home · contact · privacy
Improve websites server setup.
[config] / bin / setup_starttls.sh
1 #!/bin/sh
2 set -x
3 set -e
4 key=$1
5 cert=$2
6
7 if [ ! "$(id -u)" -eq "0" ]; then
8   echo "Must be run as root."
9   exit 1
10 fi
11
12 key_target=/etc/postfix/key.pem
13 if [ ! -n "$key" ]; then
14   if [ ! -f "${key_target}" ]; then
15     (umask 077; openssl genrsa -out "${key_target}" 2048)
16   fi
17 else
18   cp "$key" "${key_target}"
19 fi
20
21 fqdn=$(postconf -h myhostname)
22 cert_target=/etc/postfix/cert.pem
23 if [ ! -n "$cert" ]; then
24   if [ ! -f "${cert_target}" ]; then
25     openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}"
26   fi
27 else
28   cp "$cert" "${cert_target}"
29 fi
30
31 cat >> /etc/postfix/main.cf << EOF
32
33 # Enable server-side STARTTLS. 
34 smtpd_tls_cert_file = /etc/postfix/cert.pem
35 smtpd_tls_key_file = /etc/postfix/key.pem
36 smtpd_tls_security_level = may
37 EOF
38 service postfix restart