evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace EDH key generation by DHE group file

Browse Source
This commit is contained in:
Antoine Nguyen
2023-12-15 11:55:11 +01:00
parent 4a2e9f2ec6
commit 7b990c9ff6
4 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modoboa_installer/config_dict_template.py
View File

@@ -346,6 +346,10 @@ ConfigDictTemplate = [
"option": "message_size_limit", "option": "message_size_limit",
"default": "11534336", "default": "11534336",
}, },
{
"option": "dhe_group",
"default": "4096"
}
] ]
}, },
{ {

2
modoboa_installer/scripts/base.py
View File

@@ -10,7 +10,7 @@ from .. import system
from .. import utils from .. import utils
class Installer(object): class Installer:
"""Simple installer for one application.""" """Simple installer for one application."""
appname = None appname = None

2
modoboa_installer/scripts/files/postfix/main.cf.tpl
View File

@@ -41,7 +41,7 @@ smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = %tls_key_file smtpd_tls_key_file = %tls_key_file
smtpd_tls_cert_file = %tls_cert_file smtpd_tls_cert_file = %tls_cert_file
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem smtpd_tls_dh1024_param_file = ${config_directory}/ffdhe%{dhe_group}.pem
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may smtpd_tls_security_level = may

16
modoboa_installer/scripts/postfix.py
View File

@@ -14,7 +14,6 @@ from . import backup, install
class Postfix(base.Installer): class Postfix(base.Installer):
"""Postfix installer.""" """Postfix installer."""
appname = "postfix" appname = "postfix"
@@ -51,7 +50,7 @@ class Postfix(base.Installer):
def get_template_context(self): def get_template_context(self):
"""Additional variables.""" """Additional variables."""
context = super(Postfix, self).get_template_context() context = super().get_template_context()
context.update({ context.update({
"db_driver": self.db_driver, "db_driver": self.db_driver,
"dovecot_mailboxes_owner": self.config.get( "dovecot_mailboxes_owner": self.config.get(
@@ -65,6 +64,13 @@ class Postfix(base.Installer):
}) })
return context return context
def check_dhe_group_file(self):
group = self.config.get(self.appname, "dhe_group")
file_name = f"ffdhe{group}.pem"
if not os.path.exists(f"{self.config_dir}/{file_name}"):
url = f"https://raw.githubusercontent.com/internetstandards/dhe_groups/main/{file_name}"
utils.exec_cmd(f"wget {url}", cwd=self.config_dir)
def post_run(self): def post_run(self):
"""Additional tasks.""" """Additional tasks."""
venv_path = self.config.get("modoboa", "venv_path") venv_path = self.config.get("modoboa", "venv_path")
@@ -86,10 +92,8 @@ class Postfix(base.Installer):
if not os.path.exists(path): if not os.path.exists(path):
utils.copy_file(os.path.join("/etc", f), path) utils.copy_file(os.path.join("/etc", f), path)
# Generate EDH parameters # Generate DHE group
if not os.path.exists("{}/dh2048.pem".format(self.config_dir)): self.check_dhe_group_file()
cmd = "openssl dhparam -dsaparam -out dh2048.pem 2048"
utils.exec_cmd(cmd, cwd=self.config_dir)
# Generate /etc/aliases.db file to avoid warnings # Generate /etc/aliases.db file to avoid warnings
aliases_file = "/etc/aliases" aliases_file = "/etc/aliases"