Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked in at 2016-06-02 12:38:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2015-12-17 15:53:28.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2016-06-02 12:38:47.000000000 +0200
@@ -1,0 +2,265 @@
+Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de
+
+- fix Changelog cause of Factory decline
+
+-------------------------------------------------------------------
+Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com
+
+- Fix typo in config.postfix
+
+-------------------------------------------------------------------
+Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com
+
+- bnc#981097 config.postfix creates broken main.cf for tls client configuration
+- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
+- update to 3.1.1:
+- The new address_verify_pending_request_limit
+ parameter introduces a safety limit for the number of address
+ verification probes in the active queue. The default limit is 1/4
+ of the active queue maximum size. The queue manager enforces the
+ limit by tempfailing probe messages that exceed the limit. This
+ design avoids dependencies on global counters that get out of sync
+ after a process or system crash.
+- Machine-readable, JSON-formatted queue listing with "postqueue -j"
+ (no "mailq" equivalent).
+- The milter_macro_defaults feature provides an optional list of macro
+ name=value pairs. These specify default values for Milter macros when
+ no value is available from the SMTP session context.
+- Support to enforce a destination-independent delay between email
+ deliveries. The following example inserts 20 seconds of delay
+ between all deliveries with the SMTP transport, limiting the delivery
+ rate to at most three messages per minute.
+ smtp_transport_rate_delay = 20s
+- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
+ that a "not found" result from a DNSBL server will be valid for one
+ hour. This may have been adequate five years ago when postscreen
+ was first implemented, but nowadays, that one hour can result in
+ missed opportunities to block new spambots.
+ To address this, postscreen now respects the TTL of DNSBL "not
+ found" replies, as well as the TTL of DNSWL replies (both "found"
+ and "not found"). The TTL for a "not found" reply is determined
+ according to RFC 2308 (the TTL of an SOA record in the reply).
+
+ Support for DNSBL or DNSWL reply TTL values is controlled by two
+ configuration parameters:
+
+ postscreen_dnsbl_min_ttl (default: 60 seconds).
+ postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
+
+ The postscreen_dnsbl_ttl parameter is now obsolete, and has become
+ the default value for the new postscreen_dnsbl_max_ttl parameter.
+- New "smtpd_client_auth_rate_limit" feature, to
+ enforce an optional rate limit on AUTH commands per SMTP client IP
+ address. Similar to other smtpd_client_*_rate_limit features, this
+ enforces a limit on the number of requests per $anvil_rate_time_unit.
+- New SMTPD policy service attribute "policy_context",
+ with a corresponding "smtpd_policy_service_policy_context" configuration
+ parameter. Originally, this was implemented to share the same SMTPD
+ policy service endpoint among multiple check_policy_service clients.
+- A new "postfix tls" command to quickly enable opportunistic TLS
+ in the Postfix SMTP client or server, and to manage SMTP server keys
+ and certificates, including certificate signing requests and
+ TLSA DNS records for DANE.
+
+-------------------------------------------------------------------
+Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de
+
+- build with working support for SMTPUTF8
+
+-------------------------------------------------------------------
+Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de
+
+- fix build on sle11 by pointing _libexecdir to /usr/lib all the
+ time.
+
+-------------------------------------------------------------------
+Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de
+
+- some distros did not pull pkgconfig indirectly. pull it directly.
+
+-------------------------------------------------------------------
+Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de
+
+- fix building the dynamic maps: the old build had postgresql e.g.
+ with missing symbols.
+ - convert to AUXLIBS_* instead of plain AUXLIBS which is needed
+ for proper dynamic maps.
+ - reordered the CCARGS and AUXLIBS* lines to group by feature
+ - use pkgconfig or *_config tools where possible
+- picked up signed char from fedora spec file
+- enable lmdb support: new BR lmdb-devel, new subpackage
+ postfix-lmdb.
+- don't delete vmail user/groups
+
+-------------------------------------------------------------------
+Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com
+
+- update to 3.1.0
+- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
+ lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
+ Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
+ could be removed.
+- Adapting all the patches to postfix 3.1.0
+- remove obsolete patches
+ * add_missed_library.patch
+ * postfix-opensslconfig.patch
+- update vda patch
+ * remove postfix-vda-v13-2.10.0.patch
+ * add postfix-vda-v13-3.10.0.patch
+- The patch postfix-db6.diff is not more neccessary
+
+- Backwards-compatibility safety net.
+ With NEW Postfix installs, you MUST install a main.cf file with
+ the setting "compatibility_level = 2". See conf/main.cf for an
+ example.
+
+ With UPGRADES of existing Postfix systems, you MUST NOT change the
+ main.cf compatibility_level setting, nor add this setting if it
+ does not exist.
+
+ Several Postfix default settings have changed with Postfix 3.0. To
+ avoid massive frustration with existing Postfix installations,
+ Postfix 3.0 comes with a safety net that forces Postfix to keep
+ running with backwards-compatible main.cf and master.cf default
+ settings. This safety net depends on the main.cf compatibility_level
+ setting (default: 0). Details are in COMPATIBILITY_README.
+
+- Major changes - tls
+* [Feature 20160207] A new "postfix tls" command to quickly enable
+ opportunistic TLS in the Postfix SMTP client or server, and to
+ manage SMTP server keys and certificates, including certificate
+ signing requests and TLSA DNS records for DANE.
+* As of the middle of 2015, all supported Postfix releases no longer
+ nable "export" grade ciphers for opportunistic TLS, and no longer
+ use the deprecated SSLv2 and SSLv3 protocols for mandatory or
+ opportunistic TLS.
+* [Incompat 20150719] The default Diffie-Hellman non-export prime was
+ updated from 1024 to 2048 bits, because SMTP clients are starting
+ to reject TLS handshakes with primes smaller than 2048 bits.
+* [Feature 20160103] The Postfix SMTP client by default enables DANE
+ policies when an MX host has a (DNSSEC) secure TLSA DNS record,
+ even if the MX DNS record was obtained with insecure lookups. The
+ existence of a secure TLSA record implies that the host wants to
+ talk TLS and not plaintext. For details see the
+ smtp_tls_dane_insecure_mx_policy configuration parameter.
+
+- Major changes - default settings
+ [Incompat 20141009] The default settings have changed for relay_domains
+ (new: empty, old: $mydestination) and mynetworks_style (new: host,
+ old: subnet). However the backwards-compatibility safety net will
+ prevent these changes from taking effect, giving the system
+ administrator the option to make an old default setting permanent
+ in main.cf or to adopt the new default setting, before turning off
+ backwards compatibility. See COMPATIBILITY_README for details.
+
+ [Incompat 20141001] A new backwards-compatibility safety net forces
+ Postfix to run with backwards-compatible main.cf and master.cf
+ default settings after an upgrade to a newer but incompatible Postfix
+ version. See COMPATIBILITY_README for details.
+
+ While the backwards-compatible default settings are in effect,
+ Postfix logs what services or what email would be affected by the
+ incompatible change. Based on this the administrator can make some
+ backwards-compatibility settings permanent in main.cf or master.cf,
+ before turning off backwards compatibility.
+
+- Major changes - address verification safety
+ [Feature 20151227] The new address_verify_pending_request_limit
+ parameter introduces a safety limit for the number of address
+ verification probes in the active queue. The default limit is 1/4
+ of the active queue maximum size. The queue manager enforces the
+ limit by tempfailing probe messages that exceed the limit. This
+ design avoids dependencies on global counters that get out of sync
+ after a process or system crash.
+
+ Tempfailing verify requests is not as bad as one might think. The
+ Postfix verify cache proactively updates active addresses weeks
+ before they expire. The address_verify_pending_request_limit affects
+ only unknown addresses, and inactive addresses that have expired
+ from the address verify cache (by default, after 31 days).
+
+- Major changes - json support
+ [Feature 20151129] Machine-readable, JSON-formatted queue listing
+ with "postqueue -j" (no "mailq" equivalent). The output is a stream
+ of JSON objects, one per queue file. To simplify parsing, each
+ JSON object is formatted as one text line followed by one newline
+ character. See the postqueue(1) manpage for a detailed description
+ of the output format.
+
+- Major changes - milter support
+ [Feature 20150523] The milter_macro_defaults feature provides an
+ optional list of macro name=value pairs. These specify default
+ values for Milter macros when no value is available from the SMTP
+ session context.
