blob: 8b695bab7102d45fc5fb4419c30f6a6d3c22430c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#!/bin/bash
# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail-ldap/files/1.03-r4/qmail-genrsacert.sh,v 1.1 2004/05/30 10:52:45 robbat2 Exp $
# Robin H. Johnson <robbat2@gentoo.org> - October 17, 2003
# This file generates the static temporary RSA keys needed for qmail to encrypt messages
# It should be run from a crontab, once a day is ok on low load machines, but
# if you do lots of mail, once per hour is more reasonable
# if you do NOT create the rsa512.pem, qmail will generate it on the fly for
# each connection, which can be VERY slow.
if [ -z "${ROOT}" -o "${ROOT}" = "/" ]; then
confdir=/var/qmail/control
else
confdir=${ROOT}/var/qmail/control
fi
pemfile="${confdir}/rsa512.pem"
tmpfile="${confdir}/rsa512.pem.tmp"
# this is the number of bits in the key
# it should be a power of 2 ideally
# and it must be more than 64!
bits="512"
# the key should be 0600
# which is readable by qmaild only!
umaskvalue="0077"
uid="qmaild"
gid="qmail"
umask ${umaskvalue} ;
# we need to make sure that all of the operations succeed
/usr/bin/openssl genrsa -out ${tmpfile} ${bits} 2>/dev/null && \
/bin/chown ${uid}:${gid} ${tmpfile} && \
/bin/mv -f ${tmpfile} ${pemfile}
|