summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-11-29 12:14:18 +0000
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-11-29 12:15:10 +0000
commit87bc6b242461ff64b3b505ca0242755133c9f4cb (patch)
treeff10719ba74429cb0d32739d80c7b29c71847a32
parent6d473681548dbc1f809fc439d23c29ff71292a79 (diff)
downloadpykolab-87bc6b242461ff64b3b505ca0242755133c9f4cb.tar.gz
Correct the configuration of the path to the certificate file to use for SSL/TLS (#1397)
-rw-r--r--pykolab/setup/setup_mta.py18
1 files changed, 13 insertions, 5 deletions
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index c0dddf2..7fce975 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -198,8 +198,6 @@ result_attribute = mail
"transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf",
"virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
"smtpd_tls_auth_only": "yes",
- "smtpd_tls_cert_file": "/etc/pki/tls/private/localhost.pem",
- "smtpd_tls_key_file": "/etc/pki/tls/private/localhost.pem",
"smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
"smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
"submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
@@ -209,6 +207,19 @@ result_attribute = mail
}
+ if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
+ subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+ else:
+ if os.path.isfile('/etc/ssl/private/postfix.pem'):
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/ssl/private/postfix.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/ssl/private/postfix.pem"
+ else:
+ log.error(_("No certificate found for Postfix, please supply one at /etc/pki/tls/private/localhost.pem."))
+ postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
+ postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
+
if not os.path.isfile('/etc/postfix/main.cf'):
if os.path.isfile('/usr/share/postfix/main.cf.debian'):
shutil.copy(
@@ -265,9 +276,6 @@ result_attribute = mail
log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf"))
return
- if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
- subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem'])
-
amavisd_settings = {
'ldap_server': 'localhost',
'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),