|
Christoph Galuschka |
490c76 |
y#!/bin/sh
|
|
Christoph Galuschka |
490c76 |
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
t_Log "Running $0 - Postfix plain SASL test."
|
|
Christoph Galuschka |
490c76 |
t_Log "Installing prerequisits"
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
t_InstallPackage openssl
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#creating backups of changed files
|
|
Christoph Galuschka |
490c76 |
cp -a /etc/postfix/main.cf /etc/postfix/main.cf_testing
|
|
Christoph Galuschka |
490c76 |
if [ $centos_ver = 5 ]
|
|
Christoph Galuschka |
490c76 |
then
|
|
Christoph Galuschka |
490c76 |
cp -a /etc/dovecot.conf /etc/dovecot.conf_testing
|
|
Christoph Galuschka |
490c76 |
else
|
|
Christoph Galuschka |
490c76 |
cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf_testing
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#creating certificates
|
|
Christoph Galuschka |
490c76 |
TESTDIR='/var/tmp/openssl-test'
|
|
Christoph Galuschka |
490c76 |
mkdir $TESTDIR
|
|
Christoph Galuschka |
490c76 |
t_Log "creating private key"
|
|
Christoph Galuschka |
490c76 |
if [ $centos_ver = 6 ]
|
|
Christoph Galuschka |
490c76 |
then
|
|
Christoph Galuschka |
490c76 |
openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
else
|
|
Christoph Galuschka |
490c76 |
openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
490c76 |
then t_Log "Creation of private key failed."
|
|
Christoph Galuschka |
490c76 |
ret_val=1
|
|
Christoph Galuschka |
490c76 |
exit
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#create default answer file
|
|
Christoph Galuschka |
490c76 |
cat > $TESTDIR/openssl_answers<
|
|
Christoph Galuschka |
490c76 |
[ req ]
|
|
Christoph Galuschka |
490c76 |
default_bits = 2048
|
|
Christoph Galuschka |
490c76 |
distinguished_name = req_distinguished_name
|
|
Christoph Galuschka |
490c76 |
string_mask = nombstr
|
|
Christoph Galuschka |
490c76 |
[ req_distinguished_name ]
|
|
Christoph Galuschka |
490c76 |
countryName = Country Name (2 letter code)
|
|
Christoph Galuschka |
490c76 |
countryName_default = UK
|
|
Christoph Galuschka |
490c76 |
stateOrProvinceName = State or Province Name (full name)
|
|
Christoph Galuschka |
490c76 |
stateOrProvinceName_default = somestate
|
|
Christoph Galuschka |
490c76 |
localityName = Locality Name (eg, city)
|
|
Christoph Galuschka |
490c76 |
localityName_default = somecity
|
|
Christoph Galuschka |
490c76 |
0.organizationName = Organization Name (eg, company)
|
|
Christoph Galuschka |
490c76 |
0.organizationName_default = CentOS-Project
|
|
Christoph Galuschka |
490c76 |
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
Christoph Galuschka |
490c76 |
organizationalUnitName_default = CentOS
|
|
Christoph Galuschka |
490c76 |
EOF
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
t_Log "creating server key"
|
|
Christoph Galuschka |
490c76 |
if [ $centos_ver = 6 ]
|
|
Christoph Galuschka |
490c76 |
then
|
|
Christoph Galuschka |
490c76 |
openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
else
|
|
Christoph Galuschka |
490c76 |
openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
490c76 |
then t_Log "Creation of server key failed."
|
|
Christoph Galuschka |
490c76 |
ret_val=1
|
|
Christoph Galuschka |
490c76 |
exit
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
490c76 |
then t_Log "Creation of CSR failed."
|
|
Christoph Galuschka |
490c76 |
ret_val=1
|
|
Christoph Galuschka |
490c76 |
exit
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
t_Log "creating server certificate"
|
|
Christoph Galuschka |
490c76 |
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
|
|
Christoph Galuschka |
490c76 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
490c76 |
then t_Log "Creation of CRT failed."
