ## - Aktiviert TLS für den Mailempfang
 ## -
 
-# By default, TLS is disabled in the Postfix SMTP server, so no difference to plain Postfix
-# is visible. Explicitly switch it on using "smtpd_use_tls = yes".
-#
-# Example:
-#
-#     /etc/postfix/main.cf:
-#        smtpd_use_tls = yes
-#
-# With this, Postfix SMTP server announces STARTTLS support to SMTP clients, but does
-# not require that clients use TLS encryption.
-#
-smtpd_use_tls=yes
-
-
 # The SMTP TLS security level for the Postfix SMTP server; when a non-empty value is
 # specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls.
 # This parameter is ignored with "smtpd_tls_wrappermode = yes".
@@ -1850,23 +1837,16 @@ smtpd_use_tls=yes
 #
 smtpd_tls_security_level=may
 
+
 ## - Aktiviert TLS für den Mailversand
 ## -
 
-# Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support,
+# The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value
-# otherwise send the mail in the clear. Beware: some SMTP servers offer STARTTLS even if /
+# is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls,
-# it is not configured.
+# and smtp_tls_enforce_peername; when no value is specified for smtp_tls_enforce_peername
+# or the obsolete parameters, the default SMTP TLS security level is none.
 #
-# default: no
+# Specify one of the following security levels:
-#
-smtp_use_tls=yes
-
-# The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value 
-# is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, 
-# and smtp_tls_enforce_peername; when no value is specified for smtp_tls_enforce_peername 
-# or the obsolete parameters, the default SMTP TLS security level is none. 
-#
-# Specify one of the following security levels: 
 #
 #  none
 #     No TLS. TLS will not be used unless enabled for specific destinations
@@ -1919,11 +1899,11 @@ smtp_use_tls=yes
 smtp_tls_security_level=dane
 
 
-## -    0 Disable logging of TLS activity. 
+## -    0 Disable logging of TLS activity.
-## -    1 Log TLS handshake and certificate information. 
+## -    1 Log TLS handshake and certificate information.
-## -    2 Log levels during TLS negotiation. 
+## -    2 Log levels during TLS negotiation.
-## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process.
-## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
 ## -
 smtpd_tls_loglevel = 1
 smtp_tls_loglevel = 1
@@ -1932,7 +1912,7 @@ smtpd_tls_cert_file = $_TLS_CERT_FILE
 smtpd_tls_key_file = $_TLS_KEY_FILE
 
 ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
-## - 
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
 ## -
@@ -1941,38 +1921,38 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
 ## -
 smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
 
-## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
-## - 
+## -
 ## - Dont't forget to create it, e.g with openssl:
 ## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
 ## -
 smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
 
 
-## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP
-## - server certificates or intermediate CA certificates. These are loaded into 
+## - server certificates or intermediate CA certificates. These are loaded into
 ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
-## - 
+## -
 smtp_tls_CAfile = $_TLS_CA_FILE
 
-## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP
-## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the
 ## - necessary "hash" links with, for example, "
-## - /usr/bin/c_rehash /etc/postfix/certs". 
+## - /usr/bin/c_rehash /etc/postfix/certs".
 ## -
 ## - !! Note !!
-## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - To use this option in chroot mode, this directory (or a copy) must be inside
-## - the chroot jail. 
+## - the chroot jail.
 ## -
-## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix
 ## - queue directory (/var/spool/postfix)
 ## -
 #smtpd_tls_CApath = /etc/postfix/certs
 
 
-# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption. 
+# TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption.
-# If the list is empty, the server supports all available TLS protocol versions. 
+# If the list is empty, the server supports all available TLS protocol versions.
-# 
+#
 # default: see 'postconf -d' output
 #
 smtpd_tls_protocols = >=TLSv1.1
@@ -1988,45 +1968,45 @@ smtpd_tls_mandatory_protocols = >=TLSv1.1
 #
 smtp_tls_protocols = >=TLSv1.2
 
-# TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. 
+# TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption.
-# 
+#
 # default: see 'postconf -d' output
 #
 smtp_tls_mandatory_protocols = >=TLSv1.2
 
