From c95dea76f60077bb29bd973ffbefdd3f8d39d082 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Wed, 19 Aug 2015 15:47:20 +0200 Subject: [PATCH] Added better check on self-signed certs. for #14 --- README.md | 9 +++++---- start-mailserver.sh | 15 ++++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 39e6048e..17bf376c 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Additional informations: - aliases and fowards/redirects are managed in `./postfix/virtual` - antispam are rules are managed in `./spamassassin/rules.cf` - files must be mounted to `/tmp` in your container (see `docker-compose.yml` template) -- ssl is strongly recommended, you can provide a specific certificate (csr/key files), see below +- ssl is strongly recommended, you can provide a specific certificate, see below ## installation @@ -80,15 +80,16 @@ You can easily generate a self-signed SSL certificate by using the following com # will generate: # postfix/ssl/mail.my-domain.com-key.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-req.pem + # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files) # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-combined.pem (used for courier) + # postfix/ssl/mail.my-domain.com-combined.pem (used in courier) + # postfix/ssl/demoCA/cacert.pem (certificate authority) Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument. ## configure ssl certificate (convention over configuration) -If a matching certificate (with `.key` and `.csr` files) is found in `postfix/ssl`, it will be automatically configured in postfix. You just have to place `mail.my-domain.com.key` and `mail.my-domain.com.csr` for domain `mail.my-domain.com` in `postfix/ssl` folder. +If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. # client configuration diff --git a/start-mailserver.sh b/start-mailserver.sh index e73c4e2d..84efc29f 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -31,16 +31,25 @@ postmap /etc/postfix/vmailbox postmap /etc/postfix/virtual cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp -# Adding SSL certificate if provided in 'postfix/ssl' folder -if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ]; then +# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder +if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \ +&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \ +&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \ +&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then echo "Adding $(hostname) SSL certificate" - cp -r /tmp/postfix/ssl /etc/postfix/ssl + mkdir -p /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl + # Postfix configuration sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf ln -s /etc/postfix/ssl/demoCA/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem + # Courier configuration sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl fi