|
|
Christoph Galuschka |
490c76 |
ret_val=1
|
|
Christoph Galuschka |
490c76 |
exit
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#copy files to destinations
|
|
Christoph Galuschka |
490c76 |
cp -a $TESTDIR/server.crt /etc/pki/tls/certs/
|
|
Christoph Galuschka |
490c76 |
cp -a $TESTDIR/server.key /etc/pki/tls/private/
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#adding parameters to postfix
|
|
Christoph Galuschka |
490c76 |
cat >> /etc/postfix/main.cf <
|
|
Christoph Galuschka |
490c76 |
smtpd_sasl_auth_enable = yes
|
|
Christoph Galuschka |
490c76 |
broken_sasl_auth_clients = yes
|
|
Christoph Galuschka |
490c76 |
smtpd_sasl_type = dovecot
|
|
Christoph Galuschka |
490c76 |
smtpd_sasl_path = private/auth
|
|
Christoph Galuschka |
490c76 |
smtpd_sasl_security_options = noanonymous
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_security_level = may
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert
|
|
Christoph Galuschka |
490c76 |
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_loglevel = 1
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_session_cache_timeout = 3600s
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
|
|
Christoph Galuschka |
490c76 |
tls_random_source = dev:/dev/urandom
|
|
Christoph Galuschka |
490c76 |
smtpd_tls_auth_only = yes
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
smtpd_recipient_restrictions =
|
|
Christoph Galuschka |
490c76 |
permit_mynetworks,
|
|
Christoph Galuschka |
490c76 |
permit_sasl_authenticated,
|
|
Christoph Galuschka |
490c76 |
reject_unauth_destination
|
|
Christoph Galuschka |
490c76 |
EOF
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#adding parameters to dovecot
|
|
Christoph Galuschka |
490c76 |
if [ $centos_ver = 5 ]
|
|
Christoph Galuschka |
490c76 |
then
|
|
Christoph Galuschka |
490c76 |
cat > /etc/dovecot.conf <
|
|
Christoph Galuschka |
490c76 |
protocol imap {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
protocol pop3 {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
protocol lda {
|
|
Christoph Galuschka |
490c76 |
postmaster_address = postmaster@example.com
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
auth default {
|
|
Christoph Galuschka |
490c76 |
mechanisms = plain
|
|
Christoph Galuschka |
490c76 |
passdb pam {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
userdb passwd {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
user = root
|
|
Christoph Galuschka |
490c76 |
socket listen {
|
|
Christoph Galuschka |
490c76 |
client {
|
|
Christoph Galuschka |
490c76 |
path = /var/spool/postfix/private/auth
|
|
Christoph Galuschka |
490c76 |
mode = 0660
|
|
Christoph Galuschka |
490c76 |
user = postfix
|
|
Christoph Galuschka |
490c76 |
group = postfix
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
dict {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
plugin {
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
EOF
|
|
Christoph Galuschka |
490c76 |
else
|
|
Christoph Galuschka |
490c76 |
cat >> /etc/dovecot/dovecot.conf <
|
|
Christoph Galuschka |
490c76 |
service auth {
|
|
Christoph Galuschka |
490c76 |
unix_listener /var/spool/postfix/private/auth {
|
|
Christoph Galuschka |
490c76 |
mode = 0660
|
|
Christoph Galuschka |
490c76 |
user = postfix
|
|
Christoph Galuschka |
490c76 |
group = postfix
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
}
|
|
Christoph Galuschka |
490c76 |
EOF
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#restarting services
|
|
Christoph Galuschka |
490c76 |
t_ServiceControl postfix restart
|
|
Christoph Galuschka |
490c76 |
t_ServiceControl dovecot restart
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
#Running test
|
|
Christoph Galuschka |
490c76 |
t_Log "Testing if postfix accepts connections and offers STARTTLS"
|
|
Christoph Galuschka |
490c76 |
echo "ehlo test" | nc -w 3 localhost 25 | grep -q 'STARTTLS'
|
|
Christoph Galuschka |
490c76 |
ret_val=$?
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
# restoring changed files
|
|
Christoph Galuschka |
490c76 |
mv -f /etc/postfix/main.cf_testing /etc/postfix/main.cf
|
|
Christoph Galuschka |
490c76 |
if [ $centos_ver = 5 ]
|
|
Christoph Galuschka |
490c76 |
then
|
|
Christoph Galuschka |
490c76 |
mv -f /etc/dovecot.conf_testing /etc/dovecot.conf
|
|
Christoph Galuschka |
490c76 |
else
|
|
Christoph Galuschka |
490c76 |
mv -f /etc/dovecot/dovecot.conf_testing /etc/dovecot/dovecot.conf
|
|
Christoph Galuschka |
490c76 |
fi
|
|
Christoph Galuschka |
490c76 |
rm -rf $TESTDIR/server.*
|
|
Christoph Galuschka |
490c76 |
rm -rf /etc/pki/tls/certs/server.crt
|
|
Christoph Galuschka |
490c76 |
rm -rf /etc/pki/tls/private/server.key
|
|
Christoph Galuschka |
490c76 |
|
|
Christoph Galuschka |
490c76 |
t_CheckExitStatus $ret_val
|