3 commits - pykolab/setup share/templates
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Thu Nov 29 13:24:26 CET 2012
pykolab/setup/setup_mta.py | 15 ++++++++++-----
share/templates/master.cf.tpl | 10 +++++-----
2 files changed, 15 insertions(+), 10 deletions(-)
New commits:
commit cd4dafe15d907ceac435509bd7eab71cfd162264
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 29 12:23:18 2012 +0000
Do not change the tls settings for debian at all
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 8ab3068..eb26a4d 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -211,14 +211,6 @@ result_attribute = mail
subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
- else:
- if os.path.isfile('/etc/ssl/private/postfix.pem'):
- postfix_main_settings['smtpd_tls_cert_file'] = "/etc/ssl/private/postfix.pem"
- postfix_main_settings['smtpd_tls_key_file'] = "/etc/ssl/private/postfix.pem"
- else:
- log.error(_("No certificate found for Postfix, please supply one at /etc/pki/tls/private/localhost.pem."))
- postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
- postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
if not os.path.isfile('/etc/postfix/main.cf'):
if os.path.isfile('/usr/share/postfix/main.cf.debian'):
commit 745ae00d6b1e88a2db9d876189d648755ba3ddf4
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 29 12:14:18 2012 +0000
Correct the configuration of the path to the certificate file to use for SSL/TLS (#1397)
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 7889942..8ab3068 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -198,8 +198,6 @@ result_attribute = mail
"transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf",
"virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
"smtpd_tls_auth_only": "yes",
- "smtpd_tls_cert_file": "/etc/pki/tls/private/localhost.pem",
- "smtpd_tls_key_file": "/etc/pki/tls/private/localhost.pem",
"smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
"smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
"submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
@@ -209,6 +207,19 @@ result_attribute = mail
}
+ if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
+ subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+ else:
+ if os.path.isfile('/etc/ssl/private/postfix.pem'):
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/ssl/private/postfix.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/ssl/private/postfix.pem"
+ else:
+ log.error(_("No certificate found for Postfix, please supply one at /etc/pki/tls/private/localhost.pem."))
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+
if not os.path.isfile('/etc/postfix/main.cf'):
if os.path.isfile('/usr/share/postfix/main.cf.debian'):
shutil.copy(
@@ -265,9 +276,6 @@ result_attribute = mail
log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf"))
return
- if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
- subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
-
amavisd_settings = {
'ldap_server': 'localhost',
'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),
commit ac54ca1427d5246a63dbdb9bccb47b8fb124d433
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 29 11:57:21 2012 +0000
Substitute the path to the Kolab SMTP Access Policy executable for the correct value (#1396)
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 058abb3..7889942 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -237,6 +237,11 @@ result_attribute = mail
postfix_master_settings = {
}
+ if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'):
+ postfix_master_settings['kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy'
+ else:
+ postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'
+
template_file = None
if os.path.isfile('/etc/kolab/templates/master.cf.tpl'):
diff --git a/share/templates/master.cf.tpl b/share/templates/master.cf.tpl
index 7fa7dac..161d053 100644
--- a/share/templates/master.cf.tpl
+++ b/share/templates/master.cf.tpl
@@ -171,17 +171,17 @@ smtp-wallace unix - - n - 3 smtp
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
recipient_policy unix - n n - - spawn
- user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
+ user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient
recipient_policy_incoming unix - n n - - spawn
- user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
+ user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient --allow-unauthenticated
sender_policy unix - n n - - spawn
- user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
+ user=kolab-n argv=${kolab_sap_executable_path} --verify-sender
sender_policy_incoming unix - n n - - spawn
- user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
+ user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --allow-unauthenticated
submission_policy unix - n n - - spawn
- user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
+ user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --verify-recipient
More information about the commits
mailing list