commit postfix for openSUSE:Factory

28 Nov 2018

Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked in at 2018-11-28 11:10:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
 and      /work/SRC/openSUSE:Factory/.postfix.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "postfix"

Wed Nov 28 11:10:21 2018 rev:162 rq:651633 version:3.3.2

Changes:
--------

--- /work/SRC/openSUSE:Factory/postfix/postfix.changes	2018-11-06 15:23:56.300652014 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.19453/postfix.changes	2018-11-28 11:10:29.667143418 +0100
@@ -2 +2,24 @@
-Mon Oct 22 13:00:03 UTC 2018 - Christian Wittmer <chris@computersalat.de>
+Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder <michael@stroeder.com>
+
+- Update to 3.3.2
+  * Support for OpenSSL 1.1.1 and TLSv1.3.
+  * Bugfixes:
+    - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
+      some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
+    - minor memory leak in DANE support when minting issuer certs.
+    - The Postfix build did not abort if the m4 command was not installed,
+      resulting in a broken postconf command.
+
+-------------------------------------------------------------------
+Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de
+
+- add POSTFIX_RELAY_DOMAINS
+  * more flexibility to add to relay_domains without breaking
+    config.postfix
+  * rework restriction examples in sysconf.postfix
+    based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
+- disable weak cipher: RC4
+  after check with https://ssl-tools.net/mailservers
+
+-------------------------------------------------------------------
+Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de

Old:
----
  postfix-3.3.1.tar.gz

New:
----
  postfix-3.3.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.HFO2lf/_old	2018-11-28 11:10:30.591142162 +0100
+++ /var/tmp/diff_new_pack.HFO2lf/_new	2018-11-28 11:10:30.595142157 +0100
@@ -55,7 +55,7 @@
 %bcond_with    libnsl
 %endif
 Name:           postfix
-Version:        3.3.1
+Version:        3.3.2
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0

++++++ postfix-3.3.1.tar.gz -> postfix-3.3.2.tar.gz ++++++
++++ 2146 lines of diff (skipped)

++++++ postfix-SuSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix
--- old/postfix-SuSE/config.postfix	2018-10-22 13:48:17.339040765 +0200
+++ new/postfix-SuSE/config.postfix	2018-11-24 17:42:03.902173507 +0100
@@ -245,6 +245,7 @@
     export POSTFIX_WITH_LDAP
     # needed when for WITH_MYSQL
     export POSTFIX_WITH_MYSQL
+    export POSTFIX_RELAY_DOMAINS
     MCF_DIR=$TMPDIR
     export MCF_DIR
 
@@ -710,6 +711,8 @@
 
 $with_mysql = lc($with_mysql);
 
+my $pf_relay_domains = $ENV{POSTFIX_RELAY_DOMAINS};
+
 open(MNCF,"<$mncf") || die "unable to open $mncf: $!";
 
 while( <MNCF> ) {
@@ -799,9 +802,9 @@
 	  }
 	} elsif ( /^(relay_domains\s=\s).*/ ) {
 	  if ($with_mysql ne "yes") {
-		$line = $1."\$mydestination, hash:/etc/postfix/relay";
+		$line = $1."\$mydestination hash:/etc/postfix/relay $pf_relay_domains";
 	  } else {
-		$line = $1."\$mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql_relay_domains_maps.cf";
+		$line = $1."\$mydestination hash:/etc/postfix/relay mysql:/etc/postfix/mysql_relay_domains_maps.cf $pf_relay_domains";
 	  }
 	} else {
 		$line = $_;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix new/postfix-SuSE/sysconfig.postfix
--- old/postfix-SuSE/sysconfig.postfix	2017-01-26 18:31:57.871280147 +0100
+++ new/postfix-SuSE/sysconfig.postfix	2018-11-24 17:50:05.508755214 +0100
@@ -184,6 +184,16 @@
 POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts helo_access relay"
 
