#!/usr/bin/env bash script_dir="$(dirname $(realpath $0))" script_name="$(basename "$0")" conf_dir=$(dirname $0)/conf conf_file="${conf_dir}/install_postfix_base.conf" _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt log_file=$(mktemp) # ------------- # --- Some functions # ------------- clean_up() { # Perform program exit housekeeping rm -f $log_file exit $1 } echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ } fatal(){ echo "" echo -e "fatal error: $*" echo "" echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" echo "" clean_up 1 } error(){ echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo "" } warn (){ echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo "" } info (){ echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo "" } echo_done() { echo -e "\033[80G[ \033[32mdone\033[m ]" } echo_ok() { echo -e "\033[80G[ \033[32mok\033[m ]" } echo_warning() { echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" } echo_failed(){ echo -e "\033[80G[ \033[1;31mfailed\033[m ]" } echo_skipped() { echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" } blank_line() { if $terminal ; then echo "" fi } detect_os_1 () { if $(which lsb_release > /dev/null 2>&1) ; then os_dist="$(lsb_release -i | awk '{print tolower($3)}')" os_version="$(lsb_release -r | awk '{print tolower($2)}')" os_codename="$(lsb_release -c | awk '{print tolower($2)}')" if [[ "$os_dist" = "debian" ]]; then if $(echo "$os_version" | grep -q '\.') ; then os_version=$(echo "$os_version" | cut --delimiter='.' -f1) fi fi elif [[ -e "/etc/os-release" ]]; then . /etc/os-release os_dist=$ID os_version=${VERSION_ID} fi # remove whitespace from os_dist and os_version os_dist="${os_dist// /}" os_version="${os_version// /}" } # ------------- # --- Some default settings # ------------- DEFAULT_ADMIN_EMAIL="argus@oopen.de" DEFAULT_RELAY_HOST="b.mx.oopen.de" DEFAULT_SASL_AUTH=false # - Is this a systemd system? # - if [[ "X`which systemd`" = "X" ]]; then systemd_exists=false else systemd_exists=true fi echo "" # - Read Configuration File if exists # - if [[ -f "$conf_file" ]]; then source $conf_file fi # ------------- # --- Set default values for some non existent variables (i.e. no configuration file is present) # ------------- [[ -z "$_ADMIN_EMAIL" ]] && _ADMIN_EMAIL="$DEFAULT_ADMIN_EMAIL" [[ -z "$_SASL_AUTH" ]] && _SASL_AUTH="$DEFAULT_SASL_AUTH" if [[ -z "$_HOSTNAME" ]] ; then _HOSTNAME="$(hostname -f)" _HOSTNAME_SHORT="$(hostname)" [[ "$_HOSTNAME" = "$_HOSTNAME_SHORT" ]] && _HOSTNAME="" fi blank_line echononl "Detect distribution/release of running OS.." detect_os_1 > /dev/null 2>&1 if [[ $? -ne 0 ]]; then echo_failed else echo_ok fi blank_line blank_line ## - create directory for certificates and copy certificates ## - and coresponding keys to /etc/postfix/ssl/ ## - if [[ ! -d "/etc/postfix/ssl" ]] ; then fatal "Certification directory \033[1m/etc/postfix/ssl\033[m not found!" fi ## - generate DH parameters that the Postfix SMTP server should use ## - with EDH ciphers (length 512 and 1024 ## - echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" if [[ ! -f /etc/postfix/ssl/dh_512.pem ]]; then if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 else openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 fi if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_512.pem 2> /dev/null); then openssl dhparam -out /etc/postfix/ssl/dh_512.pem 512 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else echo_skipped fi else echo_skipped fi fi echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" if [[ ! -f /etc/postfix/ssl/dh_1024.pem ]]; then if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 else openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 fi if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_1024.pem 2> /dev/null); then openssl dhparam -out /etc/postfix/ssl/dh_1024.pem 1024 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else echo_skipped fi else echo_skipped fi fi echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" if [[ ! -f /etc/postfix/ssl/dh_2048.pem ]]; then if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 else openssl dhparam -dsaparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 fi if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 11 ]] ; then if $(grep -q -E "X9.42" /etc/postfix/ssl/dh_2048.pem 2> /dev/null); then openssl dhparam -out /etc/postfix/ssl/dh_2048.pem 2048 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else echo_skipped fi else echo_skipped fi fi ## - restart postfix ## - echononl " Restart postfix" if $systemd_exists ; then systemctl restart postfix > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else /etc/init.d/postfix restart > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi fi echo "" clean_up 0