postfix-script revision 1.1.1.1.4.2
1 #!/bin/sh 2 # $NetBSD: postfix-script,v 1.1.1.1.4.2 2010/04/21 05:23:28 matt Exp $ 3 # 4 5 #++ 6 # NAME 7 # postfix-script 1 8 # SUMMARY 9 # execute Postfix administrative commands 10 # SYNOPSIS 11 # \fBpostfix-script\fR \fIcommand\fR 12 # DESCRIPTION 13 # The \fBpostfix-script\fR script executes Postfix administrative 14 # commands in an environment that is set up by the \fBpostfix\fR(1) 15 # command. 16 # SEE ALSO 17 # master(8) Postfix master program 18 # postfix(1) Postfix administrative interface 19 # LICENSE 20 # .ad 21 # .fi 22 # The Secure Mailer license must be distributed with this software. 23 # AUTHOR(S) 24 # Wietse Venema 25 # IBM T.J. Watson Research 26 # P.O. Box 704 27 # Yorktown Heights, NY 10598, USA 28 #-- 29 30 # Avoid POSIX death due to SIGHUP when some parent process exits. 31 32 trap '' 1 33 34 case $daemon_directory in 35 "") echo This script must be run by the postfix command. 1>&2 36 echo Do not run directly. 1>&2 37 exit 1 38 esac 39 40 LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" 41 INFO="$LOGGER -p info" 42 WARN="$LOGGER -p warn" 43 ERROR="$LOGGER -p error" 44 FATAL="$LOGGER -p fatal" 45 PANIC="$LOGGER -p panic" 46 47 umask 022 48 SHELL=/bin/sh 49 50 # 51 # Can't do much without these in place. 52 # 53 cd $command_directory || { 54 $FATAL no Postfix command directory $command_directory! 55 exit 1 56 } 57 cd $daemon_directory || { 58 $FATAL no Postfix daemon directory $daemon_directory! 59 exit 1 60 } 61 test -f master || { 62 $FATAL no Postfix master program $daemon_directory/master! 63 exit 1 64 } 65 cd $config_directory || { 66 $FATAL no Postfix configuration directory $config_directory! 67 exit 1 68 } 69 cd $queue_directory || { 70 $FATAL no Postfix queue directory $queue_directory! 71 exit 1 72 } 73 def_config_directory=`$command_directory/postconf -dh config_directory` || { 74 $FATAL cannot execute $command_directory/postconf! 75 exit 1 76 } 77 78 # If this is a secondary instance, don't touch shared files. 79 80 instances=`test ! -f $def_config_directory/main.cf || 81 $command_directory/postconf -c $def_config_directory \ 82 -h multi_instance_directories | sed 's/,/ /'` || { 83 $FATAL cannot execute $command_directory/postconf! 84 exit 1 85 } 86 87 check_shared_files=1 88 for name in $instances 89 do 90 case "$name" in 91 "$def_config_directory") ;; 92 "$config_directory") check_shared_files=; break;; 93 esac 94 done 95 96 # 97 # Parse JCL 98 # 99 case $1 in 100 101 start_msg) 102 103 echo "Start postfix" 104 ;; 105 106 stop_msg) 107 108 echo "Stop postfix" 109 ;; 110 111 start) 112 113 $daemon_directory/master -t 2>/dev/null || { 114 $FATAL the Postfix mail system is already running 115 exit 1 116 } 117 if [ -f $queue_directory/quick-start ] 118 then 119 rm -f $queue_directory/quick-start 120 else 121 $daemon_directory/postfix-script check-fatal || { 122 $FATAL Postfix integrity check failed! 123 exit 1 124 } 125 # Foreground this so it can be stopped. All inodes are cached. 126 $daemon_directory/postfix-script check-warn 127 fi 128 $INFO starting the Postfix mail system 129 $daemon_directory/master & 130 ;; 131 132 drain) 133 134 $daemon_directory/master -t 2>/dev/null && { 135 $FATAL the Postfix mail system is not running 136 exit 1 137 } 138 $INFO stopping the Postfix mail system 139 kill -9 `sed 1q pid/master.pid` 140 ;; 141 142 quick-stop) 143 144 $daemon_directory/postfix-script stop 145 touch $queue_directory/quick-start 146 ;; 147 148 stop) 149 150 $daemon_directory/master -t 2>/dev/null && { 151 $FATAL the Postfix mail system is not running 152 exit 1 153 } 154 $INFO stopping the Postfix mail system 155 kill `sed 1q pid/master.pid` 156 for i in 5 4 3 2 1 157 do 158 $daemon_directory/master -t && exit 0 159 $INFO waiting for the Postfix mail system to terminate 160 sleep 1 161 done 162 $WARN stopping the Postfix mail system with force 163 pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && 164 kill -9 -$pid 165 ;; 166 167 abort) 168 169 $daemon_directory/master -t 2>/dev/null && { 170 $FATAL the Postfix mail system is not running 171 exit 1 172 } 173 $INFO aborting the Postfix mail system 174 kill `sed 1q pid/master.pid` 175 ;; 176 177 reload) 178 179 $daemon_directory/master -t 2>/dev/null && { 180 $FATAL the Postfix mail system is not running 181 exit 1 182 } 183 $INFO refreshing the Postfix mail system 184 $command_directory/postsuper active || exit 1 185 kill -HUP `sed 1q pid/master.pid` 186 $command_directory/postsuper & 187 ;; 188 189 flush) 190 191 cd $queue_directory || { 192 $FATAL no Postfix queue directory $queue_directory! 