 ## Type:        string
+## Default:     ""
+# Defaults by config.postfix:
+# without MySQL: $mydestination hash:/etc/postfix/relay
+# with    MySQL: $mydestination hash:/etc/postfix/relay mysql:/etc/postfix/mysql_relay_domains_maps.cf
+#
+# Here you can add further *maps.cf files if needed
+#
+POSTFIX_RELAY_DOMAINS=""
+
+## Type:        string
 ## Default:     hash:/etc/postfix/transport
 #
 # The list of transport_maps postfix should look for
@@ -244,7 +254,8 @@
 #  check_client_access hash:/etc/postfix/pop-before-smtp,
 #  check_client_access hash:/etc/postfix/relay,
 #  check_client_access hash:/etc/postfix/access,
-#  reject_unknown_client_hostname"
+#  reject_unknown_client_hostname,
+#  reject_unauth_pipelining"
 #
 POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
 
@@ -260,12 +271,12 @@
 #   hard  : "permit_mynetworks, reject_invalid_helo_hostname"
 #
 # Example:
-# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks,
-#  check_client_access hash:/etc/postfix/pop-before-smtp,
-#  check_client_access hash:/etc/postfix/relay,
-#  check_client_access hash:/etc/postfix/access,
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="
 #  check_helo_access hash:/etc/postfix/helo_access,
-#  reject_invalid_helo_hostname"
+#  reject_invalid_helo_hostname,
+#  reject_non_fqdn_helo_hostname,
+#  reject_unknown_helo_hostname,
+#  reject_unauth_pipelining"
 #
 POSTFIX_SMTPD_HELO_RESTRICTIONS=""
 
@@ -282,11 +293,11 @@
 #
 # Example:
 # POSTFIX_SMTPD_SENDER_RESTRICTIONS="
-#  check_client_access hash:/etc/postfix/pop-before-smtp,
-#  check_client_access hash:/etc/postfix/relay,
-#  check_client_access hash:/etc/postfix/access,
+#  check_sender_access hash:/etc/postfix/access,
+#  check_sender_a_access hash:/etc/postfix/access,
+#  reject_non_fqdn_sender,
 #  reject_unknown_sender_domain,
-#  reject_unknown_client_hostname"
+#  reject_unauth_pipelining"
 #
 POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
 