+
+ For example, with "milter_macro_defaults = auth_type=TLS", the
+ Postfix SMTP server will send an auth_type of "TLS" to a Milter,
+ unless the remote client authenticates with SASL.
++++ 68 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/postfix/postfix.changes
++++ and /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes
Old:
----
add_missed_library.patch
dynamic_maps.patch
dynamic_maps_pie.patch
postfix-2.11.7.tar.gz
postfix-db6.diff
postfix-opensslconfig.patch
postfix-vda-v13-2.10.0.patch
New:
----
postfix-3.1.1.tar.gz
postfix-vda-v13-3.10.0.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:49.000000000 +0200
+++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:49.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package postfix
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,12 +16,19 @@
#
+%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} )
+%bcond_without lmdb
+%else
+%bcond_with lmdb
+%endif
+
#
# Some defines
#
%define pf_docdir %{_docdir}/%{name}-doc
%define pf_config_directory %{_sysconfdir}/%{name}
%define pf_daemon_directory /usr/lib/%{name}
+%define _libexecdir /usr/lib
%define pf_command_directory %{_prefix}/sbin
%define pf_queue_directory var/spool/%{name}
%define pf_sendmail_path %{_sbindir}/sendmail
@@ -52,39 +59,38 @@
%define _unitdir /lib/systemd
%endif
Name: postfix
-Version: 2.11.7
+Version: 3.1.1
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0
Group: Productivity/Networking/Email/Servers
Url: http://www.postfix.org/
-Source: http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz
-#Source1: postfix-%{version}.tar.gz.asc
+#Source: http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz
+Source: postfix-%{version}.tar.gz
Source2: %{name}-SuSE.tar.gz
Source3: %{name}-mysql.tar.bz2
-#Source4: %{name}.keyring
-Source10: postfix-rpmlintrc
+Source10: %{name}-rpmlintrc
Source11: check_mail_queue
-Patch0: dynamic_maps.patch
-Patch1: dynamic_maps_pie.patch
+Patch1: %{name}-no-md5.patch
Patch2: pointer_to_literals.patch
Patch3: ipv6_disabled.patch
-Patch10: %{name}-main.cf.patch
-Patch11: %{name}-master.cf.patch
-Patch12: %{name}-post-install.patch
-Patch20: %{name}-ssl-release-buffers.patch
-Patch21: postfix-opensslconfig.patch
-Patch100: %{name}-vda-v13-2.10.0.patch
-Patch101: postfix-db6.diff
-#PATCH-FIX-SLE PATCH-FIX-OPENSUSE to be able to build the agent tls_proxy
-Patch102: add_missed_library.patch
-Patch103: postfix-no-md5.patch
+Patch4: %{name}-main.cf.patch
+Patch5: %{name}-master.cf.patch
+Patch6: %{name}-post-install.patch
+Patch7: %{name}-ssl-release-buffers.patch
+Patch8: %{name}-vda-v13-3.10.0.patch
+
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
BuildRequires: libopenssl-devel
+%if %{with lmdb}
+BuildRequires: lmdb-devel
+%endif
+BuildRequires: libicu-devel
BuildRequires: mysql-devel
BuildRequires: openldap2-devel
BuildRequires: pcre-devel
+BuildRequires: pkgconfig
BuildRequires: postgresql-devel
Requires: iproute2
Requires(pre): permissions
@@ -158,42 +164,82 @@
by starting %{name} if you'll access a postmap which is stored in
PostgreSQL.
+%if %{with lmdb}
+%package lmdb
+Summary: Postfix plugin to support LMDB maps
+Group: Productivity/Networking/Email/Servers
+Requires(pre): %{name} = %{version}
+
+%description lmdb
+Postfix plugin to support LMDB maps. This library will be loaded
+by starting %{name} if you'll access a postmap which is stored in
+PostgreSQL.
+%endif
+
%prep
%setup -q -a 2 -a 3
-%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3
-%patch10
-%patch11
-%patch12
-%patch20
-%patch21
-%patch100 -p1
-%patch101
-%patch102
-%patch103 -p1
+%patch4
+%patch5
+%patch6
+%patch7
+%patch8 -p1
+
# ---------------------------------------------------------------------------
%build
-export CCARGS="-DHAS_LDAP -DHAS_PCRE -DUSE_SASL_AUTH -I%{_includedir}/sasl"
-export CCARGS="$CCARGS -DMAX_DYNAMIC_MAPS"
-export CCARGS="$CCARGS -DHAS_MYSQL -I%{_includedir}/mysql"
-export CCARGS="$CCARGS -DHAS_PGSQL -I%{_includedir}/pgsql"
-export CCARGS="$CCARGS -DUSE_CYRUS_SASL"
-export AUXLIBS="-lldap -llber -lpcre"
-export AUXLIBS="$AUXLIBS -lsasl2"
-export AUXLIBS="$AUXLIBS -lssl -lcrypto"
-export CCARGS="$CCARGS -DUSE_TLS"
-export CCARGS="$CCARGS %{optflags} -Wno-comments"
+unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
+
+export CCARGS="${CCARGS} %{optflags} -Wno-comments -Wno-missing-braces -fPIC"
+%ifarch s390 s390x ppc
+export CCARGS="${CCARGS} -fsigned-char"
+%endif
+#
+if pkg-config openssl ; then
+ export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)"
+ export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)"
+else
+ export CCARGS="${CCARGS} -DUSE_TLS"
+ export AUXLIBS="${AUXLIBS} -lssl -lcrypto"
+fi
+#
+export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL"
+export AUXLIBS_LDAP="-lldap -llber"
+#
+export CCARGS="${CCARGS} -DHAS_PCRE"
+export AUXLIBS_PCRE="-lpcre"
+#
+export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl"
+if pkg-config libsasl2 ; then
+ export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)"
+else
+ export AUXLIBS="$AUXLIBS -lsasl2"
+fi
+#
+export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)"
+export AUXLIBS_MYSQL="$(mysql_config --libs)"
+#
+export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)"
+export AUXLIBS_PGSQL="-lpq"
+#
+%if %{with lmdb}
+export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \
+export AUXLIBS_LMDB="-llmdb"
+%endif
+#
+# TODO
+#export AUXLIBS_SQLITE
+#export AUXLIBS_CDB
+#export AUXLIBS_SDBM
+
export PIE=-pie
-make makefiles DEBUG=""
-cd lib
-for i in dns global master tls util milter; do
- ln -sf lib${i}.a lib%{name}-${i}.so.1.0.1;
-done
-cd -
-make LD_LIBRARY_PATH=$(pwd)/lib:${LD_LIBRARY_PATH}
+make makefiles pie=yes shared=yes dynamicmaps=yes \
+ shlib_directory=/usr/lib/postfix \
+ meta_directory=/usr/lib/postfix \
+ config_directory=/etc/postfix
+make
# ---------------------------------------------------------------------------
%install
@@ -202,16 +248,9 @@
useradd -r -o -g %{name} -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} %{name} 2> /dev/null || :
usermod -G %{maildrop_gid},%{mail_gid} %{name} 2> /dev/null || :
mkdir -p %{buildroot}/%{_libdir}
-install lib/*.1 %{buildroot}/%{_libdir}
-for i in %{buildroot}/%{_libdir}/*.1; do
- ln -sf ${i##*/} ${i%.*.*}
-done
-cd lib
-for i in libpostfix-*; do
- ln -sf $i %{buildroot}/%{_libdir}/${i%%so.*}so
-done
-cd -
-ln -sf $(pwd)/lib/dict_* libexec/
+mkdir -p %{buildroot}/etc/postfix
+cp conf/* %{buildroot}/etc/postfix/
+cp lib/libpostfix-* %{buildroot}/%{_libdir}
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir}
sh postfix-install -non-interactive \
install_root=%{buildroot} \
@@ -395,9 +434,6 @@
else
echo "Can not find \"$FILE\". Not updating the file." >&2
fi
- echo "Removing %{vmusr} user"
- userdel %{vmusr} 2> /dev/null
- groupdel %{vmusr} 2> /dev/null
fi
# ---------------------------------------------------------------------------
@@ -469,6 +505,9 @@
%verify_permissions -e %{_sbindir}/postdrop
%verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd
%verify_permissions -e %{_sbindir}/sendmail