193 exit 1 194 } 195 $command_directory/postqueue -f 196 ;; 197 198 check) 199 200 $daemon_directory/postfix-script check-fatal || exit 1 201 $daemon_directory/postfix-script check-warn 202 exit 0 203 ;; 204 205 status) 206 207 $daemon_directory/master -t 2>/dev/null && { 208 $INFO the Postfix mail system is not running 209 exit 1 210 } 211 $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid` 212 exit 0 213 ;; 214 215 216 check-fatal) 217 # This command is NOT part of the public interface. 218 219 $SHELL $daemon_directory/post-install create-missing || { 220 $FATAL unable to create missing queue directories 221 exit 1 222 } 223 224 # Look for incomplete installations. 225 226 test -f $config_directory/master.cf || { 227 $FATAL no $config_directory/master.cf file found 228 exit 1 229 } 230 231 # See if all queue files are in the right place. This is slow. 232 # We must scan all queues for mis-named queue files before the 233 # mail system can run. 234 235 $command_directory/postsuper || exit 1 236 exit 0 237 ;; 238 239 check-warn) 240 # This command is NOT part of the public interface. 241 242 todo="$config_directory $queue_directory $queue_directory/pid" 243 test -n "$check_shared_files" && todo="$daemon_directory $todo" 244 245 for dir in $todo 246 do 247 ls -lLd $dir | (grep " root " >/dev/null || 248 $WARN not owned by root: $dir) 249 done 250 251 # Some people break Postfix's security model. 252 ls -lLd $queue_directory | egrep '^.....(w|...w)' >/dev/null && \ 253 $WARN group or other writable: $queue_directory 254 255 todo="$config_directory/*" 256 test -n "$check_shared_files" && todo="$daemon_directory/* $todo" 257 258 find $todo ! -user root \ 259 -exec $WARN not owned by root: {} \; 260 261 todo="$config_directory/." 262 test -n "$check_shared_files" && todo="$daemon_directory/. $todo" 263 264 find $todo \ 265 \( -perm -020 -o -perm -002 \) -type f \ 266 -exec $WARN group or other writable: {} \; 267 268 find $data_directory/. ! -user $mail_owner \ 269 -exec $WARN not owned by $mail_owner: {} \; 270 271 find `ls -d $queue_directory/* | \ 272 egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ 273 ! \( -type p -o -type s \) ! -user $mail_owner \ 274 -exec $WARN not owned by $mail_owner: {} \; 275 276 todo="$queue_directory/public $queue_directory/maildrop" 277 test -n "$check_shared_files" && 278 todo="$command_directory/postqueue $command_directory/postdrop $todo" 279 280 find $todo \ 281 -prune ! -group $setgid_group \ 282 -exec $WARN not owned by group $setgid_group: {} \; 283 284 test -n "$check_shared_files" && 285 find $command_directory/postqueue $command_directory/postdrop \ 286 -prune ! -perm -02111 \ 287 -exec $WARN not set-gid or not owner+group+world executable: {} \; 288 289 for name in `ls -d $queue_directory/* | \ 290 egrep '/(bin|etc|lib|usr)$'` ; \ 291 do \ 292 find $name ! -user root \ 293 -exec $WARN not owned by root: {} \; ; \ 294 done 295 296 # WARNING: this should not descend into the maildrop directory. 297 # maildrop is the least trusted Postfix directory. 298 299 find $queue_directory/maildrop/. -prune ! -user $mail_owner \ 300 -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \; 301 302 for dir in bin etc lib sbin usr 303 do 304 test -d $dir && find $dir -type f -print | while read path 305 do 306 test -f /$path && { 307 cmp -s $path /$path || 308 $WARN $queue_directory/$path and /$path differ 309 } 310 done 311 done 312 313 find corrupt -type f -exec $WARN damaged message: {} \; 314 315 # XXX also: look for weird stuff, weird permissions, etc. 316 317 test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \ 318 -f /usr/lib/sendmail && { 319 cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { 320 $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ 321 $WARN Replace one by a symbolic link to the other 322 } 323 } 324 exit 0 325 ;; 326 327 set-permissions|upgrade-configuration) 328 $daemon_directory/post-install create-missing "$@" 329 ;; 330 331 post-install) 332 # Currently not part of the public interface. 333 shift 334 $daemon_directory/post-install "$@" 335 ;; 336 337 /*) 338 # Currently not part of the public interface. 339 "$@" 340 ;; 341 342 *) 343 $ERROR "unknown command: '$1'" 344 $FATAL "usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)" 345 exit 1 346 ;; 347 348 esac 349
Indexes created Thu Apr 30 00:23:01 UTC 2026