@@ -302,20 +313,13 @@
 #   hard  : "permit_mynetworks, reject_unauth_destination"
 #
 # Example:
-# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks,
-#  check_client_access hash:/etc/postfix/pop-before-smtp,
-#  check_client_access hash:/etc/postfix/relay,
-#  check_client_access hash:/etc/postfix/access,
-#  warn_if_reject,
-#  reject_unknown_sender_domain,
-#  warn_if_reject,
-#  reject_unknown_recipient_domain,
-#  reject_unknown_helo_hostname,
-#  reject_unknown_client_hostname,
-#  reject_non_fqdn_sender,
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="
+#  check_recipient_access hash:/etc/postfix/access,
 #  reject_non_fqdn_recipient,
-#  reject_non_fqdn_hostname,
-#  reject_unauth_destination"
+#  reject_unauth_destination,
+#  reject_unknown_recipient_domain,
+#  reject_unverified_recipient,
+#  reject_unauth_pipelining"
 #
 POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=""
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix.20170126 new/postfix-SuSE/sysconfig.postfix.20170126
--- old/postfix-SuSE/sysconfig.postfix.20170126	1970-01-01 01:00:00.000000000 +0100
+++ new/postfix-SuSE/sysconfig.postfix.20170126	2017-01-26 18:31:57.871280147 +0100
@@ -0,0 +1,522 @@
+## Path:        Network/Mail/Postfix
+## Description: Basic configuration of the postfix MTA
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Should we use a mailrelay?
+# NOTE: ALL mail that is not considered to be my destination
+# (POSTFIX_LOCALDOMAINS), will be sent to this host.
+# If this host is not your MX, then you have to use [square brackets]
+# around the hostname, e.g. [relay.example.com]
+# You may also specify an alternate port number, e.g.
+# relay.example.com:26 or [relay.example.com]:26 to prevent MX lookups.
+#
+POSTFIX_RELAYHOST=""
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Comma separated list of IP's
+# NOTE: If not set, LISTEN on all interfaces
+#
+POSTFIX_LISTEN=""
+
+## Type:        string
+## Default:     "all"
+## Config:      postfix
+#
+# One Argument for proto to listen to
+# Example: POSTFIX_INET_PROTO="ipv4"
+# NOTE: If not set, LISTEN on all proto
+#
+POSTFIX_INET_PROTO=""
+
+## Type:        string
+## Default:     "$(hostname -f)"
+## Config:      postfix
+#
+# define HOSTNAME you want postfix to show
+# NOTE: If set, You should have a "MX Record" in DNS for that name
+# and have a valid reverse entry ;)
+#
+POSTFIX_MYHOSTNAME=""
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Comma separated list of domains that must have their subdomain
+# structure stripped off.
+# NOTE: If set, FROM_HEADER will also be appended to this list
+#
+POSTFIX_MASQUERADE_DOMAIN=""
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Comma separated list of host-/domainnames for which postfix
+# should accept mail for.
+# localhost and the own hostname is the default if POSTFIX_LOCALDOMAINS
+# is set empty.
+# Examples:
+#  POSTFIX_LOCALDOMAINS="\$myhostname, \$mydomain, localhost.\$mydomain"
+# if you want to use postfix internal variable substitutes or
+#  POSTFIX_LOCALDOMAINS="example.com, host.example.com, localhost.example.com"
+#
+POSTFIX_LOCALDOMAINS=""
+
+## Type:           yesno
+## Default:        no
+## Config:         postfix
+## ServiceRestart: postfix
+#
+# A null client is a machine that can only send mail. It receives no
+# mail from the network, and it does not deliver any mail locally.
+# A null client typically uses POP or NFS for mailbox access.
+# NOTE: This overrides the following variable: POSTFIX_LOCALDOMAINS
+#
+POSTFIX_NULLCLIENT="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# if set to yes, mail that will be delivered via smtp will stay
+# in the queue unless someone issues "sendmail -q" or equivalent.
+#
+POSTFIX_DIALUP="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Some people use Postfix to deliver mail across a LAN that is disconnected
+# most of the time. Under such conditions, mail delivery can suffer from
+# delays while the Postfix SMTP client performs sender and recipient
+# domain DNS lookups in order to be standards-compliant. To prevent these
+# delays, set this to yes.
+#
+POSTFIX_NODNS="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Start postfix services chrooted, that are able to run chrooted?
