1 files changed, 45 insertions, 0 deletions

diff --git a/user/dovecot/dovecot.post-install b/user/dovecot/dovecot.post-install
new file mode 100644
index 000000000..eb70cdece
--- /dev/null
+++ b/user/dovecot/dovecot.post-install
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# based on  doc/mkcert.sh
+
+# if ssl disabled then lets just exit
+doveconf ssl 2>/dev/null | grep -Eq '(yes|required)' || exit 0 
+# Generates a self-signed certificate.
+
+OPENSSL=${OPENSSL-openssl}
+SSLDIR=${SSLDIR-/etc/ssl/dovecot}
+OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
+
+CERTDIR=$SSLDIR
+KEYDIR=$SSLDIR
+
+# check if we have ssl_cert and/or key (for dovecot-2.0+)
+# try expand the cert/key itself and if found, lets just keep it
+[ -n "$(doveconf -x ssl_cert 2>/dev/null)" ] && exit 0
+[ -n "$(doveconf -x ssl_key 2>/dev/null)" ] && exit 0
+
+ssl_cert_file=$(doveconf ssl_cert | sed 's/.*= <//')
+ssl_key_file=$(doveconf ssl_key | sed 's/.*= <//')
+
+CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
+KEYFILE=${ssl_key_file:-$KEYDIR/server.key}
+
+if [ -e "$CERTFILE" ]; then
+	echo "Keeping existing $CERTFILE"
+	exit 0
+fi
+
+if [ -e "$KEYFILE" ]; then
+	echo "Keeping existing $KEYFILE"
+	exit 0
+fi
+
+if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
+	echo "No /dev/urandom or /dev/random so ssl cert not created"
+	exit 1
+fi
+
+$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
+chmod 0600 $KEYFILE
+echo 
+$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2