+%{fillup_only postfix}
+%else
+%{fillup_and_insserv -y postfix}
%endif
# ---------------------------------------------------------------------------
@@ -508,25 +547,23 @@
%config(noreplace) %{omc_dir}/%{name}.xml
%dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/main.cf.default
+%config(noreplace) %{_sysconfdir}/%{name}/[^mysql]*[^mysql]
%config(noreplace) %{_sysconfdir}/%{name}/access
%config(noreplace) %{_sysconfdir}/%{name}/aliases
-%config(noreplace) %{_sysconfdir}/%{name}/generic
-%config(noreplace) %{_sysconfdir}/%{name}/helo_access
%config(noreplace) %{_sysconfdir}/%{name}/canonical
+%config(noreplace) %{_sysconfdir}/%{name}/header_checks
+%config(noreplace) %{_sysconfdir}/%{name}/helo_access
+%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf
%config(noreplace) %{_sysconfdir}/%{name}/main.cf
%config(noreplace) %{_sysconfdir}/%{name}/master.cf
-%config(noreplace) %{_sysconfdir}/%{name}/openssl_%{name}.conf.in
-%config(noreplace) %{_sysconfdir}/%{name}/relocated
-%config(noreplace) %{_sysconfdir}/%{name}/transport
-%config(noreplace) %{_sysconfdir}/%{name}/virtual
-%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd
-%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical
+%config(noreplace) %{_sysconfdir}/%{name}/post-install
+%config(noreplace) %{_sysconfdir}/%{name}/postfix-files
%config(noreplace) %{_sysconfdir}/%{name}/relay
%config(noreplace) %{_sysconfdir}/%{name}/relay_ccerts
-%config(noreplace) %{_sysconfdir}/%{name}/header_checks
-%config(noreplace) %{_sysconfdir}/%{name}/bounce.cf.default
-%config(noreplace) %{_sysconfdir}/%{name}/dynamicmaps.cf
-%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf
+%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd
+%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical
+%config(noreplace) %{_sysconfdir}/%{name}/virtual
+
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/smtp
%dir %{_sysconfdir}/sasl2/
%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf
@@ -569,9 +606,16 @@
%{_libexecdir}/sendmail
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/*[^.so]
-%{_libexecdir}/%{name}/dict_ldap.so
-%{_libexecdir}/%{name}/dict_pcre.so
-%{_libexecdir}/%{name}/dict_tcp.so
+%{_libexecdir}/%{name}/postfix-ldap.so
+%{_libexecdir}/%{name}/postfix-pcre.so
+%{_libexecdir}/%{name}/libpostfix-dns.so
+%{_libexecdir}/%{name}/libpostfix-global.so
+%{_libexecdir}/%{name}/libpostfix-master.so
+%{_libexecdir}/%{name}/libpostfix-tls.so
+%{_libexecdir}/%{name}/libpostfix-util.so
+%{_libexecdir}/%{name}/main.cf.proto
+%{_libexecdir}/%{name}/master.cf.proto
+
%{conf_backup_dir}
%dir %attr(0700,%{name},root) %{pf_data_directory}
%{_mandir}/man?/*.gz
@@ -603,10 +647,16 @@
%doc %{name}-mysql/%{name}-mysql.sql
%config(noreplace) %attr(640, root, %{name}) %{_sysconfdir}/%{name}/*_maps.cf
%config(noreplace) %{_sysconfdir}/%{name}/main.cf-mysql
-%{_libexecdir}/%{name}/dict_mysql.so
+%{_libexecdir}/%{name}/postfix-mysql.so
%files postgresql
%defattr(-,root,root)
-%{_libexecdir}/%{name}/dict_pgsql.so
+%{_libexecdir}/%{name}/postfix-pgsql.so
+
+%if %{with lmdb}
+%files lmdb
+%defattr(-,root,root)
+%{_libexecdir}/%{name}/postfix-lmdb.so
+%endif
%changelog
++++++ pointer_to_literals.patch ++++++
--- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:49.000000000 +0200
+++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:49.000000000 +0200
@@ -54,15 +54,3 @@
if (state->expand_buf == 0)
state->expand_buf = vstring_alloc(10);
-diff -Nur postfix-2.11.0/src/util/dict_open.c postfix-2.11.0-patched/src/util/dict_open.c
---- postfix-2.11.0/src/util/dict_open.c 2014-02-12 15:19:33.689563158 +0100
-+++ postfix-2.11.0-patched/src/util/dict_open.c 2014-02-12 15:17:28.174612493 +0100
-@@ -554,7 +554,7 @@
- }
-
- #ifndef NO_DYNAMIC_MAPS
--#define STREQ(x,y) (x == y || (x[0] == y[0] && strcmp(x,y) == 0))
-+inline int STREQ(const char *x, const char *y) { return ( x == y || (*(x) == *(y) && strcmp((x), (y)) == 0)); }
-
- void dict_open_dlinfo(const char *path)
- {
++++++ postfix-2.11.7.tar.gz -> postfix-3.1.1.tar.gz ++++++
++++ 114418 lines of diff (skipped)
++++++ postfix-SuSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix
--- old/postfix-SuSE/config.postfix 2015-08-12 12:50:59.000000000 +0200
+++ new/postfix-SuSE/config.postfix 2016-05-24 15:18:32.000000000 +0200
@@ -573,20 +573,25 @@
}
fi
if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then
- $PCONF -e "smtpd_use_tls = yes"
- if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
- $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+ if [ -z "$POSTFIX_TLS_CERTFILE" -o -z "$POSTFIX_TLS_KEYFILE" -o ! -e "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" -o ! -e "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" ]; then
+ # BNC#981097 config.postfix creates broken main.cf for tls client configuration
+ warn_user 1>&2 "You have activated POSTFIX_SMTP_TLS_SERVER, but you don't have created or configured certificates."
else
- $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs"
+ $PCONF -e "smtpd_use_tls = yes"
+ if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
+ $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+ else
+ $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs"
+ fi
+ $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
+ $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
+ $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts"
+ $PCONF -e "smtpd_tls_ask_ccert = yes"
+ $PCONF -e "smtpd_tls_received_header = yes"
+ touch -m -d "1 minute ago" $TMPDIR/main.cf
+ CURRENT=$($PCONF -h smtpd_recipient_restrictions)
+ $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
fi
- $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
- $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
- $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts"
- $PCONF -e "smtpd_tls_ask_ccert = yes"
- $PCONF -e "smtpd_tls_received_header = yes"
- touch -m -d "1 minute ago" $TMPDIR/main.cf
- CURRENT=$($PCONF -h smtpd_recipient_restrictions)
- $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
else
$PCONF -e "smtpd_use_tls = no"
$PCONF -e "smtpd_tls_CAfile ="
@@ -616,10 +621,12 @@
else
$PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/certs"
fi
- test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \
+ if [ "$POSTFIX_TLS_CERTFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" ]; then
$PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
- test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \
+ fi
+ if [ "$POSTFIX_TLS_KEYFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" ]; then
$PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
+ fi
$PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache"
else
$PCONF -e "smtp_tls_CAfile ="
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix.orig new/postfix-SuSE/config.postfix.orig
--- old/postfix-SuSE/config.postfix.orig 1970-01-01 01:00:00.000000000 +0100
+++ new/postfix-SuSE/config.postfix.orig 2015-08-12 12:50:59.000000000 +0200
@@ -0,0 +1,1336 @@
+#! /bin/bash
+# Copyright (c) 1999-2001 SuSE GmbH Nuernberg, Germany.