+# Note: if you want /usr/sbin/config.postfix to maintain the chroot jail, you
+# also have to set POSTFIX_UPDATE_CHROOT_JAIL to yes.
+# Note: if you want postfix runs in CHROOT enviroment, then the whole 
+# /var directory must be on one partition.
+#
+POSTFIX_CHROOT="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should setup the chroot jail itself
+#
+POSTFIX_UPDATE_CHROOT_JAIL="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate ldap stuff in main.cf
+# This extends virtual_alias_maps with "ldap:/etc/postfix/ldap_aliases.cf"
+#
+POSTFIX_WITH_LDAP="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate mysql stuff in main.cf
+# and having 'mysql.sock' inside chroot jail
+# Note: When POSTFIX_CHROOT="yes" then 'mysql.sock' will be available
+#       in postfix CHROOT
+#
+POSTFIX_WITH_MYSQL="no"
+
+## Type:        string(socket,tcp)
+## Default:     "socket"
+## Config:      postfix
+#
+# Set this to "tcp", if your MySQL is not on localhost
+# Note: When POSTFIX_CHROOT="yes" then MYSQL_SOCKET will also be available
+#       in postfix chroot, but you can use "tcp" just as well with MySQL
+#       on localhost
+#
+POSTFIX_MYSQL_CONN="socket"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Some of the postfix services require a fifo to operate correctly at least
+# when the system load is high. Recurring fifo access will prevent the
+# disk to fall asleep, so you might want to use a unix domain socket
+# instead, if you are using a laptop.
+#
+POSTFIX_LAPTOP="no"
+
+## Type:        yesno
+## Default:     yes
+## Config:      postfix
+#
+# Should /usr/sbin/config.postfix update the different .db maps in /etc/postfix?
+#
+POSTFIX_UPDATE_MAPS="yes"
+
+## Type:        string
+## Default:     "virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts"
+## Config:      postfix
+#
+# The list of maps, which should be maintained, if
+# POSTFIX_UPDATE_MAPS=yes. POSTFIX_MAP_LIST must be a space seperated list of
+# file names without an absolute path. They are all to be exptected
+# within the directory /etc/postfix. Optionally a file mode can be appended
+# using a colon as separator
+#
+POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts helo_access relay"
+
+## Type:        string
+## Default:     hash:/etc/postfix/transport
+#
+# The list of transport_maps postfix should look for
+#
+POSTFIX_TRANSPORT_MAPS=""
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# A comma seperated list of hosts that blacklist client IP addresses
+# Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set
+# to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place.
+#
+# Example: POSTFIX_RBL_HOSTS="bl.spamcop.net, cbl.abuseat.org, zen.spamhaus.org"
+#
+POSTFIX_RBL_HOSTS=""
+
+## Type:        string(off,medium,hard)
+## Default:     off
+## Config:      postfix
+#
+# POSTFIX_BASIC_SPAM_PREVENTION possible values:
+#    off    : postfix default configuration
+#    medium : medium UCE policy checks
+#    hard   : hard UCE policy checks
+#    custom : you can define your own stuff
+
+# Note: when setting to "custom" and no settings in 
+# "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" 
+# "POSTFIX_HELO_RESTRICTIONS"
+# "POSTFIX_SENDER_RESTRICTIONS"
+# "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" result is like setting to "medium"
+#
+# Setting this to medium or hard will activate some basic UCE controls
+# supported by postfix. This may lead to mails which are undeliverable
+# to your mailserver! USE THAT ON YOUR OWN RISC!!!
+# See http://www.postfix.org/uce.html for more details !
+#
+POSTFIX_BASIC_SPAM_PREVENTION="off"
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+#   medium: "$POSTFIX_RBL_HOSTS"
+#   hard" : "permit_mynetworks, $POSTFIX_RBL_HOSTS, reject_unknown_client_hostname"
+#
+#   "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not need to define it here.
+#    Fill "POSTFIX_RBL_HOSTS" instead
+#
+# Example:
+# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="permit_mynetworks,
+#  check_client_access hash:/etc/postfix/pop-before-smtp,
+#  check_client_access hash:/etc/postfix/relay,
+#  check_client_access hash:/etc/postfix/access,
+#  reject_unknown_client_hostname"
+#
+POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+#   medium: ""