 
-# The Postfix SMTP server security grade for ephemeral elliptic-curve 
+# The Postfix SMTP server security grade for ephemeral elliptic-curve
-# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this 
+# Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this
-# parameter is always ignored, and Postfix behaves as though the auto value 
+# parameter is always ignored, and Postfix behaves as though the auto value
-# (described below) was chosen. 
+# (described below) was chosen.
 #
 # auto
-#    Use the most preferred curve that is supported by both the client and the server. 
+#    Use the most preferred curve that is supported by both the client and the server.
-#    This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This 
+#    This setting requires Postfix ≥ 3.2 compiled and linked with OpenSSL ≥ 1.0.2. This
-#    is the default setting under the above conditions (and the only setting used with 
+#    is the default setting under the above conditions (and the only setting used with
 #    Postfix ≥ 3.6).
 #
 # none
-#    Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the 
+#    Don't use EECDH. Ciphers based on EECDH key exchange will be disabled. This is the
 #    default in Postfix versions 2.6 and 2.7.
 #
 # strong
-#    Use EECDH with approximately 128 bits of security at a reasonable computational cost. 
+#    Use EECDH with approximately 128 bits of security at a reasonable computational cost.
 #    This is the default in Postfix versions 2.8-3.5.
 #
 # ultra
-#    Use EECDH with approximately 192 bits of security at computational cost that is 
+#    Use EECDH with approximately 192 bits of security at computational cost that is
 #    approximately twice as high as 128 bit strength ECC.
 #
 smtpd_tls_eecdh_grade = auto
 
 
-# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead 
+# With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead
-# of the remote client's cipher preference order. 
+# of the remote client's cipher preference order.
 #
-# By default, the OpenSSL server selects the client's most preferred cipher that the 
+# By default, the OpenSSL server selects the client's most preferred cipher that the
-# server supports. With SSLv3 and later, the server may choose its own most preferred 
+# server supports. With SSLv3 and later, the server may choose its own most preferred
-# cipher that is supported (offered) by the client. 
+# cipher that is supported (offered) by the client.
 #
 # Setting "tls_preempt_cipherlist = yes" enables server cipher preferences.
 #
@@ -2035,23 +2015,23 @@ smtpd_tls_eecdh_grade = auto
 tls_preempt_cipherlist = yes
 
 
-# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory 
+# The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory
-# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit 
+# TLS encryption. The default grade ("medium") is sufficiently strong that any benefit
-# from globally restricting TLS sessions to a more stringent grade is likely negligible, 
+# from globally restricting TLS sessions to a more stringent grade is likely negligible,
-# especially given the fact that many implementations still do not offer any stronger 
+# especially given the fact that many implementations still do not offer any stronger
-# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers. 
+# ("high" grade) ciphers, while those that do, will always use "high" grade ciphers.
-# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export" 
+# So insisting on "high" grade ciphers is generally counter-productive. Allowing "export"
-# or "low" ciphers is typically not a good idea, as systems limited to just these are 
+# or "low" ciphers is typically not a good idea, as systems limited to just these are
-# limited to obsolete browsers. No known SMTP clients fail to support at least one 
+# limited to obsolete browsers. No known SMTP clients fail to support at least one
-# "medium" or "high" grade cipher. 
+# "medium" or "high" grade cipher.
 #
 # default: medium
 #
 #smtpd_tls_mandatory_ciphers = medium
 
-# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic 
+# The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic
-# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the 
+# TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the
-# base definition of the selected cipher grade. 
+# base definition of the selected cipher grade.
 #
 # default: medium
 #
@@ -2104,16 +2084,16 @@ smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
 # Report the SASL authenticated user name in the smtpd(8) Received message header.
 smtpd_sasl_authenticated_header = yes
 
-# Enable interoperability with remote SMTP clients that implement an obsolete version 
+# Enable interoperability with remote SMTP clients that implement an obsolete version
-# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook 
+# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook
 # Express version 4 and MicroSoft Exchange version 5.0.
 #
-# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support 
+# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support
 # in a non-standard way.
 #
 broken_sasl_auth_clients = yes
 
-## - Optional lookup table with the SASL login names that own 
+## - Optional lookup table with the SASL login names that own
 ## - sender (MAIL FROM) addresses.
 smtpd_sender_login_maps =
 
