Laudende Default seite entfernen

scripts/40-postfix.sh

@@ -8,55 +8,61 @@ MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"
 
 log "Postfix konfigurieren …"
 
-postconf -e "myhostname = ${MAIL_HOSTNAME}"
-postconf -e "myorigin = \$myhostname"
-postconf -e "mydestination = "
-postconf -e "inet_interfaces = all"
-postconf -e "inet_protocols = ipv4"
-postconf -e "smtpd_banner = \$myhostname ESMTP"
+# --- Sicherheit & TLS-Rechte ---------------------------------------------------
+if [[ -e "${MAIL_KEY}" ]]; then
+  chgrp -R postfix /etc/mailwolt/ssl || true
+  chmod 750 /etc/mailwolt/ssl || true
+  chmod 640 /etc/mailwolt/ssl/key.pem /etc/mailwolt/ssl/cert.pem || true
+fi
 
-postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}"
-postconf -e "smtpd_tls_key_file  = ${MAIL_KEY}"
-postconf -e "smtpd_tls_security_level = may"
-postconf -e "smtp_tls_security_level  = may"
-postconf -e "smtpd_tls_received_header = yes"
-postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3"
-postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3"
-postconf -e "smtpd_tls_loglevel = 1"
-postconf -e "smtp_tls_loglevel = 1"
+# --- Basiskonfiguration --------------------------------------------------------
+/usr/sbin/postconf -e "myhostname = ${MAIL_HOSTNAME}"
+/usr/sbin/postconf -e "myorigin = \$myhostname"
+/usr/sbin/postconf -e "mydestination = "
+/usr/sbin/postconf -e "inet_interfaces = all"
+/usr/sbin/postconf -e "inet_protocols = ipv4"
+/usr/sbin/postconf -e "smtpd_banner = \$myhostname ESMTP"
 
-postconf -e "disable_vrfy_command = yes"
-postconf -e "smtpd_helo_required = yes"
+# --- TLS ----------------------------------------------------------------------
+/usr/sbin/postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}"
+/usr/sbin/postconf -e "smtpd_tls_key_file  = ${MAIL_KEY}"
+/usr/sbin/postconf -e "smtpd_tls_security_level = may"
+/usr/sbin/postconf -e "smtp_tls_security_level  = may"
+/usr/sbin/postconf -e "smtpd_tls_received_header = yes"
+/usr/sbin/postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3"
+/usr/sbin/postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3"
+/usr/sbin/postconf -e "smtpd_tls_loglevel = 1"
+/usr/sbin/postconf -e "smtp_tls_loglevel = 1"
 
-postconf -e "milter_default_action = accept"
-postconf -e "milter_protocol = 6"
-postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
-postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
+# --- SMTP Sicherheit ----------------------------------------------------------
+/usr/sbin/postconf -e "disable_vrfy_command = yes"
+/usr/sbin/postconf -e "smtpd_helo_required = yes"
 
-postconf -e "smtpd_sasl_type = dovecot"
-postconf -e "smtpd_sasl_path = private/auth"
-postconf -e "smtpd_sasl_auth_enable = yes"
-postconf -e "smtpd_sasl_security_options = noanonymous"
+# --- Milter -------------------------------------------------------------------
+/usr/sbin/postconf -e "milter_default_action = accept"
+/usr/sbin/postconf -e "milter_protocol = 6"
+/usr/sbin/postconf -e "smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
+/usr/sbin/postconf -e "non_smtpd_milters = inet:127.0.0.1:11332, inet:127.0.0.1:8891"
 
-postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
-postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination"
+# --- SASL Auth via Dovecot ----------------------------------------------------
+/usr/sbin/postconf -e "smtpd_sasl_type = dovecot"
+/usr/sbin/postconf -e "smtpd_sasl_path = private/auth"
+/usr/sbin/postconf -e "smtpd_sasl_auth_enable = yes"
+/usr/sbin/postconf -e "smtpd_sasl_security_options = noanonymous"
 
-postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s"
+# --- Recipient & Relay Restriction --------------------------------------------
+/usr/sbin/postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+/usr/sbin/postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination"
 
-postconf -M "submission/inet=submission inet n - n - - smtpd \
-  -o syslog_name=postfix/submission \
-  -o smtpd_tls_security_level=encrypt \
-  -o smtpd_tls_auth_only=yes \
-  -o smtpd_sasl_auth_enable=yes \
-  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
+# --- Listener / Master.cf Definition ------------------------------------------
+/usr/sbin/postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s"
+/usr/sbin/postconf -M "submission/inet=submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_peername_lookup=no -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
+/usr/sbin/postconf -M "smtps/inet=smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_peername_lookup=no -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
 
-postconf -M "smtps/inet=smtps inet n - n - - smtpd \
-  -o syslog_name=postfix/smtps \
-  -o smtpd_tls_wrappermode=yes \
-  -o smtpd_tls_auth_only=yes \
-  -o smtpd_sasl_auth_enable=yes \
-  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
+# postscreen ggf. deaktivieren (verhindert Port-Konflikte)
+sed -i 's/^[[:space:]]*smtp[[:space:]]\+inet[[:space:]]\+.*postscreen/# &/' /etc/postfix/master.cf || true
 
+# --- SQL Maps -----------------------------------------------------------------
 install -d -o root -g postfix -m 750 /etc/postfix/sql
 
 cat > /etc/postfix/sql/mysql-virtual-mailbox-maps.cf <<CONF
@@ -87,4 +93,5 @@ CONF
 chown root:postfix /etc/postfix/sql/mysql-virtual-alias-maps.cf
 chmod 640 /etc/postfix/sql/mysql-virtual-alias-maps.cf
 
+# --- Aktivieren, Start erfolgt später durch 90-services.sh --------------------
 systemctl enable postfix >/dev/null 2>&1 || true