+#   hard  : "permit_mynetworks, reject_invalid_helo_hostname"
+#
+# Example:
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks,
+#  check_client_access hash:/etc/postfix/pop-before-smtp,
+#  check_client_access hash:/etc/postfix/relay,
+#  check_client_access hash:/etc/postfix/access,
+#  check_helo_access hash:/etc/postfix/helo_access,
+#  reject_invalid_helo_hostname"
+#
+POSTFIX_SMTPD_HELO_RESTRICTIONS=""
+
+## Type:        string
+## Default:     "hash:/etc/postfix/access, reject_unknown_sender_domain"
+## Config:      postfix
+#
+# Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to ...
+#   medium: "hash:/etc/postfix/access, reject_unknown_sender_domain"
+#   hard  : "hash:/etc/postfix/access, reject_unknown_sender_domain"
+#
+# Example:
+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="
+#  check_client_access hash:/etc/postfix/pop-before-smtp,
+#  check_client_access hash:/etc/postfix/relay,
+#  check_client_access hash:/etc/postfix/access,
+#  reject_unknown_sender_domain,
+#  reject_unknown_client_hostname"
+#
+POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
+
+## Type:        string
+## Default:     "permit_mynetworks, reject_unauth_destination"
+## Config:      postfix
+#
+# Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: if set to
+#   medium: "permit_mynetworks, reject_unauth_destination"
+#   hard  : "permit_mynetworks, reject_unauth_destination"
+#
+# Example:
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks,
+#  check_client_access hash:/etc/postfix/pop-before-smtp,
+#  check_client_access hash:/etc/postfix/relay,
+#  check_client_access hash:/etc/postfix/access,
+#  warn_if_reject,
+#  reject_unknown_sender_domain,
+#  warn_if_reject,
+#  reject_unknown_recipient_domain,
+#  reject_unknown_helo_hostname,
+#  reject_unknown_client_hostname,
+#  reject_non_fqdn_sender,
+#  reject_non_fqdn_recipient,
+#  reject_non_fqdn_hostname,
+#  reject_unauth_destination"
+#
+POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=""
+
+## Type:        list(procmail,cyrus,dovecot,local)
+## Default:     local
+## Config:      postfix
+#
+# POSTFIX_MDA possible values:
+# procmail: use procmail to deliver mail locally
+# cyrus   : use lmtp to deliver to cyrus-imapd
+# dovecot : use dovecot to deliver mail to dovecot
+# local   : use postfix local MDA
+#
+POSTFIX_MDA="local"
+
+## Type:        yesno 
+## Default:     no
+## Config:      postfix
+#
+# Configure postfix to enable users to auth against postfix
+# to be able to relay mail independent of being within
+# the local network/domain.
+# You may want to edit /etc/sasl2/smtpd.conf to fit your needs.
+# See /usr/share/doc/packages/postfix/README_FILES/SASL_README
+# for more details.
+#
+POSTFIX_SMTP_AUTH_SERVER="no"
+
+## Type:        string(cyrus,dovecot) 
+## Default:     "cyrus"
+## Config:      postfix
+#
+# Configure postfix which SASL service to use
+# cyrus   : smtpd_sasl_type = cyrus,   smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth
+#
+POSTFIX_SMTP_AUTH_SERVICE="cyrus"
+
+## Type:        yesno 
+## Default:     no
+## Config:      postfix
+#
+# Enable SMTP-AUTH for the postfix smtp client
+# you have to edit /etc/postfix/sasl_passwd and call
+# /usr/sbin/config.postfix afterwards
+#
+POSTFIX_SMTP_AUTH="no"
+
+## Type:        string
+## Default:     ""
+## Config:      postfix
+#
+# POSTFIX_SMTP_AUTH_OPTIONS possible values:
+# comma separated list of one or more of
+#
+# noplaintext:  disallow methods that use plaintext passwords
+# noactive:     disallow methods subject to active (non-dictionary) attack
+# nodictionary: disallow methods subject to passive (dictionary) attack
+# noanonymous:  disallow methods that allow anonymous authentication
+#
+POSTFIX_SMTP_AUTH_OPTIONS=""
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Do you want to use STARTTLS
+#
+POSTFIX_SMTP_TLS_SERVER="no"
+
+## Type:        yesno
+## Default:     no
+## Config:      postfix
+#
+# Do you want to use SMTP over SSL.
+# assigns port 465 to smtps in /etc/services
+# CAUTION: the IANA has assigned a different protocol to port 465
+# Usage of port 465 for smtps was not officially encouraged
+# If you enable this you need to make sure that it does not collide
+# with protocol urd
+#
+POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no"
