plomlompom.com Git - config/blob - bin/setup_starttls.sh

   1 #!/bin/sh
   2 set -x
   3 set -e
   4 key=$1
   5 cert=$2
   6
   7 if [ ! "$(id -u)" -eq "0" ]; then
   8   echo "Must be run as root."
   9   exit 1
  10 fi
  11
  12 key_target=/etc/postfix/key.pem
  13 if [ ! -n "$key" ]; then
  14   if [ ! -f "${key_target}" ]; then
  15     (umask 077; openssl genrsa -out "${key_target}" 2048)
  16   fi
  17 else
  18   cp "$key" "${key_target}"
  19 fi
  20
  21 fqdn=$(postconf -h myhostname)
  22 cert_target=/etc/postfix/cert.pem
  23 if [ ! -n "$cert" ]; then
  24   if [ ! -f "${cert_target}" ]; then
  25     openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}"
  26   fi
  27 else
  28   cp "$cert" "${cert_target}"
  29 fi
  30
  31 cat >> /etc/postfix/main.cf << EOF
  32
  33 # Enable server-side STARTTLS.
  34 smtpd_tls_cert_file = /etc/postfix/cert.pem
  35 smtpd_tls_key_file = /etc/postfix/key.pem
  36 smtpd_tls_security_level = may
  37 EOF
  38 service postfix restart