postinst is in mail-stack-delivery 1:2.2.33.2-1ubuntu4.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 | #!/bin/sh
set -e
POSTFIX_BCKFILE="/var/backups/mail-stack-delivery/main.cf-backup"
set_postfix_option() {
opt="$1"
# Backup the existion value of the option
postconf $(echo ${opt} | cut -d= -f1) >> ${POSTFIX_BCKFILE} || true
# Set the new value of the option
postconf -e "${opt}"
echo -n '.'
}
backup() {
file="${1}"
if [ -e "${file}" ]; then
backup=$(mktemp "${file}.backup.XXXXX")
echo "Backing up old ${file} to ${backup}"
mv "${file}" "${backup}"
fi
}
if [ "$1" = "configure" ]; then
# Note: ssl upgrade handling can be dropped after 18.04 as snakeoil
# support is in Debian now
# - this section formerly set up the symlinks to snakeoil (now dovecot-core)
# - /etc/dovecot/conf.d/10-ssl.conf is managed by ucf in dovecot-core since
# this version
# - due to depends this will run AFTER the configure of dovecot-core
# - This is special since Debian took different (better) config paths
# - Keys are now set up by dovecot-core, but we need to care about old
# configs done by mail-stack-delivery to "transfer" as smooth as possible.
# The old config by mail-stack-delivery was: keys prepared (different
# paths), but not enabled in /etc/dovecot/conf.d/10-ssl.conf
#
# First part: SSL upgrade handling mail-stack-delivery -> dovecot-core
# We have the following cases on upgrade:
# A - If a user opted to take the new config
# A1 - formerly used the default config, then ssl was prepared but not
# enabled. So in this case just create the same default as a "new
# install" would now (default -> default without collisions).
# A2 - formerly used a custom config but now chose maintainers version.
# This throws away custom ssl config intentionally - set it up as
# on a new install as well in that case.
# So A1 == A2 and would be the default, but if mail-stack-delivery was
# installed the existance of /etc/dovecot/private/dovecot.pem has
# blocked the creation of the new keys in dovecot-core.
# B - If a user kept a custom config, then we keep all files as-is to
# continue to work as it was before and not set up any "new" ssl things.
# A/B can be fully decided AFTER dovecot-core installed (via query to ucf)
# Since mail-stack-delivery depends on dovecot-core it will be configured
# after it.
#
# Second part: SSL upgrade handling mail-stack-delivery -> dovecot-core
# If a user opted to "keep" an old custom 10-ssl.conf he won't get the
# enablement via that.
# Therefore if 99-mail-stack-delivery.conf matched the old logged md5sum
# it was auto-upgraded, but in this special case we want to keep it.
#
# - le-nl considers empty versions (new install) as greater, so no match
# in that case (as intended)
if [ -n "$2" ] && dpkg --compare-versions -- "$2" le-nl "1:2.2.33.2-1ubuntu1~"; then
msdconf="/etc/dovecot/conf.d/99-mail-stack-delivery.conf"
sslconf="/etc/dovecot/conf.d/10-ssl.conf"
customconf=$(ucfq --with-colons "${sslconf}" | cut -d':' -f 4)
if [ ! "x${customconf}" = "xYes" ]; then
# Default config is in use, set up keys
newcert="/etc/dovecot/private/dovecot.pem"
oldcert="/etc/dovecot/dovecot.pem"
newkey="/etc/dovecot/private/dovecot.key"
oldkey="/etc/dovecot/private/dovecot.pem"
# Remove old mail-stack-delivery SSL artifacts
# (Never really remove, as it could be complex or expensive to restore)
echo "The system is using the new Dovecot Key/Cert paths,"
echo "update Key/Cert formerly set up by mail-stack-delivery to match."
backup "/etc/dovecot/dovecot.pem"
backup "/etc/dovecot/private/dovecot.pem"
# Backup potential other artifact on the key path
backup "/etc/dovecot/private/dovecot.key"
# Add debian-core style snakeoil links
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem "${newcert}"
ln -s /etc/ssl/private/ssl-cert-snakeoil.key "${newkey}"
