robin.thoni
/
docker-mx-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380
							#!/bin/sh

#++
# NAME
#	postfix-script 1
# SUMMARY
#	execute Postfix administrative commands
# SYNOPSIS
#	\fBpostfix-script\fR \fIcommand\fR
# DESCRIPTION
#	The \fBpostfix-script\fR script executes Postfix administrative
#	commands in an environment that is set up by the \fBpostfix\fR(1)
#	command.
# SEE ALSO
#	master(8) Postfix master program
#	postfix(1) Postfix administrative interface
# LICENSE
# .ad
# .fi
#	The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
#	Wietse Venema
#	IBM T.J. Watson Research
#	P.O. Box 704
#	Yorktown Heights, NY 10598, USA
#--

# Avoid POSIX death due to SIGHUP when some parent process exits.

trap '' 1

case $daemon_directory in
"") echo This script must be run by the postfix command. 1>&2
    echo Do not run directly. 1>&2
    exit 1
esac

LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
INFO="$LOGGER -p info"
WARN="$LOGGER -p warn"
ERROR="$LOGGER -p error"
FATAL="$LOGGER -p fatal"
PANIC="$LOGGER -p panic"

if [ "X${1#quiet-}" != "X${1}" ]; then
    INFO=:
    x=${1#quiet-}
    shift
    set -- $x "$@"
fi

umask 022
SHELL=/bin/sh

#
# Can't do much without these in place.
#
cd $command_directory || {
	$FATAL no Postfix command directory $command_directory!
	exit 1
}
cd $daemon_directory || {
	$FATAL no Postfix daemon directory $daemon_directory!
	exit 1
}
test -f master || {
	$FATAL no Postfix master program $daemon_directory/master!
	exit 1
}
cd $config_directory || {
	$FATAL no Postfix configuration directory $config_directory!
	exit 1
}
cd $queue_directory || {
	$FATAL no Postfix queue directory $queue_directory!
	exit 1
}
def_config_directory=`$command_directory/postconf -dh config_directory` || {
	$FATAL cannot execute $command_directory/postconf!
	exit 1
}

# If this is a secondary instance, don't touch shared files.

instances=`test ! -f $def_config_directory/main.cf ||
    $command_directory/postconf -c $def_config_directory \
    -h multi_instance_directories | sed 's/,/ /'` || {
	$FATAL cannot execute $command_directory/postconf!
	exit 1
}

check_shared_files=1
for name in $instances
do
    case "$name" in
    "$def_config_directory") ;;
    "$config_directory") check_shared_files=; break;;
    esac
done

#
# Parse JCL
#
case $1 in

start_msg)

	echo "Start postfix"
	;;

stop_msg)

	echo "Stop postfix"
	;;

quick-start)

	$daemon_directory/master -t 2>/dev/null || {
		$FATAL the Postfix mail system is already running
		exit 1
	}
	$daemon_directory/postfix-script quick-check || {
		$FATAL Postfix integrity check failed!
		exit 1
	}
	$INFO starting the Postfix mail system
	$daemon_directory/master &
	;;

start)

	$daemon_directory/master -t 2>/dev/null || {
		$FATAL the Postfix mail system is already running
		exit 1
	}
	if [ -f $queue_directory/quick-start ]
	then
		rm -f $queue_directory/quick-start
	else
		$daemon_directory/postfix-script check-fatal || {
			$FATAL Postfix integrity check failed!
			exit 1
		}
		# Foreground this so it can be stopped. All inodes are cached.
		$daemon_directory/postfix-script check-warn
	fi
	$INFO starting the Postfix mail system
	# NOTE: wait in foreground process to get the initialization status.
	$daemon_directory/master -w || {
	    $FATAL "mail system startup failed"
	    exit 1
	}
	;;

drain)

	$daemon_directory/master -t 2>/dev/null && {
		$FATAL the Postfix mail system is not running
		exit 1
	}
	$INFO stopping the Postfix mail system
	kill -9 `sed 1q pid/master.pid`
	;;

quick-stop)

	$daemon_directory/postfix-script stop
	touch $queue_directory/quick-start
	;;

stop)

	$daemon_directory/master -t 2>/dev/null && {
		$FATAL the Postfix mail system is not running
		exit 0
	}
	$INFO stopping the Postfix mail system
	kill `sed 1q pid/master.pid`
	for i in 5 4 3 2 1
	do
	    $daemon_directory/master -t && exit 0
	    $INFO waiting for the Postfix mail system to terminate
	    sleep 1
	done
	$WARN stopping the Postfix mail system with force
	pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && 
		kill -9 -$pid
	;;

abort)

	$daemon_directory/master -t 2>/dev/null && {
		$FATAL the Postfix mail system is not running
		exit 0
	}
	$INFO aborting the Postfix mail system
	kill `sed 1q pid/master.pid`
	;;

reload)

