[D-community-commits] r204 - in trunk/fai-config-dir: files/etc files/etc/imapd.conf files/etc/postfix/main.cf files/etc/postfix/master.cf files/etc/ssl files/etc/ssl/certs files/etc/ssl/certs/debian_community.pem scripts/DEFAULT scripts/MAILSERVER

nd-guest at alioth.debian.org nd-guest at alioth.debian.org
Thu Jan 10 21:40:44 UTC 2008 

Author: nd-guest
Date: 2008-01-10 21:40:44 +0000 (Thu, 10 Jan 2008)
New Revision: 204

Added:
   trunk/fai-config-dir/files/etc/ssl/
   trunk/fai-config-dir/files/etc/ssl/certs/
   trunk/fai-config-dir/files/etc/ssl/certs/debian_community.pem/
   trunk/fai-config-dir/files/etc/ssl/certs/debian_community.pem/DEFAULT
   trunk/fai-config-dir/scripts/DEFAULT/80-certs
Modified:
   trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER
   trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER
   trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER
   trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus
Log:
Add tls support


Modified: trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER	2008-01-09 10:13:56 UTC (rev 203)
+++ trunk/fai-config-dir/files/etc/imapd.conf/MAILSERVER	2008-01-10 21:40:44 UTC (rev 204)
@@ -201,10 +201,10 @@
 
 # File containing the global certificate used for ALL services (imap, pop3,
 # lmtp, sieve)
-#tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
+tls_cert_file: /etc/ssl/certs/debian_community.pem
 
 # File containing the private key belonging to the global server certificate.
-#tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
+tls_key_file: /etc/ssl/private/debian_community.key
 
 # File containing the certificate used for imap. If not specified, the global
 # certificate is used.  A value of "disabled" will disable SSL/TLS for imap.
@@ -243,7 +243,7 @@
 #sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key
 
 # File containing one or more Certificate Authority (CA) certificates.
-#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
+tls_ca_file: /etc/ssl/certs/ca.pem
 
 # Path to directory with certificates of CAs.
 tls_ca_path: /etc/ssl/certs

Modified: trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER	2008-01-09 10:13:56 UTC (rev 203)
+++ trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER	2008-01-10 21:40:44 UTC (rev 204)
@@ -16,9 +16,12 @@
 #delay_warning_time = 4h
 
 # TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/ssl/certs/debian_community.pem
+smtpd_tls_key_file=/etc/ssl/private/debian_community.key
+smtpd_tls_CAfile=/etc/ssl/certs/ca.pem
 smtpd_use_tls=yes
+smtpd_tls_security_level = may
+#smtpd_tls_loglevel = 3
 smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
 

Modified: trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER	2008-01-09 10:13:56 UTC (rev 203)
+++ trunk/fai-config-dir/files/etc/postfix/master.cf/MAILSERVER	2008-01-10 21:40:44 UTC (rev 204)
@@ -11,10 +11,10 @@
 #  -o smtpd_enforce_tls=yes
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#smtps     inet  n       -       -       -       -       smtpd
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet  n       -       -       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #628      inet  n       -       -       -       -       qmqpd
 pickup    fifo  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup

Added: trunk/fai-config-dir/files/etc/ssl/certs/debian_community.pem/DEFAULT
===================================================================
--- trunk/fai-config-dir/files/etc/ssl/certs/debian_community.pem/DEFAULT	                        (rev 0)
+++ trunk/fai-config-dir/files/etc/ssl/certs/debian_community.pem/DEFAULT	2008-01-10 21:40:44 UTC (rev 204)
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEZjCCAk6gAwIBAgIDBIaGMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTA4MDExMDE4NDY0NVoXDTA4MDcwODE4NDY0NVowITEf
+MB0GA1UEAxQWKi5kZWJpYW4tY29tbXVuaXR5Lm9yZzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEArca50qf9zn7Vww1tW0aBvgHcYNNHJLZ4PwDzPIOoE1pgjeDU
+/U9XAiumm9W/myoHLmj7z2yK8YBRcV9xhc0CaUSdKKg7rdPqW31zxrcJMNsmzY/N
+AA4b7kt/HLybAkGXRtWHSws3Y5yHvwtKTlqWy2qtNbWaI5BKDO0342Hg+H8CAwEA
+AaOB0jCBzzAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEF
+BQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEF
+BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMEcG
+A1UdEQRAMD6CFiouZGViaWFuLWNvbW11bml0eS5vcmegJAYIKwYBBQUHCAWgGAwW
+Ki5kZWJpYW4tY29tbXVuaXR5Lm9yZzANBgkqhkiG9w0BAQUFAAOCAgEANRAF63nP
+PMUPKR2PLu3x2OiS5UCVNpRxEIP+e0XEjjQzOU3w6vVgUMdDMLE5E7UpZUrpRkNQ
+1YCE+Z0XaMkKQ8Fm+PJblIZ3u/7cIWjOJQjr8MXkCAeSCngxH2vj3gzq5vzO1GSz
+rD+D2D1aYimwkOTkG0N6pKdqKSDS0oXM7WwUrnnqMWgVcF6yLjjUQ594zWdDMao8
+wNiahmLYpDTijG1ol5L6kczCqmMDfOQeWfL7dAMZvrDrwHwRd/6M702WtUb20WvR
+bGtQwr+TW3r6W5wlRFZyJpae23hgRTGwC0K2eGA//KqeWsMBCMBylNAkQ+m0FsiU
+o/J2sD4OlEMMyc4i+5KANDo9Rt8x2qYJ+lNO8tn217MSY7CeUl5PlIarwOpYcVkU
+jT4/J/yHznJ9Zy195VeqH6NuOdXTVdUNUmb3mm6CcRmBdwbFGhiuvxaPveoeAI1k
+BGD5kTrYfBna8RrL9HSaQppJOoyEL5SvY6NDx04ZSW3zLkhs2llaAMe6Ad+xR/nS
+2LXmB/f1WxwD6tHVtjkBigj7Gyazurl65kuRtdH4aYXbpXtO5EOzl2lUGpN95oqv
+xyx4aV7i+ppwZvCxns7scg/QPdwvglr70aqTOXqUZ5k1MxKmhWWgidmi69slqFvJ
+2oPu/OyiFYxBkY7yG8lzsUpKbHY/GQnMtmg=
+-----END CERTIFICATE-----

Added: trunk/fai-config-dir/scripts/DEFAULT/80-certs
===================================================================
--- trunk/fai-config-dir/scripts/DEFAULT/80-certs	                        (rev 0)
+++ trunk/fai-config-dir/scripts/DEFAULT/80-certs	2008-01-10 21:40:44 UTC (rev 204)
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+fcopy -riM /etc/ssl/certs/


Property changes on: trunk/fai-config-dir/scripts/DEFAULT/80-certs
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus
===================================================================
--- trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus	2008-01-09 10:13:56 UTC (rev 203)
+++ trunk/fai-config-dir/scripts/MAILSERVER/50-cyrus	2008-01-10 21:40:44 UTC (rev 204)
@@ -9,3 +9,5 @@
     $ROOTCMD /etc/init.d/postfix/restart
     $ROOTCMD /etc/init.d/cyrus2.2 restart
 fi   
+
+$ROOTCMD adduser cyrus ssl-cert > /dev/null

More information about the D-community-commits mailing list