+# Copyright (c) 2002-2004 SuSE Linux AG
+# Copyright (c) 2015 SUSE Linux GmbH
+#
+# Author: Carsten Hoeger
+# Author: Peter Varkoly
+
+export LC_ALL=POSIX
+export RUN="/var/run/"
+if [ -d /run ]; then
+ export RUN="/run"
+fi
+
+cpifnewer(){
+ # remove files, that do no longer exist
+ if [ -d $2 -a "$(echo $2/*)" != "$2/*" ]; then
+ for i in $2/*; do
+ if [ ! -e "/$i" ]; then
+ echo "removing old or no longer used $i"
+ rm -f $i
+ fi
+ done
+ fi
+ test -d $2 || mkdir -p $2
+ for i in $1; do
+ dst=$2/$(basename $i)
+
+ if [ ! -f $dst -a ! -d $dst -a -e $i ]; then
+ echo "copying missing $dst from $i"
+ cp -af $i $dst
+ elif [ ! -d $dst -a $i -nt $dst -o $i -ot $dst ]; then
+ echo "updating $dst from $i"
+ cp -af $i $dst
+ fi
+ done
+}
+
+update_db() {
+ while test "x$1" != "x" ; do
+ pfmap=/etc/postfix/${1%:*}
+ mode=${1#*:}
+ if [ "$mode" == "$1" ]; then
+ mode=644
+ fi
+ chmod $mode ${pfmap}
+ test -e $pfmap && \
+ if test $pfmap -nt ${pfmap}.db -o ! -e ${pfmap}.db ; then
+ echo "rebuilding ${pfmap}.db"
+ postmap ${pfmap}
+ fi
+ chmod $mode ${pfmap}.db
+ shift
+ done
+}
+
+get_alias_maps(){
+ test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \
+ for i in $(find /etc/aliases.d -maxdepth 1 -type f \
+ '!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \
+ '!' -regex ".*/\(\.\|#\).*" \
+ '!' -regex ".*~$") ; do
+ echo -n "$i ";
+ done
+}
+
+warn_user(){
+ tput bold
+ echo -e "\t*** WARNING ***"
+ echo -e $1
+ echo -e "\t*** WARNING ***"
+ tput sgr0
+}
+
+mkchroot(){
+
+ PF_CHROOT="/var/spool/postfix"
+
+ if [ ! -d "$PF_CHROOT" ]; then
+ warn_user "\t$PF_CHROOT does not exist!!!\n\
+\tThis should not happen!\n\
+\tPlease reinstall package postfix or create this directory!"
+ exit 1
+ fi
+ cd "$PF_CHROOT"
+
+ if [ "$(echo "$POSTFIX_MYSQL_CONN" | tr 'A-Z' 'a-z' )" == "socket" -a \
+ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then
+ if [ -n "$(my_print_defaults mysqld)" ]; then
+ MYSQL_SOCKET=$(my_print_defaults mysqld | grep -e '--socket[[:blank:]=]' | awk -F"=" '{print $2}')
+ MYSQL_SOCKET_DIR=$(dirname $MYSQL_SOCKET)
+ CHR_MYSQL_SOCKET=$(echo $MYSQL_SOCKET | sed -e "s,/,,")
+ CHR_MYSQL_SOCKET_DIR=$(dirname $CHR_MYSQL_SOCKET)
+ else
+ warn_user "\t/etc/my.cnf does not exist!!\n\
+\tThis should not happen!\n\
+\tPlease check if postfix-mysql is installed and check for package mysql."
+ fi
+ fi
+ if [ "$(echo "$POSTFIX_SMTP_AUTH_SERVER" | tr 'A-Z' 'a-z' )" != "no" ]; then
+ SASL_SOCKET_DIR="$RUN/sasl2"
+ CHR_SASL_SOCKET_DIR="run/sasl2"
+ fi
+ if [ "$(echo "$POSTFIX_CHROOT" | tr 'A-Z' 'a-z' )" != "yes" ]; then
+ # tidy-up in any case, to be safe (bnc#837561)
+ if grep '[[:blank:]]/var/spool/postfix/proc[[:blank:]]' /proc/mounts &> /dev/null; then
+ umount /var/spool/postfix/proc
+ fi
+ if [ -d etc ]; then
+ echo "removing postfix chroot environment..."
+ fi
+
+ if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then
+ if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then
+ umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR
+ fi
+ fi
+
+ if [ -n "$CHR_SASL_SOCKET_DIR" ]; then
+ if grep "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then
+ umount "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR
+ fi
+ fi
+
+ rm -rvf etc @lib@ usr var proc
+ else
+ echo "checking postfix chroot environment..."
+
+ if [ -e /lib/security/pam_ldap.so ]; then
+ cpifnewer /etc/openldap/ldap.conf etc/openldap
+ fi
+
+ if [ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "yes" ]; then
+ if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then
+ if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then
+ umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR
+ fi
+ fi
+ fi
+
+ if [ "$(echo "$POSTFIX_MYSQL_CONN" | tr 'A-Z' 'a-z' )" == "socket" -a \
+ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then
+ if [ ! -d $CHR_MYSQL_SOCKET_DIR ]; then
+ mkdir -p $CHR_MYSQL_SOCKET_DIR
+ fi
+ if ! grep $CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then
+ mount -o bind $MYSQL_SOCKET_DIR "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR
+ fi
+ fi
+
+ if [ "$(echo "$POSTFIX_SMTP_AUTH_SERVER" | tr 'A-Z' 'a-z' )" != "no" ]; then
+ if [ ! -d $CHR_SASL_SOCKET_DIR ]; then
+ mkdir -p $CHR_SASL_SOCKET_DIR
+ fi
+ if ! grep $CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then
+ mount -o bind $SASL_SOCKET_DIR "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR
+ fi
+ fi
+
+ # smtpd_tls_CApath
+ CAPATH=`postconf -h smtpd_tls_CApath`
+ if [ "$CAPATH" ]
+ then
+ cpifnewer "$CAPATH/*" ./$CAPATH
+ rsync -avH --copy-unsafe-links /etc/ssl/certs ./etc/ssl
+ fi
+ # smtpd_tls_CAfile
+ smtpd_tls_CAfile=`postconf -h smtpd_tls_CAfile`
+ if [ "$smtpd_tls_CAfile" ]
+ then
+ DIR=`dirname $smtpd_tls_CAfile`
+ cpifnewer $smtpd_tls_CAfile ./$DIR
+ fi
+ # smtpd_tls_cert_file
+ smtpd_tls_cert_file=`postconf -h smtpd_tls_cert_file`
+ if [ "$smtpd_tls_cert_file" ]
+ then
+ DIR=`dirname $smtpd_tls_cert_file`
+ cpifnewer $smtpd_tls_cert_file ./$DIR
+ fi
+ # smtpd_tls_key_file
+ smtpd_tls_key_file=`postconf -h smtpd_tls_key_file`
+ if [ -n "$smtpd_tls_key_file" ]; then
+ if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ]
+ then
+ DIR=`dirname $smtpd_tls_key_file`
+ cpifnewer $smtpd_tls_key_file ./$DIR
+ fi
+ fi
+
+ # PAM
+ cpifnewer "/etc/pam.d/*" etc/pam.d
+ cpifnewer "/@lib@/security/*" @lib@/security
+ cpifnewer "/@lib@/libpam*" @lib@
+ cpifnewer "/usr/@lib@/libcrack.so*" usr/@lib@
+
+ # SASL
+ cpifnewer /etc/sasldb2 etc
+ cpifnewer "/etc/sasl2/*" etc/sasl2
+ cpifnewer "/usr/@lib@/sasl2/*" usr/@lib@/sasl2
+ cpifnewer "/usr/@lib@/libsasl2*" usr/@lib@
+
+ # CYRUS
+ mkdir -p var/lib/imap/socket/
+ ln -f /var/lib/imap/socket/lmtp var/lib/imap/socket/lmtp
+
+ cpifnewer "/@lib@/libnss*" @lib@
+ cpifnewer "/@lib@/libresolv*" @lib@
+ cpifnewer "/@lib@/libdb*" @lib@
+ cpifnewer "/@lib@/libxcrypt*" @lib@
+
+ cpifnewer /etc/host.conf etc
+ cpifnewer /etc/nsswitch.conf etc
+ cpifnewer /etc/resolv.conf etc
+ cpifnewer /etc/services etc
+ cpifnewer /etc/hosts etc
+ cpifnewer /etc/passwd etc
+
+ if [ -L /etc/localtime ]; then
+ if [ -z "$TIMEZONE" -o "$TIMEZONE" == "YAST_ASK" ]; then
+ warn_user "\tUnable to setup your timezone!\n\
+\tThe logging of the current time in /var/log/mail may be wrong!\n\
+\tPlease set the variable TIMEZONE in /etc/sysconfig/clock!"