@@ -2133,7 +2113,7 @@ else
 
 #======= SASL Authentification  ============
 
-## - Enable SASL authentication in the Postfix SMTP server. By default, 
+## - Enable SASL authentication in the Postfix SMTP server. By default,
 ## - the Postfix SMTP server does not use authentication.
 ## -
 smtpd_sasl_auth_enable = no
@@ -2142,16 +2122,16 @@ smtpd_sasl_auth_enable = no
 ## -
 smtpd_tls_auth_only = yes
 
-## - The SASL plug-in type that the Postfix SMTP server should use for authentication. 
+## - The SASL plug-in type that the Postfix SMTP server should use for authentication.
-## - The available types are listed with the "postconf -a" command. 
+## - The available types are listed with the "postconf -a" command.
 ## -
 ## - Available values are at least: cyrus, dovecot
-## - 
+## -
 smtpd_sasl_type = dovecot
 
 
 ## - Implementation-specific information that the Postfix SMTP server passes
-## - through to the SASL plug-in implementation that is selected with smtpd_sasl_type. 
+## - through to the SASL plug-in implementation that is selected with smtpd_sasl_type.
 ## - Typically this specifies the name of a configuration file or rendezvous point.
 ## -
 smtpd_sasl_path = private/dovecot-auth
@@ -2163,17 +2143,17 @@ smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
 # Report the SASL authenticated user name in the smtpd(8) Received message header.
 smtpd_sasl_authenticated_header = no
 
-# Enable interoperability with remote SMTP clients that implement an obsolete version 
+# Enable interoperability with remote SMTP clients that implement an obsolete version
-# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook 
+# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook
 # Express version 4 and MicroSoft Exchange version 5.0.
 #
-# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support 
+# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support
 # in a non-standard way.
 #
 broken_sasl_auth_clients = yes
 
 
-## - Optional lookup table with the SASL login names that own 
+## - Optional lookup table with the SASL login names that own
 ## - sender (MAIL FROM) addresses.
 smtpd_sender_login_maps =
 
@@ -2210,10 +2190,10 @@ virtual_mailbox_maps =
 
 virtual_mailbox_domains =
 
-## - Optional lookup tables that alias specific mail addresses or domains 
+## - Optional lookup tables that alias specific mail addresses or domains
-## - to other local or remote address. The table format and lookups are 
+## - to other local or remote address. The table format and lookups are
-## - documented in virtual(5). For an overview of Postfix address 
+## - documented in virtual(5). For an overview of Postfix address
-## - manipulations see the ADDRESS_REWRITING_README document. 
+## - manipulations see the ADDRESS_REWRITING_README document.
 ## -
 virtual_alias_maps =
    btree:/etc/postfix/virtual_alias_maps
@@ -2229,11 +2209,11 @@ cat <<EOF >> /etc/postfix/main.cf
    ## - mailman
    #hash:/var/lib/mailman/data/virtual-mailman
 
-## - Postfix is final destination for the specified list of virtual alias 
+## - Postfix is final destination for the specified list of virtual alias
-## - domains, that is, domains for which all addresses are aliased to addresses 
+## - domains, that is, domains for which all addresses are aliased to addresses
-## - in other local or remote domains. The SMTP server validates recipient 
+## - in other local or remote domains. The SMTP server validates recipient
-## - addresses with \$virtual_alias_maps and rejects non-existent recipients. 
+## - addresses with \$virtual_alias_maps and rejects non-existent recipients.
-## - See also the virtual alias domain class in the ADDRESS_CLASS_README file 
+## - See also the virtual alias domain class in the ADDRESS_CLASS_README file
 ## -
 virtual_alias_domains =
    btree:/etc/postfix/virtual_alias_domains
@@ -2420,7 +2400,7 @@ virtual_alias_domains =
 # -    smtpd_end_of_data_restrictions
 # -
 # - Note:
-# -    all smtpd restrictions are evaluated until one of them 
+# -    all smtpd restrictions are evaluated until one of them
 # -    results in 'REJECT'
 
