Branch 'pykolab-0.5' - 3 commits - pykolab/setup share/templates

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Thu Nov 29 13:24:27 CET 2012 

 pykolab/setup/setup_mta.py    |   15 ++++++++++-----
 share/templates/master.cf.tpl |   10 +++++-----
 2 files changed, 15 insertions(+), 10 deletions(-)

New commits:
commit 136307d7ceafab24f317ebe4b2721176c998bae7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 29 12:23:18 2012 +0000

    Do not change the tls settings for debian at all

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 7fce975..b862838 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -211,14 +211,6 @@ result_attribute = mail
         subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
         postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
         postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
-    else:
-        if os.path.isfile('/etc/ssl/private/postfix.pem'):
-            postfix_main_settings['smtpd_tls_cert_file'] = "/etc/ssl/private/postfix.pem"
-            postfix_main_settings['smtpd_tls_key_file'] = "/etc/ssl/private/postfix.pem"
-        else:
-            log.error(_("No certificate found for Postfix, please supply one at /etc/pki/tls/private/localhost.pem."))
-            postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
-            postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
 
     if not os.path.isfile('/etc/postfix/main.cf'):
         if os.path.isfile('/usr/share/postfix/main.cf.debian'):


commit 87bc6b242461ff64b3b505ca0242755133c9f4cb
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 29 12:14:18 2012 +0000

    Correct the configuration of the path to the certificate file to use for SSL/TLS (#1397)

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c0dddf2..7fce975 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -198,8 +198,6 @@ result_attribute = mail
             "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf",
             "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
             "smtpd_tls_auth_only": "yes",
-            "smtpd_tls_cert_file": "/etc/pki/tls/private/localhost.pem",
-            "smtpd_tls_key_file": "/etc/pki/tls/private/localhost.pem",
             "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
             "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
             "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
@@ -209,6 +207,19 @@ result_attribute = mail
 
         }
 
+    if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
+        subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
+        postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+        postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+    else:
+        if os.path.isfile('/etc/ssl/private/postfix.pem'):
+            postfix_main_settings['smtpd_tls_cert_file'] = "/etc/ssl/private/postfix.pem"
+            postfix_main_settings['smtpd_tls_key_file'] = "/etc/ssl/private/postfix.pem"
+        else:
+            log.error(_("No certificate found for Postfix, please supply one at /etc/pki/tls/private/localhost.pem."))
+            postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+            postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+
     if not os.path.isfile('/etc/postfix/main.cf'):
         if os.path.isfile('/usr/share/postfix/main.cf.debian'):
             shutil.copy(
@@ -265,9 +276,6 @@ result_attribute = mail
         log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf"))
         return
 
-    if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
-        subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
-
     amavisd_settings = {
             'ldap_server': 'localhost',
             'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),


commit 6d473681548dbc1f809fc439d23c29ff71292a79
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 29 11:57:21 2012 +0000

    Substitute the path to the Kolab SMTP Access Policy executable for the correct value (#1396)

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 862c789..c0dddf2 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -237,6 +237,11 @@ result_attribute = mail
     postfix_master_settings = {
         }
 
+    if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'):
+        postfix_master_settings['kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy'
+    else:
+        postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'
+
     template_file = None
 
     if os.path.isfile('/etc/kolab/templates/master.cf.tpl'):
diff --git a/share/templates/master.cf.tpl b/share/templates/master.cf.tpl
index 7fa7dac..161d053 100644
--- a/share/templates/master.cf.tpl
+++ b/share/templates/master.cf.tpl
@@ -171,17 +171,17 @@ smtp-wallace    unix    -   -   n   -       3   smtp
     -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 
 recipient_policy unix    -   n   n   -       -   spawn
-    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
+    user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient
 
 recipient_policy_incoming unix - n n -       -   spawn
-    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
+    user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient --allow-unauthenticated
 
 sender_policy    unix    -   n   n   -       -   spawn
-    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
+    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender
 
 sender_policy_incoming unix - n  n   -       -   spawn
-    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
+    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --allow-unauthenticated
 
 submission_policy unix - n n - - spawn
-    user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
+    user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --verify-recipient

More information about the commits mailing list