	$daemon_directory/master -t 2>/dev/null && {
		$FATAL the Postfix mail system is not running
		exit 1
	}
	$INFO refreshing the Postfix mail system
	$command_directory/postsuper active || exit 1
	kill -HUP `sed 1q pid/master.pid`
	$command_directory/postsuper &
	;;

flush)

	cd $queue_directory || {
		$FATAL no Postfix queue directory $queue_directory!
		exit 1
	}
	$command_directory/postqueue -f
	;;

check)

	$daemon_directory/postfix-script check-fatal || exit 1
	$daemon_directory/postfix-script check-warn
	exit 0
	;;

status)

	$daemon_directory/master -t 2>/dev/null && {
		$INFO the Postfix mail system is not running
		exit 1
	}
	$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
	exit 0
	;;

quick-check)
	# This command is NOT part of the public interface.

	$SHELL $daemon_directory/post-install create-missing || {
		$WARN unable to create missing queue directories
		exit 1
	}

	# Look for incomplete installations.

	test -f $config_directory/master.cf || {
		$FATAL no $config_directory/master.cf file found
		exit 1
	}
	exit 0
	;;

check-fatal)
	# This command is NOT part of the public interface.

	$daemon_directory/postfix-script quick-check

	# See if all queue files are in the right place. This is slow.
	# We must scan all queues for mis-named queue files before the
	# mail system can run.

	$command_directory/postsuper || exit 1
	exit 0
	;;

check-warn)
	# This command is NOT part of the public interface.

	todo="$config_directory $queue_directory $queue_directory/pid"
	test -n "$check_shared_files" && todo="$daemon_directory $todo"

	for dir in $todo
	do
		ls -lLd $dir | (grep " root " >/dev/null ||
		    $WARN not owned by root: $dir)
	done

	# Some people break Postfix's security model.
	ls -lLd $queue_directory | egrep '^.....(w|...w)' >/dev/null && \
		$WARN group or other writable: $queue_directory

	todo="$config_directory/*"
	test -n "$check_shared_files" && todo="$daemon_directory/* $todo"

	find $todo ! -user root \
		-exec $WARN not owned by root: {} \;

	todo="$config_directory/."
	test -n "$check_shared_files" && todo="$daemon_directory/. $todo"

	find $todo \
		\( -perm -020 -o -perm -002 \) -type f \
		-exec $WARN group or other writable: {} \;

	find $data_directory/. ! -user $mail_owner \
	    -exec $WARN not owned by $mail_owner: {} \;

	ls -lLd $data_directory | egrep '^.....(w|...w)' >/dev/null && \
		$WARN group or other writable: $data_directory

	find `ls -d $queue_directory/* | \
	    egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
	    ! \( -type p -o -type s \) ! -user $mail_owner \
		-exec $WARN not owned by $mail_owner: {} \;

	todo="$queue_directory/public $queue_directory/maildrop"
	test -n "$check_shared_files" && 
	   todo="$command_directory/postqueue $command_directory/postdrop $todo"

	find $todo \
	    -prune ! -group $setgid_group \
	    -exec $WARN not owned by group $setgid_group: {} \;

	test -n "$check_shared_files" &&
	find $command_directory/postqueue $command_directory/postdrop \
	    -prune ! -perm -02111 \
	    -exec $WARN not set-gid or not owner+group+world executable: {} \;

	for name in `ls -d $queue_directory/* | \
	    egrep '/(bin|etc|lib|usr)$'` ; \
	do \
	    find $name ! -user root \
		-exec $WARN not owned by root: {} \; ; \
	done

	# WARNING: this should not descend into the maildrop directory.
	# maildrop is the least trusted Postfix directory.

	find $queue_directory/maildrop/. -prune ! -user $mail_owner \
	    -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;

	for dir in bin etc lib sbin usr
	do
		test -d $dir && find $dir -type f -print | while read path
		do
			test -f /$path && {
			    cmp -s $path /$path || 
				$WARN $queue_directory/$path and /$path differ
			}
		done
	done

	find corrupt -type f -exec $WARN damaged message: {} \;

	# XXX also: look for weird stuff, weird permissions, etc.

	test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
		-f /usr/lib/sendmail && {
	    cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
		$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
		$WARN Replace one by a symbolic link to the other
	    }
	}
	exit 0
	;;

set-permissions|upgrade-configuration)
	$daemon_directory/post-install create-missing "$@"
	;;

post-install)
	# Currently not part of the public interface.
	shift
	$daemon_directory/post-install "$@"
	;;

/*)
	# Currently not part of the public interface.
	"$@"
	;;

*)
	$ERROR "unknown command: '$1'"
	$FATAL "usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)"
	exit 1
	;;

esac