 ## ---
@@ -2441,13 +2421,13 @@ fi
 cat <<EOF >> /etc/postfix/main.cf
 
 # The time limit for delivery to 'postfwd'
-# 
+#
 # Note
-#    This Parameter is used only if you've defined a 127.0.0.1:10040 spawn service 
+#    This Parameter is used only if you've defined a 127.0.0.1:10040 spawn service
-#    in master.cf to have postfix control starting/stopping of the service. 
+#    in master.cf to have postfix control starting/stopping of the service.
 #
 #    If the service is started externally, such as by an init script, I
-#    don't believe it's used or needed. 
+#    don't believe it's used or needed.
 #
 #    The time limit for all external commands is controlled by command_time_limit
 #
@@ -2468,16 +2448,16 @@ cat <<EOF >> /etc/postfix/main.cf
 
 
 # smtpd_delay_reject (default: yes)
-# 
+#
-# Wait until the RCPT TO command before evaluating \$smtpd_client_restrictions, 
+# Wait until the RCPT TO command before evaluating \$smtpd_client_restrictions,
-# \$smtpd_helo_restrictions and \$smtpd_sender_restrictions, or wait until the 
+# \$smtpd_helo_restrictions and \$smtpd_sender_restrictions, or wait until the
 # ETRN command before evaluating \$smtpd_client_restrictions and \$smtpd_helo_restrictions.
 #
-# This feature is turned on by default because some clients apparently mis-behave 
+# This feature is turned on by default because some clients apparently mis-behave
 # when the Postfix SMTP server rejects commands before RCPT TO.
 #
-# The default setting has one major benefit: it allows Postfix to log recipient address 
+# The default setting has one major benefit: it allows Postfix to log recipient address
-# information when rejecting a client name/address or sender address, so that it is 
+# information when rejecting a client name/address or sender address, so that it is
 # possible to find out whose mail is being rejected.
 smtpd_delay_reject = yes
 
@@ -2502,18 +2482,18 @@ smtpd_client_restrictions =
    #
    permit_dnswl_client dnswl.oopen.de,
    # Blacklists
-   # 
+   #
    #   - rhs stands for right hand side, i.e, the domain name.
    #
    #   - reject_rhsbl_helo makes Postfix reject email when the client HELO or EHLO hostname is blacklisted.
    #
-   #   - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is 
+   #   - reject_rhsbl_reverse_client: reject the email when the unverified reverse client hostname is
-   #     blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is 
+   #     blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is
    #     blacklisted, reject the email.
    #
    #   -  reject_rhsbl_sender makes Postfix reject email when the MAIL FROM domain is blacklisted.
    #
-   #   - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted, 
+   #   - reject_rbl_client: This is an IP-based blacklist. When the client IP address is backlisted,
    #     reject the email.
    #
    reject_rhsbl_helo dbl.spamhaus.org,
@@ -2523,7 +2503,7 @@ smtpd_client_restrictions =
    reject_rbl_client ix.dnsbl.manitu.net,
    # Greylisting check
    #
-   #     check_policy_service inet:127.0.0.1:10023, 
+   #     check_policy_service inet:127.0.0.1:10023,
    #
    #
    # Using defined restriction class (see smtpd_restriction_classes):
@@ -2537,14 +2517,14 @@ smtpd_client_restrictions =
    #warn_if_reject,
    check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
    #reject_rbl_client bl.spamcop.net,
-   # Reject the request when 
+   # Reject the request when
    #    1) the client IP address->name mapping fails
    #    2) the name->address mapping fails
-   #    3) the name->address mapping does not match the client IP address. 
+   #    3) the name->address mapping does not match the client IP address.
    #
    # Note:
-   #    This is a stronger restriction than the reject_unknown_reverse_client_hostname 
+   #    This is a stronger restriction than the reject_unknown_reverse_client_hostname
-   #    feature, which triggers only under condition 1) above. 
+   #    feature, which triggers only under condition 1) above.
    #
    #reject_unknown_client
 