+ else
+ mkdir -p usr/share/zoneinfo/$(dirname $TIMEZONE)
+ if [ ! -e /usr/share/zoneinfo/$TIMEZONE ]; then
+ warn_user "\t$TIMEZONE is not a regular timezone or the corresponding\n\
+\tfile at /usr/share/zoneinfo does not exist"
+ else
+ cp -af /usr/share/zoneinfo/$TIMEZONE usr/share/zoneinfo/$TIMEZONE
+ ln -sf ../usr/share/zoneinfo/$TIMEZONE etc/localtime
+ fi
+ fi
+ else
+ cpifnewer /etc/localtime etc
+ fi
+
+ # do not chown -R root /var/spool/postfix/var
+ # this will break ownership for mysql on suse < 1120
+ if [ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then
+ chown -R root "$PF_CHROOT"/{etc,@lib@,usr}
+ else
+ chown -R root "$PF_CHROOT"/{etc,@lib@,usr,var}
+ fi
+ fi # "$POSTFIX_CHROOT"
+}
+
+gen_main_cf(){
+ TMPDIR=$(mktemp -d /tmp/config.postfix.XXXXXX) || exit 1
+ PCONF="/usr/sbin/postconf -c $TMPDIR"
+
+ # needed when for WITH_LDAP
+ export POSTFIX_WITH_LDAP
+ # needed when for WITH_MYSQL
+ export POSTFIX_WITH_MYSQL
+ MCF_DIR=$TMPDIR
+ export MCF_DIR
+
+ if [ $? -ne 0 ]; then
+ warn_user "Can't create temp directory, exiting..."
+ exit 1
+ fi
+ cp -f /etc/postfix/{main,master}.cf $TMPDIR
+
+ # Some default settings, that seem to be useable, at least to me
+ $PCONF -e "mail_spool_directory = /var/mail"
+ $PCONF -e "canonical_maps = hash:/etc/postfix/canonical"
+ $PCONF -e "virtual_alias_domains = hash:/etc/postfix/virtual"
+ $PCONF -e "relocated_maps = hash:/etc/postfix/relocated"
+ if [ "$(echo "$POSTFIX_TRANSPORT_MAPS" | tr 'A-Z' 'a-z' )" != "" ]; then
+ $PCONF -e "transport_maps = $POSTFIX_TRANSPORT_MAPS"
+ else
+ $PCONF -e "transport_maps = hash:/etc/postfix/transport"
+ fi
+ $PCONF -e "sender_canonical_maps = hash:/etc/postfix/sender_canonical"
+ $PCONF -e "masquerade_exceptions = root"
+ $PCONF -e "masquerade_classes = envelope_sender, header_sender, header_recipient"
+ if [ -n "${FQHOSTNAME}" ]; then
+ $PCONF -e "myhostname = $FQHOSTNAME"
+ fi
+ $PCONF -e "delay_warning_time = 1h"
+ $PCONF -e 'message_strip_characters = \0'
+
+ # to be on the save side
+ $PCONF -e "daemon_directory = @daemon_directory@"
+ $PCONF -e "readme_directory = @readme_directory@"
+ $PCONF -e "html_directory = @html_directory@"
+ $PCONF -e "sample_directory = @sample_directory@"
+ $PCONF -e "sendmail_path = @sendmail_path@"
+ $PCONF -e "setgid_group = @setgid_group@"
+ $PCONF -e "manpage_directory = @manpage_directory@"
+ $PCONF -e "newaliases_path = @newaliases_path@"
+ $PCONF -e "mailq_path = @mailq_path@"
+ if [ "$(echo "$POSTFIX_INET_PROTO" | tr 'A-Z' 'a-z' )" != "" ]; then
+ $PCONF -e "inet_protocols = $POSTFIX_INET_PROTO"
+ else
+ if [ "$( ip addr show dev lo | grep inet6 )" ]; then
+ $PCONF -e "inet_protocols = all"
+ else
+ $PCONF -e "inet_protocols = ipv4"
+ fi
+ fi
+ if test "$SMTPD_LISTEN_REMOTE" == "yes" ; then
+ if [ "$(echo "$POSTFIX_LISTEN" | tr 'A-Z' 'a-z' )" != "" ]; then
+ $PCONF -e "inet_interfaces = $POSTFIX_LISTEN"
+ else
+ $PCONF -e "inet_interfaces = all"
+ fi
+ else
+ $PCONF -e "inet_interfaces = localhost"
+ fi
+ test -n "$POSTFIX_MASQUERADE_DOMAIN" && \
+ MASQ_DOMS=$POSTFIX_MASQUERADE_DOMAIN
+ if [ -n "$FROM_HEADER" -a "$FROM_HEADER" != "YAST_ASK" ]; then
+ if [ -n "$MASQ_DOMS" ]; then
+ MASQ_DOMS="$MASQ_DOMS, $FROM_HEADER"
+ else
+ MASQ_DOMS="$FROM_HEADER"
+ fi
+ fi
+ $PCONF -e "masquerade_domains = $MASQ_DOMS"
+
+ if test -z "$POSTFIX_LOCALDOMAINS"; then
+ $PCONF -e 'mydestination = $myhostname, localhost.$mydomain'
+ else
+ $PCONF -e "mydestination = $POSTFIX_LOCALDOMAINS"
+ fi
+
+ # this overrides the previous
+ if test "$POSTFIX_NULLCLIENT" == "yes"; then
+ $PCONF -e "mydestination = "
+ fi
+
+ if test "$POSTFIX_DIALUP" == "yes"; then
+ $PCONF -e "defer_transports = smtp"
+ $PCONF -e "mynetworks_style = host"
+ else
+ $PCONF -e "defer_transports = "
+ if test -n "$POSTFIX_ADD_MYNETWORKS_STYLE"
+ then
+ $PCONF -e "mynetworks_style = $POSTFIX_ADD_MYNETWORKS_STYLE"
+ fi
+ fi
+
+ if test "$POSTFIX_NODNS" == "yes"; then
+ $PCONF -e "disable_dns_lookups = yes"
+ else
+ $PCONF -e "disable_dns_lookups = no"
+ fi
+ if test -n "$POSTFIX_RELAYHOST"; then
+ $PCONF -e "relayhost = $POSTFIX_RELAYHOST"
+ else
+ $PCONF -e "relayhost = "
+ fi
+ if [ "$(echo "$USE_AMAVIS" | tr 'A-Z' 'a-z' )" != "yes" ]; then
+ $PCONF -e "content_filter = "
+ else
+ $PCONF -e "content_filter = amavis:[127.0.0.1]:10024"
+ fi
+
+ case "$POSTFIX_MDA" in
+ procmail)
+ echo 1>&2 "Setting up procmail as MDA..."
+ if [ ! -x /usr/bin/procmail ]; then
+ warn_user 1>&2 "procmail is not installed, using local as MDA!"
+ $PCONF -e "mailbox_command = "
+ $PCONF -e "mailbox_transport = "
+ else
+ $PCONF -e "mailbox_command = /usr/bin/procmail"
+ $PCONF -e "mailbox_transport = "
+ fi
+ $PCONF -e "disable_mime_output_conversion = no"
+ ;;
+ cyrus)
+ echo 1>&2 "Setting up cyrus-imapd via lmtp as MDA..."
+ if [ ! -x /usr/lib/cyrus/bin/lmtpd ]; then
+ warn_user 1>&2 "cyrus-imapd is not installed, using local as MDA!"
+ $PCONF -e "mailbox_command = "
+ $PCONF -e "mailbox_transport = "
+ else
+ LMTPUNIX=$(grep -E "^[[:space:]]*lmtpunix.*" /etc/cyrus.conf)
+ if [ -z "$LMTPUNIX" ]; then
+ warn_user 1>&2 "you have to add\n\
+lmtpunix cmd=\"lmtpd\" listen=\"/var/lib/imap/socket/lmtp\" prefork=1\n\
+to /etc/cyrus.conf"
+ else
+ if [ -z "$(echo $LMTPUNIX | grep -E '/var/lib/imap/socket/lmtp')" ]; then
+ warn_user 1>&2 "the socket to listen on is wrong in /etc/cyrus.conf\n\
+use listen=\"/var/lib/imap/socket/lmtp\" instead!"
