diff options
Diffstat (limited to 'mail-mta/netqmail/files/qmail-genrsacert.sh')
| -rw-r--r-- | mail-mta/netqmail/files/qmail-genrsacert.sh | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/mail-mta/netqmail/files/qmail-genrsacert.sh b/mail-mta/netqmail/files/qmail-genrsacert.sh new file mode 100644 index 000000000000..04ecda9136cf --- /dev/null +++ b/mail-mta/netqmail/files/qmail-genrsacert.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/qmail-genrsacert.sh,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# Robin H. Johnson <robbat2@gentoo.org> - October 17, 2003 +# +# This file generates the static temporary RSA keys needed for qmail to encrypt +# messages. It should be run from a crontab, once a day is ok on low load +# machines, but if you do lots of mail, once per hour is more reasonable if you +# do NOT create the rsa512.pem, qmail will generate it on the fly for each +# connection, which can be VERY slow. + +confdir=${ROOT}/var/qmail/control + +# the key should be 0600 +# which is readable by qmaild only! +umaskvalue="0077" +uid="qmaild" +gid="qmail" + +umask ${umaskvalue} + +# If you want to renice this process, uncomment the following line: +# renice +15 "$$" + +# This is a list with bits of the generated keys. They should +# be a power of 2 ideally and must be more than 64. +keys="512 1024" + +for bits in ${keys} +do + pemfile="${confdir}/rsa${bits}.pem" + tmpfile="${confdir}/rsa${bits}.pem.tmp" + + # we need to make sure that all of the operations succeed + /usr/bin/openssl genrsa -out ${tmpfile} ${bits} 2>/dev/null && \ + /bin/chown ${uid}:${gid} ${tmpfile} && \ + /bin/mv -f ${tmpfile} ${pemfile} || exit 1 + + dhfile="${confdir}/dh${bits}.pem" + dtmpfile="${confdir}/dh${bits}.pem.tmp" + + /usr/bin/openssl dhparam -2 -out ${dtmpfile} ${bits} 2>/dev/null && \ + /bin/chown ${uid}:${gid} ${dtmpfile} && \ + /bin/mv -f ${dtmpfile} ${dhfile} || exit 1 +done |