@@ -2560,16 +2540,16 @@ smtpd_helo_restrictions =
    # Whitelist clients
    #
    check_client_access btree:/etc/postfix/client_whitelist
-   # Reject the request when the HELO or EHLO hostname is malformed. 
+   # Reject the request when the HELO or EHLO hostname is malformed.
    #
    # Note
    #    specify "smtpd_helo_required = yes" to fully enforce this restriction
-   #    (without "smtpd_helo_required = yes", a client can simply skip 
+   #    (without "smtpd_helo_required = yes", a client can simply skip
-   #    reject_invalid_helo_hostname by not sending HELO or EHLO). 
+   #    reject_invalid_helo_hostname by not sending HELO or EHLO).
    #
    reject_invalid_helo_hostname,
-   # Reject the request when the HELO or EHLO hostname is not in fully-qualified 
+   # Reject the request when the HELO or EHLO hostname is not in fully-qualified
-   # domain or address literal form, as required by the RFC. 
+   # domain or address literal form, as required by the RFC.
    #
    reject_non_fqdn_helo_hostname
    # Don't talk to mail systems that don't know their own hostname.
@@ -2609,26 +2589,26 @@ smtpd_recipient_restrictions =
    reject_non_fqdn_recipient,
 # don't accept misconfigured recipients
    reject_unknown_recipient_domain,
-# Reject the request when the RCPT TO address is not listed in the list of valid 
+# Reject the request when the RCPT TO address is not listed in the list of valid
-# recipients for its domain class. See the smtpd_reject_unlisted_recipient 
+# recipients for its domain class. See the smtpd_reject_unlisted_recipient
-# parameter description for details. 
+# parameter description for details.
 #
 # smtpd_reject_unlisted_recipient (default: yes)
 #
-#   Request that the Postfix SMTP server rejects mail for unknown recipient addresses, 
+#   Request that the Postfix SMTP server rejects mail for unknown recipient addresses,
-#   even when no explicit reject_unlisted_recipient access restriction is specified. 
+#   even when no explicit reject_unlisted_recipient access restriction is specified.
-#   This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. 
+#   This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages.
 #
-#   An address is always considered "known" when it matches a virtual(5) alias or 
+#   An address is always considered "known" when it matches a virtual(5) alias or
-#   a canonical(5) mapping. 
+#   a canonical(5) mapping.
-#      - The recipient domain matches \$mydestination, \$inet_interfaces or \$proxy_interfaces, 
+#      - The recipient domain matches \$mydestination, \$inet_interfaces or \$proxy_interfaces,
-#        but the recipient is not listed in \$local_recipient_maps, and \$local_recipient_maps 
+#        but the recipient is not listed in \$local_recipient_maps, and \$local_recipient_maps
 #        is not null.
-#      - The recipient domain matches \$virtual_alias_domains but the recipient is not listed 
+#      - The recipient domain matches \$virtual_alias_domains but the recipient is not listed
 #        in \$virtual_alias_maps.
-#      - The recipient domain matches \$virtual_mailbox_domains but the recipient is not 
+#      - The recipient domain matches \$virtual_mailbox_domains but the recipient is not
-#        listed in \$virtual_mailbox_maps, and \$virtual_mailbox_maps is not null. 
+#        listed in \$virtual_mailbox_maps, and \$virtual_mailbox_maps is not null.
-#      - The recipient domain matches \$relay_domains but the recipient is not listed in 
+#      - The recipient domain matches \$relay_domains but the recipient is not listed in
 #        \$relay_recipient_maps, and \$relay_recipient_maps is not null.
 #
    reject_unlisted_recipient,
@@ -2636,12 +2616,12 @@ smtpd_recipient_restrictions =
 #
 # Reject the request unless one of the following is true:
 #
-#  - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains 
+#  - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
 #    or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
 #
 #
-#  - Postfix is the final destination: the resolved RCPT TO domain matches 
+#  - Postfix is the final destination: the resolved RCPT TO domain matches
-#    \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, 
+#    \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains,
 #    or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
 #
 # Note:
@@ -2649,8 +2629,8 @@ smtpd_recipient_restrictions =
 #    relay policy is specified under smtpd_relay_restrictions
 #    (available with Postfix 2.10 and later).
    #reject_unauth_destination,
-# Reject the request when mail to the RCPT TO address is known to bounce, or when the 
+# Reject the request when mail to the RCPT TO address is known to bounce, or when the
-# recipient address destination is not reachable. Address verification information is 
+# recipient address destination is not reachable. Address verification information is
 # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
 # for more details
    reject_unverified_recipient,
@@ -2666,8 +2646,8 @@ smtpd_recipient_restrictions =
 ## - smtpd Relay Restrictions (since version 2.11)
 ## ---
 
