X-Git-Url: https://plomlompom.com/repos/?a=blobdiff_plain;f=bin%2Fsetup_starttls.sh;fp=bin%2Fsetup_starttls.sh;h=3b306c211d4dba994b0acd6627fb663698d652c8;hb=2045b9e2aa5b7e14f8f421047b4ead3a5f77d680;hp=0000000000000000000000000000000000000000;hpb=7a0772ed0be72598677478ad9c4051306a258dd3;p=config

diff --git a/bin/setup_starttls.sh b/bin/setup_starttls.sh
new file mode 100755
index 0000000..3b306c2
--- /dev/null
+++ b/bin/setup_starttls.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -x
+set -e
+key=$1
+cert=$2
+
+if [ ! "$(id -u)" -eq "0" ]; then
+  echo "Must be run as root."
+  exit 1
+fi
+
+key_target=/etc/postfix/key.pem
+if [ ! -n "$key" ]; then
+  if [ ! -f "${key_target}" ]; then
+    (umask 077; openssl genrsa -out "${key_target}" 2048)
+  fi
+else
+  cp "$key" "${key_target}"
+fi
+
+fqdn=$(postconf -h myhostname)
+cert_target=/etc/postfix/cert.pem
+if [ ! -n "$cert" ]; then
+  if [ ! -f "${cert_target}" ]; then
+    openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}"
+  fi
+else
+  cp "$cert" "${cert_target}"
+fi
+
+cat >> /etc/postfix/main.cf << EOF
+
+# Enable server-side STARTTLS. 
+smtpd_tls_cert_file = /etc/postfix/cert.pem
+smtpd_tls_key_file = /etc/postfix/key.pem
+smtpd_tls_security_level = may
+EOF
+service postfix restart