+ fi
+ fi
+ $PCONF -e "mailbox_command = "
+ $PCONF -e "mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp"
+ $PCONF -e "disable_mime_output_conversion = no"
+ if [ -z "$(id postfix | grep -E 'groups=.*mail')" ]; then
+ warn_user 1>&2 "adding postfix user to group mail"
+ usermod -G mail postfix
+ fi
+ fi
+ ;;
+ dovecot)
+ echo 1>&2 "Setting up dovecot as MDA..."
+ if [ ! -x /usr/lib/dovecot/deliver ]; then
+ warn_user 1>&2 "dovecot is not installed, using local as MDA!"
+ $PCONF -e "mailbox_command = "
+ $PCONF -e "mailbox_transport = "
+ else
+ $PCONF -e "mailbox_command = /usr/lib/dovecot/deliver"
+ $PCONF -e "mailbox_transport = "
+ fi
+ $PCONF -e "disable_mime_output_conversion = no"
+ ;;
+ local|*)
+ echo 1>&2 "Setting up postfix local as MDA..."
+ $PCONF -e "mailbox_command = "
+ $PCONF -e "mailbox_transport = "
+ $PCONF -e "disable_mime_output_conversion = no"
+ ;;
+ esac
+
+ case "$POSTFIX_BASIC_SPAM_PREVENTION" in
+ medium)
+ echo 1>&2 "Setting up medium SPAM protection..."
+ $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain"
+ if test -n "$POSTFIX_RBL_HOSTS"; then
+ rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ })
+ clnt_restrictions=""
+ for i in $rblhosts; do
+ if [ -z "$clnt_restrictions" ]; then
+ clnt_restrictions="reject_rbl_client $i"
+ else
+ clnt_restrictions="$clnt_restrictions, reject_rbl_client $i"
+ fi
+ done
+ $PCONF -e "smtpd_client_restrictions = $clnt_restrictions"
+ else
+ $PCONF -e "smtpd_client_restrictions ="
+ fi
+ $PCONF -e "smtpd_helo_required = yes"
+ $PCONF -e "smtpd_helo_restrictions = "
+ $PCONF -e "strict_rfc821_envelopes = no"
+ $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination "
+ ;;
+ hard)
+ echo 1>&2 "Setting up hard SPAM protection..."
+ $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain"
+ if test -n "$POSTFIX_RBL_HOSTS"; then
+ rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ })
+ clnt_restrictions=""
+ for i in $rblhosts; do
+ if [ -z "$clnt_restrictions" ]; then
+ clnt_restrictions="reject_rbl_client $i"
+ else
+ clnt_restrictions="$clnt_restrictions, reject_rbl_client $i"
+ fi
+ done
+ $PCONF -e "smtpd_client_restrictions = permit_mynetworks, $clnt_restrictions, reject_unknown_client"
+
+ else
+ $PCONF -e \
+ "smtpd_client_restrictions = permit_mynetworks, reject_unknown_client"
+ fi
+ $PCONF -e "smtpd_helo_required = yes"
+ $PCONF -e "smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname"
+ $PCONF -e "strict_rfc821_envelopes = yes"
+ $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination"
+ ;;
+ custom)
+ echo 1>&2 "Setting up custom SPAM protection..."
+ $PCONF -e "smtpd_helo_required = yes"
+ $PCONF -e "strict_rfc821_envelopes = no"
+ if [ -n "$POSTFIX_SMTPD_CLIENT_RESTRICTIONS" ]; then
+ s_clnt_restrictions=$(echo ${POSTFIX_SMTPD_CLIENT_RESTRICTIONS/\ \+/,/ })
+ else
+ echo 1>&2 "No smtpd_client_restrictions defined ... setting to medium ..."
+ s_clnt_restrictions="reject_unauth_pipelining, reject_unknown_client"
+ fi
+ if [ -n "$POSTFIX_RBL_HOSTS" ]; then
+ rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ })
+ maps_rbl=""
+ for i in $rblhosts; do
+ if [ -z "$maps_rbl" ]; then
+ maps_rbl="reject_rbl_client $i"
+ else
+ maps_rbl="$maps_rbl, reject_rbl_client $i"
+ fi
+ done
+ $PCONF -e "smtpd_client_restrictions = $s_clnt_restrictions, $maps_rbl"
+ else
+ $PCONF -e "smtpd_client_restrictions = $s_clnt_restrictions"
+ fi
+ if [ -n "$POSTFIX_SMTPD_HELO_RESTRICTIONS" ]; then
+ helo_restrictions=$(echo ${POSTFIX_SMTPD_HELO_RESTRICTIONS/\ \+/,/ })
+ $PCONF -e "smtpd_helo_restrictions = $helo_restrictions"
+ else
+ $PCONF -e "smtpd_helo_restrictions = reject_unauth_pipelining, reject_unknown_client"
+ fi
+ if [ -n "$POSTFIX_SMTPD_SENDER_RESTRICTIONS" ]; then
+ sender_restrictions=$(echo ${POSTFIX_SMTPD_SENDER_RESTRICTIONS/\ \+/,/ })
+ $PCONF -e "smtpd_sender_restrictions = $sender_restrictions"
+ else
+ $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain"
+ fi
+ if [ -n "$POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" ]; then
+ rcpt_restrictions=$(echo ${POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS/\ \+/,/ })
+ fi
+ if [ -z "$POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" ]; then
+ echo 1>&2 "No smtp_recipient_restrictions defined ... setting to medium ..."
+ $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination"
+ else
+ $PCONF -e "smtpd_recipient_restrictions = $rcpt_restrictions"
+ fi
+ ;;
+ *)
+ if test "$POSTFIX_BASIC_SPAM_PREVENTION" != "off"; then
+ warn_user 1>&2 "$POSTFIX_BASIC_SPAM_PREVENTION is an invalid value for POSTFIX_BASIC_SPAM_PREVENTION\n\
+using \"off\" instead!"
+ fi
+ echo 1>&2 "Setting SPAM protection to \"off\"..."
+ $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access"
+ $PCONF -e "smtpd_client_restrictions ="
+ $PCONF -e "smtpd_helo_required = no"
+ $PCONF -e "smtpd_helo_restrictions ="
+ $PCONF -e "strict_rfc821_envelopes = no"
+ $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination"
+ ;;
+ esac
+
+ if test "$POSTFIX_SMTP_AUTH" == "yes"; then
+ $PCONF -e "smtp_sasl_auth_enable = yes"
+ $PCONF -e "smtp_sasl_security_options = $POSTFIX_SMTP_AUTH_OPTIONS"
+ $PCONF -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
+ else
+ $PCONF -e "smtp_sasl_auth_enable = no"
+ $PCONF -e "smtp_sasl_security_options = "
+ $PCONF -e "smtp_sasl_password_maps = "
+ fi
+
+ if test "$POSTFIX_SMTP_AUTH_SERVER" == "yes"; then
+ if [ -f /etc/sasl2/smtpd.conf ]; then
+ grep saslauthd /etc/sasl2/smtpd.conf >/dev/null && {
+ checkproc -p $RUN/sasl2/saslauthd.pid /usr/sbin/saslauthd || {
+ warn_user 1>&2 "You are using saslauthd as pwcheck_method in /etc/sasl2/smtpd.conf,\n\
+but saslauthd is not running."
+ }
+ }
+ elif [ -f /usr/@lib@/sasl2/smtpd.conf ]; then
+ grep saslauthd /usr/@lib@/sasl2/smtpd.conf >/dev/null && {
+ checkproc -p $RUN/sasl2/saslauthd.pid /usr/sbin/saslauthd || {
+ warn_user 1>&2 "You are using saslauthd as pwcheck_method in /usr/@lib@/sasl2/smtpd.conf,\n\
+but saslauthd is not running."