# Once here the user chose to take the new defaults, so we "moved" the
# formerly used cert paths in dovecot (above), in this case we also need
# to modify the postfix conf to follow as well.
if [ -f "/etc/postfix/main.cf" ]; then # postfix conf exists
if [ -f "$POSTFIX_BCKFILE" ]; then # this is a "normal" case modified by mail-stack-delivery
curcert=$(postconf smtpd_tls_cert_file | cut -d= -f2 | tr -d ' ')
curkey=$(postconf smtpd_tls_key_file | cut -d= -f2 | tr -d ' ')
if [ "${curcert}" = "${oldcert}" -a "${curkey}" = "${oldkey}" ]; then
# Config is still on the defaults that mail-stack-delivery set up
echo "Postfix conf still on mail-stack-delivery defaults, auto-following dovecot changes"
set_postfix_option "smtpd_tls_cert_file = ${newcert}"
set_postfix_option "smtpd_tls_key_file = ${newkey}"
else
echo "Dovecot/Mail-Stack-Delivery now use the new default key paths"
echo "key: ${newkey}"
echo "cert: ${newcert}"
echo "But the local postfix configuration was modified,"
echo "thereby postfix will not be updated automatically."
echo "Current postfix-key: ${curkey}"
echo "Current postfix-cert: ${curcert}"
echo "Please update manually to match your required configuration"
fi
fi
fi
else
# Kept custom config, so we want to ensure we don't auto-upgrade
# 99-mail-stack-delivery.conf to the ssl disabled version that relies on
# 10-ssl.conf to do so.
if [ -e "${msdconf}.olddefault" ]; then
echo "Custom ${sslconf}, so retain former ${msdconf}"
mv "${msdconf}" "${msdconf}.newdefault"
backup "${msdconf}.newdefault"
mv "${msdconf}.olddefault" "${msdconf}"
fi
fi
# remove unconditionally after upgrade handling, keep backup for fallback
backup "${msdconf}.olddefault"
fi
# Configure postfix either on new install
# or if the postfix backup file is no longer there
# (only deleted when the pkg is removed)
if [ -f "/etc/postfix/main.cf" ]; then
if [ -e "$POSTFIX_BCKFILE" ]; then
cp "$POSTFIX_BCKFILE" "${POSTFIX_BCKFILE}-$(date +%Y%m%d%H%M)"
fi
if [ -z "$2" -o ! -e "$POSTFIX_BCKFILE" ]; then
if which postconf >/dev/null; then
# Setup postfix
SSL_CERT=$( (grep -m 1 "^ssl_cert" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2 | tr -d '< ')
SSL_KEY=$( (grep -m 1 "^ssl_key" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/ssl/private/dovecot.pem') | cut -d'=' -f2 | tr -d '< ')
echo 'Mail stack delivery changes some postfix settings.'
echo 'Old values are stored in '$POSTFIX_BCKFILE'.'
echo 'Feel free to revert any of them when the process is done.'
echo 'Configuring postfix for mail-stack-delivery integration: '
set_postfix_option "home_mailbox = Maildir/"
set_postfix_option "smtpd_sasl_auth_enable = yes"
set_postfix_option "smtpd_sasl_type = dovecot"
set_postfix_option "smtpd_sasl_path = private/dovecot-auth"
set_postfix_option "smtpd_sasl_authenticated_header = yes"
set_postfix_option "smtpd_sasl_security_options = noanonymous"
set_postfix_option "smtpd_sasl_local_domain = \$myhostname"
set_postfix_option "broken_sasl_auth_clients = yes"
set_postfix_option "smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
set_postfix_option "smtpd_sender_restrictions = reject_unknown_sender_domain"
set_postfix_option "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m \"\${EXTENSION}\""
set_postfix_option "smtpd_tls_cert_file = ${SSL_CERT}"
set_postfix_option "smtpd_tls_key_file = ${SSL_KEY}"
set_postfix_option "smtpd_use_tls = yes"
set_postfix_option "smtp_use_tls = yes"
set_postfix_option "smtpd_tls_received_header = yes"
set_postfix_option "smtpd_tls_auth_only = yes"
set_postfix_option "tls_random_source = dev:/dev/urandom"
echo ' done.'
fi
fi
else
echo ""
echo "Postfix not configured. Run"
echo "sudo dpkg-reconfigure postfix and choose"
echo "the type of mail server. Then run"
echo "sudo dpkg-reconfigure mail-stack-delivery to"
echo "finish mail-stack-delivery installation."
echo ""
fi
if [ -x "/etc/init.d/dovecot" ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
invoke-rc.d dovecot restart
else
service dovecot restart
fi
fi
if [ -x "/etc/init.d/postfix" ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
invoke-rc.d postfix restart
else
service postfix restart
fi
fi
fi
|