dh.pem in /etc/dovecot/

This commit is contained in:
juvilius 2023-04-07 17:59:31 +02:00
parent 98d45df08e
commit 24b3e2f5b9
Signed by untrusted user who does not match committer: julius
GPG Key ID: 3EAC91A848E1D685

View File

@ -150,7 +150,7 @@ mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf
echo "Creating Dovecot config..." echo "Creating Dovecot config..."
openssl dhparam -out /etc/dovecot/dh.pem 4096 [ -f "/etc/dovecot/dh.pem" ] || openssl dhparam -out /etc/dovecot/dh.pem 4096
echo "# Dovecot config echo "# Dovecot config
# Note that in the dovecot conf, you can use: # Note that in the dovecot conf, you can use:
@ -165,7 +165,7 @@ ssl_key = <$certdir/privkey.pem
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_cipher_list = "'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED'" ssl_cipher_list = "'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED'"
ssl_prefer_server_ciphers = yes ssl_prefer_server_ciphers = yes
ssl_dh = </usr/share/dovecot/dh.pem ssl_dh = </etc/dovecot/dh.pem
auth_mechanisms = plain login auth_mechanisms = plain login
auth_username_format = %n auth_username_format = %n
@ -284,15 +284,15 @@ grep -q '127.0.0.1' /etc/postfix/dkim/trustedhosts 2>/dev/null ||
10.1.0.0/16' >> /etc/postfix/dkim/trustedhosts 10.1.0.0/16' >> /etc/postfix/dkim/trustedhosts
# ...and source it from opendkim.conf # ...and source it from opendkim.conf
grep -q '^KeyTable' /etc/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable grep -q '^KeyTable' /etc/opendkim/opendkim.conf 2>/dev/null || echo 'KeyTable file:/etc/postfix/dkim/keytable
SigningTable refile:/etc/postfix/dkim/signingtable SigningTable refile:/etc/postfix/dkim/signingtable
InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim.conf InternalHosts refile:/etc/postfix/dkim/trustedhosts' >> /etc/opendkim/opendkim.conf
sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim.conf sed -i '/^#Canonicalization/s/simple/relaxed\/simple/' /etc/opendkim/opendkim.conf
sed -i '/^#Canonicalization/s/^#//' /etc/opendkim.conf sed -i '/^#Canonicalization/s/^#//' /etc/opendkim/opendkim.conf
sed -i '/Socket/s/^#*/#/' /etc/opendkim.conf sed -i '/Socket/s/^#*/#/' /etc/opendkim/opendkim.conf
grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim.conf grep -q '^Socket\s*inet:12301@localhost' /etc/opendkim/opendkim.conf || echo 'Socket inet:12301@localhost' >> /etc/opendkim/opendkim.conf
# OpenDKIM daemon settings, removing previously activated socket. # OpenDKIM daemon settings, removing previously activated socket.
sed -i '/^SOCKET/d' /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim sed -i '/^SOCKET/d' /etc/default/opendkim && echo "SOCKET=\"inet:12301@localhost\"" >> /etc/default/opendkim