mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Generate a new dhparams file if one_dir is set. (Resolves: #530)
This improves security because each installation has it own generated dhparams file. See ticket #530 for more details.
This commit is contained in:
parent
a2f6591212
commit
91d34bc54e
|
@ -112,6 +112,7 @@ function register_functions() {
|
|||
_register_setup_function "_setup_security_stack"
|
||||
_register_setup_function "_setup_postfix_aliases"
|
||||
_register_setup_function "_setup_postfix_vhost"
|
||||
_register_setup_function "_setup_postfix_dhparam"
|
||||
|
||||
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
||||
_register_setup_function "_setup_postfix_relay_amazon_ses"
|
||||
|
@ -921,6 +922,25 @@ function _setup_postfix_relay_amazon_ses() {
|
|||
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
|
||||
}
|
||||
|
||||
function _setup_postfix_dhparam() {
|
||||
notify 'task' 'Setting up Postfix dhparam'
|
||||
if [ "$ONE_DIR" = 1 ];then
|
||||
DHPARAMS_FILE=/var/mail-state/lib-postfix/dhparams.pem
|
||||
if [ ! -f $DHPARAMS_FILE ]; then
|
||||
notify 'inf' "Generate new dhparams for postfix"
|
||||
mkdir -p $(dirname "$DHPARAMS_FILE")
|
||||
openssl dhparam -out $DHPARAMS_FILE 2048
|
||||
else
|
||||
notify 'inf' "Use dhparams that was generated previously"
|
||||
fi
|
||||
|
||||
# Copy from the state directpry to the working location
|
||||
rm /etc/postfix/dhparams.pem && cp $DHPARAMS_FILE /etc/postfix/dhparams.pem
|
||||
else
|
||||
notify 'inf' "No state dir, we use the dhparams generated on image creation"
|
||||
fi
|
||||
}
|
||||
|
||||
function _setup_security_stack() {
|
||||
notify 'task' "Setting up Security Stack"
|
||||
|
||||
|
|
Loading…
Reference in a new issue