Skip to content

Commit

Permalink
Merge pull request #531 from modoboa/fix/postfix_dhe_group
Browse files Browse the repository at this point in the history 
Replace EDH key generation by DHE group file
  • Loading branch information
@tonioo
tonioo committed Dec 15, 2023
2 parents 4a2e9f2 + 7b990c9 commit 8942836
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 8 deletions.
4 changes: 4 additions & 0 deletions modoboa_installer/config_dict_template.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,10 @@ def is_email(user_input):
"option": "message_size_limit",
"default": "11534336",
},
{
"option": "dhe_group",
"default": "4096"
}
]
},
{
Expand Down
2 changes: 1 addition & 1 deletion modoboa_installer/scripts/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
from .. import utils


class Installer(object):
class Installer:
"""Simple installer for one application."""

appname = None
Expand Down
2 changes: 1 addition & 1 deletion modoboa_installer/scripts/files/postfix/main.cf.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ smtpd_tls_auth_only = no
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_key_file = %tls_key_file
smtpd_tls_cert_file = %tls_cert_file
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh1024_param_file = ${config_directory}/ffdhe%{dhe_group}.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_security_level = may
Expand Down
16 changes: 10 additions & 6 deletions modoboa_installer/scripts/postfix.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@


class Postfix(base.Installer):

"""Postfix installer."""

appname = "postfix"
Expand Down Expand Up @@ -51,7 +50,7 @@ def install_packages(self):

def get_template_context(self):
"""Additional variables."""
context = super(Postfix, self).get_template_context()
context = super().get_template_context()
context.update({
"db_driver": self.db_driver,
"dovecot_mailboxes_owner": self.config.get(
Expand All @@ -65,6 +64,13 @@ def get_template_context(self):
})
return context

def check_dhe_group_file(self):
group = self.config.get(self.appname, "dhe_group")
file_name = f"ffdhe{group}.pem"
if not os.path.exists(f"{self.config_dir}/{file_name}"):
url = f"https://raw.githubusercontent.com/internetstandards/dhe_groups/main/{file_name}"
utils.exec_cmd(f"wget {url}", cwd=self.config_dir)

def post_run(self):
"""Additional tasks."""
venv_path = self.config.get("modoboa", "venv_path")
Expand All @@ -86,10 +92,8 @@ def post_run(self):
if not os.path.exists(path):
utils.copy_file(os.path.join("/etc", f), path)

# Generate EDH parameters
if not os.path.exists("{}/dh2048.pem".format(self.config_dir)):
cmd = "openssl dhparam -dsaparam -out dh2048.pem 2048"
utils.exec_cmd(cmd, cwd=self.config_dir)
# Generate DHE group
self.check_dhe_group_file()

# Generate /etc/aliases.db file to avoid warnings
aliases_file = "/etc/aliases"
Expand Down

0 comments on commit 8942836

Please sign in to comment.