+ }
+ }
+ else
+ warn_user 1>&2 "You have activated POSTFIX_SMTP_AUTH_SERVER, but you don't have /etc/sasl2/smtpd.conf (nor /usr/@lib@/sasl2/smtpd.conf)"
+ fi
+ $PCONF -e "smtpd_sasl_auth_enable= yes"
+ touch -m -d "1 minute ago" $TMPDIR/main.cf
+ CURRENT=$($PCONF -h smtpd_client_restrictions)
+ $PCONF -e "smtpd_client_restrictions= permit_sasl_authenticated, $CURRENT"
+ touch -m -d "1 minute ago" $TMPDIR/main.cf
+ CURRENT=$($PCONF -h smtpd_recipient_restrictions)
+ $PCONF -e "smtpd_recipient_restrictions= permit_sasl_authenticated, $CURRENT"
+ else
+ $PCONF -e "smtpd_sasl_auth_enable= no"
+ fi
+
+
+ if test "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then
+ grep -E '^smtps' /etc/services >/dev/null || {
+ warn_user 1>&2 "adding service \"smtps\" to /etc/services"
+ echo "smtps 465/tcp # smtp over SSL" >> /etc/services
+ }
+ fi
+ if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then
+ $PCONF -e "smtpd_use_tls = yes"
+ if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
+ $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+ else
+ $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs"
+ fi
+ $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
+ $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
+ $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts"
+ $PCONF -e "smtpd_tls_ask_ccert = yes"
+ $PCONF -e "smtpd_tls_received_header = yes"
+ touch -m -d "1 minute ago" $TMPDIR/main.cf
+ CURRENT=$($PCONF -h smtpd_recipient_restrictions)
+ $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
+ else
+ $PCONF -e "smtpd_use_tls = no"
+ $PCONF -e "smtpd_tls_CAfile ="
+ $PCONF -e "smtpd_tls_CApath ="
+ $PCONF -e "smtpd_tls_cert_file ="
+ $PCONF -e "smtpd_tls_key_file ="
+ $PCONF -e "relay_clientcerts ="
+ $PCONF -e "smtpd_tls_ask_ccert = no"
+ $PCONF -e "smtpd_tls_received_header = no"
+ fi
+
+ if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then
+ $PCONF -e "smtp_use_tls = no"
+ $PCONF -e "smtp_enforce_tls = no"
+ fi
+ if test "$POSTFIX_SMTP_TLS_CLIENT" == "yes"; then
+ $PCONF -e "smtp_use_tls = yes"
+ $PCONF -e "smtp_enforce_tls = no"
+ fi
+ if test "$POSTFIX_SMTP_TLS_CLIENT" == "must"; then
+ $PCONF -e "smtp_use_tls = yes"
+ $PCONF -e "smtp_enforce_tls = yes"
+ fi
+ if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then
+ if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
+ $PCONF -e "smtp_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
+ else
+ $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/certs"
+ fi
+ test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \
+ $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
+ test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \
+ $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
+ $PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache"
+ else
+ $PCONF -e "smtp_tls_CAfile ="
+ $PCONF -e "smtp_tls_CApath ="
+ $PCONF -e "smtp_tls_cert_file ="
+ $PCONF -e "smtp_tls_key_file ="
+ $PCONF -e "smtp_tls_session_cache_database ="
+ fi
+
+ ALLMAPS="hash:/etc/aliases"
+ for i in $(get_alias_maps); do
+ ALLMAPS="${ALLMAPS}, hash:$i"
+ done
+ $PCONF -e "alias_maps = $ALLMAPS"
+
+ for i in $(echo ${!POSTFIX_ADD_*}); do
+ touch -m -d "1 minute ago" $TMPDIR/main.cf
+ pfkey=$(echo ${i#POSTFIX_ADD_})
+ pfval=$(eval "echo \$$i")
+ if [ -z "$($PCONF $pfkey 2>/dev/null)" ]; then
+ pfkey=$(echo ${i#POSTFIX_ADD_} | tr '[:upper:]' '[:lower:]')
+ if [ -z "$($PCONF $pfkey 2>/dev/null)" ]; then
+ warn_user 1>&2 "unknown parameter $i ignored"
+ else
+ #old style uppercase written variable
+ $PCONF -e "$pfkey = $pfval"
+ fi
+ else
+ $PCONF -e "$pfkey = $pfval"
+ fi
+ done
+
+ perl -e 'use strict;
+
+my $mncf = "$ENV{MCF_DIR}/main.cf";
+my $line;
+
+my $with_ldap =
+ defined $ENV{POSTFIX_WITH_LDAP} ? $ENV{POSTFIX_WITH_LDAP} : "no";
+
+$with_ldap = lc($with_ldap);
+
+my $with_mysql =
+ defined $ENV{POSTFIX_WITH_MYSQL} ? $ENV{POSTFIX_WITH_MYSQL} : "no";
+
+$with_mysql = lc($with_mysql);
+
+open(MNCF,"<$mncf") || die "unable to open $mncf: $!";
+
+while( <MNCF> ) {
+ chomp;
+
+ if( /\#?(virtual_alias_maps\s=\s).*/ ) {
+ if ($with_mysql ne "yes" && $with_ldap ne "yes") {
+ $line = $1."hash:/etc/postfix/virtual";
+ } elsif ($with_ldap eq "yes" && $with_mysql ne "yes") {
+ $line = $1."hash:/etc/postfix/virtual ldap:/etc/postfix/ldap_aliases.cf";
+ } elsif ($with_mysql eq "yes" && $with_ldap ne "yes") {
+ $line = $1."hash:/etc/postfix/virtual mysql:/etc/postfix/mysql_virtual_alias_maps.cf";
+ } elsif ($with_mysql eq "yes" && $with_ldap eq "yes") {
+ $line = $1."hash:/etc/postfix/virtual ldap:/etc/postfix/ldap_aliases.cf mysql:/etc/postfix/mysql_virtual_alias_maps.cf";
+ }
+ } elsif( /\#?(virtual_uid_maps\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_gid_maps\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_minimum_uid\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_base\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_domains\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_limit\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_maps\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_transport\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_limit_maps\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_mailbox_limit_override\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_maildir_limit_message\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /\#?(virtual_overquota_bounce\s=.*)/ ) {
+ if ($with_mysql ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /^(relay_domains\s=\s).*/ ) {
+ if ($with_mysql ne "yes") {
+ $line = $1."\$mydestination, hash:/etc/postfix/relay";
+ } else {
+ $line = $1."\$mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql_relay_domains_maps.cf";
+ }
+ } else {
+ $line = $_;
+ }
+
+ if( $line =~ /^\#/ ) {
+ print $line."\n";
+ next;
+ }
+
+ print $line."\n";
+
+}' > $TMPDIR/new.cf
+
+ mv $TMPDIR/new.cf $TMPDIR/main.cf
+ cat $TMPDIR/main.cf
+ rm -rf $TMPDIR
+}
+
+gen_amavisd_cf(){
+ cp /etc/amavisd.conf /etc/amavisd.conf.back
+ export FQHOSTNAME
+ if [ -n "${FQHOSTNAME}" ]; then
+ perl -e 'use strict;
+open(ACF,"/etc/amavisd.conf");
+print OUT @CONF;
+close(OUT);
+'
+ fi
+}
+
+gen_master_cf(){
+ export POSTFIX_LAPTOP
+ export POSTFIX_CHROOT
+ export POSTFIX_NULLCLIENT
+ export USE_AMAVIS
+ export POSTFIX_SMTP_AUTH_SERVER
+ export POSTFIX_SMTP_TLS_SERVER
+ export POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT
+ export POSTFIX_SMTP_TLS_CLIENT
+
+ perl -e 'use strict;
+
+my $mcf = "/etc/postfix/master.cf";
+my $line;
+
+my $laptop =
+ defined $ENV{POSTFIX_LAPTOP} ? $ENV{POSTFIX_LAPTOP} : "no";
+my $nullclient =
+ defined $ENV{POSTFIX_NULLCLIENT} ? $ENV{POSTFIX_NULLCLIENT} : "no";
+my $chroot =
+ defined $ENV{POSTFIX_CHROOT} ? $ENV{POSTFIX_CHROOT} : "yes";
+my $use_amavis =
+ defined $ENV{USE_AMAVIS} ? $ENV{USE_AMAVIS} : "no";
+my $tlsserver =
+ defined $ENV{POSTFIX_SMTP_TLS_SERVER} ? $ENV{POSTFIX_SMTP_TLS_SERVER} : "no";
+my $sslserver =
+ defined $ENV{POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT} ? $ENV{POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT} : "no";
+my $tlsclient =
+ defined $ENV{POSTFIX_SMTP_TLS_CLIENT} ? $ENV{POSTFIX_SMTP_TLS_CLIENT} : "no";
+my $authserver =
+ defined $ENV{POSTFIX_SMTP_AUTH_SERVER} ? $ENV{POSTFIX_SMTP_AUTH_SERVER} : "no";
+my $normalize = {};
+
+
+$laptop = lc($laptop);
+$chroot = lc($chroot);
+$nullclient = lc($nullclient);
+$use_amavis = lc($use_amavis);
+$tlsserver = lc($tlsserver);
+$tlsclient = lc($tlsclient);
+$authserver = lc($authserver);
+
+open(MCF,"<$mcf") || die "unable to open $mcf: $!";
+
+while( <MCF> ) {
+ chomp;
+