-# Access restrictions for mail relay control applied in the context of 
+# Access restrictions for mail relay control applied in the context of
-# the RCPT TO command, before smtpd_recipient_restrictions. 
+# the RCPT TO command, before smtpd_recipient_restrictions.
 #
 smtpd_relay_restrictions =
 # only special accounts (postmaster, abuse and other rolr accounts)
@@ -2686,15 +2666,15 @@ smtpd_relay_restrictions =
    reject_unknown_recipient_domain,
 # Reject the request unless one of the following is true:
 #
-#  - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains 
+#  - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
 #    or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
 #
-#  - Postfix is the final destination: the resolved RCPT TO domain matches 
+#  - Postfix is the final destination: the resolved RCPT TO domain matches
-#    \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains, 
+#    \$mydestination, \$inet_interfaces, \$proxy_interfaces, \$virtual_alias_domains,
 #    or \$virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
    reject_unauth_destination,
-# Reject the request when mail to the RCPT TO address is known to bounce, or when the 
+# Reject the request when mail to the RCPT TO address is known to bounce, or when the
-# recipient address destination is not reachable. Address verification information is 
+# recipient address destination is not reachable. Address verification information is
 # managed by the verify(8) server; see http://www.postfix.org/ADDRESS_VERIFICATION_README.html
 # for more details
    reject_unverified_recipient,
@@ -2740,7 +2720,7 @@ milter_protocol = 6
 #    If you want sign mails before sending through AmaVIS, set
 #    'smtpd_milters = local:/opendkim/opendkim.sock' here and add to
 #    localhost:10025 section in master.cf: 'smtpd_milters='
-# 
+#
 #smtpd_milters = local:/opendkim/opendkim.sock
 smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
 smtpd_milters =
@@ -2805,7 +2785,7 @@ else
 fi
 
 
-## - create directory for certificates and copy certificates 
+## - create directory for certificates and copy certificates
 ## - and coresponding keys to /etc/postfix/ssl/
 ## -
 echononl "   Create directory for certificates \"/etc/postfix/ssl\""
@@ -2821,7 +2801,7 @@ else
 fi
 
 
-## - generate DH parameters that the Postfix SMTP server should use 
+## - generate DH parameters that the Postfix SMTP server should use
 ## - with EDH ciphers (length 512 and 1024
 ## -
 echononl "   Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
@@ -2978,8 +2958,8 @@ if [[ ! -f /etc/postfix/access_sender ]]; then
 #
 # Restricts sender addresses this system accepts in MAIL FROM commands.
 #
-#     Define the whitelist or blacklist with and OK or REJECT, 
+#     Define the whitelist or blacklist with and OK or REJECT,
-#     followed by an optional answer text. 
+#     followed by an optional answer text.
 #
 #
 #  Note:
@@ -3187,8 +3167,8 @@ if [[ ! -f /etc/postfix/greylist_client_access_pcre ]]; then
 #
 # - Note:
 # -
-# -    Action 'check_greylist' must be defined by 'smtpd_restriction_classes' 
+# -    Action 'check_greylist' must be defined by 'smtpd_restriction_classes'
-# -    and also set with an action (check_policy_service inet:127.0.0.1:10023) 
+# -    and also set with an action (check_policy_service inet:127.0.0.1:10023)
 # -    in file /etc/postfix/ main.cf.
 # -
 # -    Your main.cf may looks like:
@@ -3450,7 +3430,7 @@ if ! $IS_RELAY_HOST ; then
    else
       echo_failed
    fi
-         
+
 
    ## - Change permissions for dir '/var/vmail'
    ## -
@@ -3597,7 +3577,7 @@ EOF
 		fi
 
 		# - [[:blank:]] means space and tab. This makes it similar to: [ \t]
-		# - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed, 
+		# - [[:space;]] in addition to space and tab, includes newline, linefeed, formfeed,
 		# -             and vertical tab. This makes it similar to: [ \t\n\r\f\v]
 		# -
 		#if [[ $_line =~ ^[[:space:]]+[^[:space:]]+ ]] && $_smtp_found ; then