+
+## Type:        list(no,yes,must)
+## Default:     no
+## Config:      postfix
+#
+# Do you want to enable postfix smtp client to use TLS
+#
+POSTFIX_SMTP_TLS_CLIENT="no"
+
+## Type:        string
+## Default:     "/etc/postfix/ssl"
+## Config:      postfix
+#
+# path to the directory where the certificates (default: certs/postfixcert.pem)
+# and CA certificates (default: ./cacerts) can be found
+#
+# This folder will be synced via 'config.postfix' when running 'chrooted'
+# 
+POSTFIX_SSL_PATH="/etc/postfix/ssl"
+
+## Type:        string
+## Default:     "cacert.pem"
+## Config:      postfix
+#
+# name of the CAfile (below POSTFIX_SSL_PATH)
+#
+# when having more than one CA you want to trust, then
+# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts )
+# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts
+# after storing the certs.
+# 
+POSTFIX_TLS_CAFILE=""
+
+## Type:        string
+## Default:     "certs/postfixcert.pem"
+## Config:      postfix
+#
+# name of the file containing the certificate (below POSTFIX_SSL_PATH)
+# 
+POSTFIX_TLS_CERTFILE="certs/postfixcert.pem"
+
+## Type:        string
+## Default:     "certs/postfixkey.pem"
+## Config:      postfix
+#
+# name of the file containing the key (below POSTFIX_SSL_PATH)
+# 
+POSTFIX_TLS_KEYFILE="certs/postfixkey.pem"
+
+#
+# The following options are used by /usr/sbin/config.postfix and mkpostfixcert
+# to create a CA and certificates
+# POSTFIX_SSL_COUNTRY must be a two letter code defined by ISO 3166
+#
+## Type:        string
+## Default:     "XX"
+POSTFIX_SSL_COUNTRY=""
+
+## Type:        string
+## Default:     "Some state"
+POSTFIX_SSL_STATE=""
+
+## Type:        string
+## Default:     "Some locality"
+POSTFIX_SSL_LOCALITY=""
+
+## Type:        string
+## Default:     "Some Organization"
+POSTFIX_SSL_ORGANIZATION=""
+
+## Type:        string
+## Default:     "Some Organizational Unit"
+POSTFIX_SSL_ORGANIZATIONAL_UNIT=""
+
+## Type:        string
+## Default:     "A common name"
+POSTFIX_SSL_COMMON_NAME=""
+
+## Type:        string
+## Default:     "postmaster"
+POSTFIX_SSL_EMAIL_ADDRESS=""
+
+#
+# POSTFIX_ADD_*
+# You may add any existing postfix parameter here. Just execute the
+# postconf command to get a complete list. You then have to uppercase
+# the parameter and prepend POSTFIX_ADD_.
+# Example:
+# Let's say you want to add the postfix parameter mailbox_size_limit.
+# Then just add
+# POSTFIX_ADD_MAILBOX_SIZE_LIMIT=0
+# POSTFIX_ADD_MESSAGE_SIZE_LIMIT=30000000
+
+## Type:        string
+## Default:     0
+POSTFIX_ADD_MAILBOX_SIZE_LIMIT="0"
+
+## Type:        string
+## Default:     10240000
+POSTFIX_ADD_MESSAGE_SIZE_LIMIT="0"
+
+## Type:        yesno
+## Default:     yes
+## Config:      postfix
+#
+# Automatically register to slpd, if running?
+#
+POSTFIX_REGISTER_SLP="yes"
+
+## Type: list(subnet,host,class)
+## Default: subnet
+## Config: postfix
+#
+#
+# The postfix default for this setting is "subnet"
+# for security reasons you should use host
+# otherwise every user in the same subnet as you, can use
+# your postfix server as a mail relay for spam.
+# If you set POSTFIX_DIALUP to "yes" mynetworks_style
+# will be set to "host" by /usr/sbin/config.postfix.
+#
+POSTFIX_ADD_MYNETWORKS_STYLE="subnet"

++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.HFO2lf/_old	2018-11-28 11:10:32.215139957 +0100
+++ /var/tmp/diff_new_pack.HFO2lf/_new	2018-11-28 11:10:32.215139957 +0100
@@ -10,7 +10,7 @@
  
  # PARALLEL DELIVERY TO THE SAME DESTINATION
  #
-@@ -673,4 +674,138 @@ sample_directory =
+@@ -673,4 +674,140 @@ sample_directory =
  # readme_directory: The location of the Postfix README files.
  #
  readme_directory =
@@ -108,6 +108,7 @@
 +smtpd_tls_cert_file = 
 +smtpd_tls_key_file = 
 +smtpd_tls_ask_ccert = no
++smtpd_tls_exclude_ciphers = RC4
 +smtpd_tls_received_header = no
 +############################################################
 +# Start MySQL from postfixwiki.org
@@ -144,6 +145,7 @@
 +#unknown_address_reject_code = 550
 +#unknown_client_reject_code = 550
 +#unknown_hostname_reject_code = 550
++#unverified_recipient_reject_code = 550
 +#soft_bounce = yes
 +############################################################
 +#debug_peer_list = example.com

    

root

tags

participants (1)