Attachment #875136 for bug #1225397

View | Details | Raw Unified | Return to bug 1225397
Collapse All | Expand All




	# BNC#981097 config.postfix creates broken main.cf for tls client configuration
	    warn_user 1>&2 "You have activated POSTFIX_SMTP_TLS_SERVER, but you don't have created or configured certificates."
	else
		# Following two parameters are deprecated and parameter smtpd_tls_security_level covers this situation
		#$PCONF -e "smtpd_use_tls = yes"
		#$PCONF -e "smtpd_enforce_tls = no"
		$PCONF -e "smtpd_tls_security_level = may"
		if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
		    $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"

		$PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
	fi
    else
	#Following two parameters are deprecated and smtpd_tls_security_level covers this situation
	#$PCONF -e "smtpd_use_tls = no"
	#$PCONF -e "smtpd_enforce_tls = no"
	$PCONF -e "smtpd_tls_security_level ="
	$PCONF -e "smtpd_tls_CAfile ="
	$PCONF -e "smtpd_tls_CApath ="

    fi

    if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then
	    #Following two parameters are deprecated and smtpd_tls_security_level covers this situation
	    #$PCONF -e "smtp_use_tls = no"
	    #$PCONF -e "smtp_enforce_tls = no"
	    $PCONF -e "smtp_tls_security_level ="
    fi
    if test "$POSTFIX_SMTP_TLS_CLIENT" == "yes"; then
	    #Following two parameters are deprecated and smtpd_tls_security_level covers this situation
	    #$PCONF -e "smtp_use_tls = yes"
	    #$PCONF -e "smtp_enforce_tls = no"
	    $PCONF -e "smtp_tls_security_level = may"
    fi
    if test "$POSTFIX_SMTP_TLS_CLIENT" == "must"; then
	    #Following two parameters are deprecated and smtpd_tls_security_level covers this situation
	    #$PCONF -e "smtp_use_tls = yes"
	    #$PCONF -e "smtp_enforce_tls = yes"
	    $PCONF -e "smtp_tls_security_level = encrypt"
    fi
    if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then

update_cf() {
    while test "x$1" != "x" ; do
        TMPFILE=$(mktemp /tmp/postfix.${1}.XXXXXX) || exit 1
	#Ck instead of CI; k is 24 hours clock; I is 12 hours clock
	B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%Ck%CM )
	cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B"
	cp /etc/postfix/${1} "@conf_backup_dir@/${1}"
	eval gen_${1/\./_} > $TMPFILE

Return to bug 1225397

Lines 659-666 Link Here

(-)postfix-SUSE/config.postfix (-11 / +17 lines)
659	# BNC#981097 config.postfix creates broken main.cf for tls client configuration	659	# BNC#981097 config.postfix creates broken main.cf for tls client configuration
660	warn_user 1>&2 "You have activated POSTFIX_SMTP_TLS_SERVER, but you don't have created or configured certificates."	660	warn_user 1>&2 "You have activated POSTFIX_SMTP_TLS_SERVER, but you don't have created or configured certificates."
661	else	661	else
662	$PCONF -e "smtpd_use_tls = yes"	662	# Following two parameters are deprecated and parameter smtpd_tls_security_level covers this situation
663	$PCONF -e "smtpd_enforce_tls = no"	663	#$PCONF -e "smtpd_use_tls = yes"
		664	#$PCONF -e "smtpd_enforce_tls = no"
664	$PCONF -e "smtpd_tls_security_level = may"	665	$PCONF -e "smtpd_tls_security_level = may"
665	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then	666	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
666	$PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"	667	$PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
Lines 693-700 Link Here
693	$PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"	694	$PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
694	fi	695	fi
695	else	696	else
696	$PCONF -e "smtpd_use_tls = no"	697	#Following two parameters are deprecated and smtpd_tls_security_level covers this situation
697	$PCONF -e "smtpd_enforce_tls = no"	698	#$PCONF -e "smtpd_use_tls = no"
		699	#$PCONF -e "smtpd_enforce_tls = no"
698	$PCONF -e "smtpd_tls_security_level ="	700	$PCONF -e "smtpd_tls_security_level ="
699	$PCONF -e "smtpd_tls_CAfile ="	701	$PCONF -e "smtpd_tls_CAfile ="
700	$PCONF -e "smtpd_tls_CApath ="	702	$PCONF -e "smtpd_tls_CApath ="
Lines 706-723 Link Here
706	fi	708	fi
707		709
708	if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then	710	if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then
709	$PCONF -e "smtp_use_tls = no"	711	#Following two parameters are deprecated and smtpd_tls_security_level covers this situation
710	$PCONF -e "smtp_enforce_tls = no"	712	#$PCONF -e "smtp_use_tls = no"
		713	#$PCONF -e "smtp_enforce_tls = no"
711	$PCONF -e "smtp_tls_security_level ="	714	$PCONF -e "smtp_tls_security_level ="
712	fi	715	fi
713	if test "$POSTFIX_SMTP_TLS_CLIENT" == "yes"; then	716	if test "$POSTFIX_SMTP_TLS_CLIENT" == "yes"; then
714	$PCONF -e "smtp_use_tls = yes"	717	#Following two parameters are deprecated and smtpd_tls_security_level covers this situation
715	$PCONF -e "smtp_enforce_tls = no"	718	#$PCONF -e "smtp_use_tls = yes"
		719	#$PCONF -e "smtp_enforce_tls = no"
716	$PCONF -e "smtp_tls_security_level = may"	720	$PCONF -e "smtp_tls_security_level = may"
717	fi	721	fi
718	if test "$POSTFIX_SMTP_TLS_CLIENT" == "must"; then	722	if test "$POSTFIX_SMTP_TLS_CLIENT" == "must"; then
719	$PCONF -e "smtp_use_tls = yes"	723	#Following two parameters are deprecated and smtpd_tls_security_level covers this situation
720	$PCONF -e "smtp_enforce_tls = yes"	724	#$PCONF -e "smtp_use_tls = yes"
		725	#$PCONF -e "smtp_enforce_tls = yes"
721	$PCONF -e "smtp_tls_security_level = encrypt"	726	$PCONF -e "smtp_tls_security_level = encrypt"
722	fi	727	fi
723	if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then	728	if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then
Lines 1363-1369 Link Here
1363	update_cf() {	1368	update_cf() {
1364	while test "x$1" != "x" ; do	1369	while test "x$1" != "x" ; do
1365	TMPFILE=$(mktemp /tmp/postfix.${1}.XXXXXX) \|\| exit 1	1370	TMPFILE=$(mktemp /tmp/postfix.${1}.XXXXXX) \|\| exit 1
1366	B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%CI%CM )	1371	#Ck instead of CI; k is 24 hours clock; I is 12 hours clock
		1372	B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%Ck%CM )
1367	cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B"	1373	cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B"
1368	cp /etc/postfix/${1} "@conf_backup_dir@/${1}"	1374	cp /etc/postfix/${1} "@conf_backup_dir@/${1}"
1369	eval gen_${1/\./_} > $TMPFILE	1375	eval gen_${1/\./_} > $TMPFILE