+ if( /^\#?\s*(smtp\s+inet.*?smtpd)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ($nullclient eq "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ if ( $use_amavis eq "yes" ) {
+ $line =~ /(\#?\s*smtp\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."-".$2;
+ } else {
+ $line =~ /(\#?\s*smtp\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."-".$2;
+ }
+ ## amavis
+ } elsif( /^\#?\s*(amavis\s+unix.*)/ ) {
+ if ($use_amavis ne "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtp_data_done_timeout=.*)/ ) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtp_send_xforward_command=.*)/ ) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+disable_dns_lookups=.*)/ ) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+max_use=.*)/ ) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ ## end amavis
+ } elsif( /^\#?\s*(local\s+unix.*)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ($nullclient eq "yes") {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ ## submission
+ } elsif( /^\#?\s*(submission\s+inet.*?smtpd)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ( $tlsserver ne "yes" ) {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ if ( $use_amavis eq "yes" ) {
+ $line =~ /(^\#?\s*submission\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."10".$2;
+ } else {
+ $line =~ /(^\#?\s*submission\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."-".$2;
+ }
+ } elsif( /^\#?\s{3}(-o\s+syslog_name=.*)/ ) {
+ if ( $tlsserver ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif( /^\#?\s{3}(-o\s+smtpd_tls_security_level=.*)/ ) {
+ if ( $tlsserver ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif( /^\#?\s{3}(-o\s+smtpd_sasl_auth_enable=.*)/ ) {
+ if ( $tlsserver ne "yes" && $authserver ne "yes") {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ ## end submission
+ ## smtps
+ } elsif( /^\#?\s*(smtps\s+inet.*?smtpd)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ( $sslserver ne "yes" ) {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ if ( $use_amavis eq "yes" ) {
+ $line =~ /(^\#?\s*smtps\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."10".$2;
+ } else {
+ $line =~ /(^\#?\s*smtps\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/;
+ $line = $1."-".$2;
+ }
+ } elsif( /^\#?\s{4}(-o\s+syslog_name=.*)/ ) {
+ if ( $sslserver ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif( /^\#?\s{4}(-o\s+smtpd_tls_wrappermode=.*)/ ) {
+ if ( $sslserver ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif( /^\#?\s{4}(-o\s+content_filter=.*)/ ) {
+ if ( $sslserver ne "yes" && $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif( /^\#?\s{4}(-o\s+smtpd_sasl_auth_enable=.*)/ ) {
+ if ( $sslserver ne "yes" && $authserver ne "yes") {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ ## end smtps
+ ## tlsmgr
+ } elsif( /^\#?\s*(tlsmgr\s+unix.*)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ( $tlsclient ne "yes" && $tlsserver ne "yes" && $sslserver ne "yes" ) {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ ## end tlsmgr
+ ## localhost_10025
+ } elsif( /^\#?\s*(localhost:10025\s+inet.*)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ( $use_amavis ne "yes" ) {
+ $line = "#".$1;
+ } else {
+ $line = $1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+content_filter=.*)/ ) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_delay_reject=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ # next should match
+ # # -o smtpd_client_restrictions=permit_mynetworks,reject
+ # and not
+ # # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=)(.*)/) {
+ if ( $2 eq "permit_mynetworks,reject") {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1.$2;
+ } else {
+ $line = " ".$1.$2;
+ }
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_helo_restrictions=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_sender_restrictions=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_recipient_restrictions=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_data_restrictions=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_end_of_data_restrictions=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_restriction_classes=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+mynetworks=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_error_sleep_time=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_soft_error_limit=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_hard_error_limit=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_client_connection_count_limit=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+smtpd_client_connection_rate_limit=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+receive_override_options=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ if( $line !~ /receive_override_options=no_unknown_recipient_checks,no_header_body_checks/ )
+ {
+ $line = " -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings";
+ }
+ }
+ } elsif ( /^\#?\s\s(-o\s+local_header_rewrite_clients=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+local_recipient_maps=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ } elsif ( /^\#?\s\s(-o\s+relay_recipient_maps=.*)/) {
+ if ( $use_amavis ne "yes" ) {
+ $line = "# ".$1;
+ } else {
+ $line = " ".$1;
+ }
+ ## end localhost_10025
+ } elsif( /^(\#?\s*(?:pickup|qmgr)\s+)(?:fifo|unix)(\s+.*)/ ) {
+ if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; }
+ if ( $laptop eq "yes" ) {
+ $line = $1."unix".$2;
+ } else {
+ $line = $1."fifo".$2;
+ }
+ } else {
+ $line = $_;
+ }
+
+ if( $line =~ /^\#/ ) {
+ print $line."\n";
+ next;
+ }
+
+ my $match = 0;
+ foreach my $serv ( ( "smtp", "pickup", "cleanup", "rewrite",
+ "bounce", "defer", "showq", "error",
+ "lmtp", "smtps", "tlsmgr", "localhost:10025" ) ) {
+ if( $line =~ /^$serv\s+/ ) {
+ $line =~ /(^$serv\s+\w+\s+[yn-]?\s+[yn-]?\s+)[yn-]?(.*)/;
+ print $1.( $chroot eq "yes" ? "y" : "n" ).$2."\n";
+ $match = 1;
+ } else {
+ next;
+ }
+ }
+ print $line."\n" if ! $match;
+}'
+
+}
+
+update_cf() {
+ while test "x$1" != "x" ; do
+ B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%CI%CM )
+ cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B"
+ cp /etc/postfix/${1} "@conf_backup_dir@/${1}"
+ eval gen_${1/\./_} > /tmp/${1}.config
+ mv /tmp/${1}.config /etc/postfix/${1};
+ shift
+ done
+}
+
+restore_cf() {
+ while test "x$1" != "x" ; do
+ warn_user "/etc/postfix/${1}: zero file size or missing, restoring
+from @conf_backup_dir@/${1}"
+ if [ ! -s @conf_backup_dir@/$1 ]; then
+ warn_user "@conf_backup_dir@/${1}: zero file size or missing, exiting..."
+ exit 1
+ fi
+ cp --remove-destination @conf_backup_dir@/$1 /etc/postfix/$1
+
+ update_cf $1
+ shift
+ done
+}
+
+gen_CA() {
+ openssl=/usr/bin/openssl
+ sslpath=$POSTFIX_SSL_PATH
+ sslconfig=$sslpath/openssl_postfix.conf
+ date="$(date)"
+
+ oldmask=$(umask)
+ umask 077
+ mkdir -p $sslpath/private
+ mkdir -p $sslpath/certs
+ mkdir -p $sslpath/newcerts
+
+ test -f $sslpath/serial || \
+ echo 01 > $sslpath/serial
+ touch $sslpath/index.txt
+ sed -e "s/@POSTFIX_SSL_COUNTRY@/$POSTFIX_SSL_COUNTRY/" \
+ -e "s/@POSTFIX_SSL_STATE@/$POSTFIX_SSL_STATE/" \
+ -e "s/@POSTFIX_SSL_LOCALITY@/$POSTFIX_SSL_LOCALITY/" \
+ -e "s/@POSTFIX_SSL_ORGANIZATION@/$POSTFIX_SSL_ORGANIZATION/" \
+ -e "s/@POSTFIX_SSL_ORGANIZATIONAL_UNIT@/$POSTFIX_SSL_ORGANIZATIONAL_UNIT/" \
+ -e "s/@POSTFIX_SSL_COMMON_NAME@/$POSTFIX_SSL_COMMON_NAME/" \
+ -e "s/@POSTFIX_SSL_EMAIL_ADDRESS@/$POSTFIX_SSL_EMAIL_ADDRESS/" \
+ -e "s/@RANDOM@/${RANDOM}${RANDOM}/" \
+ -e "s/@COMMENT@/generated by onfig.postfix at $date/" \
+ /etc/postfix/openssl_postfix.conf.in > $sslconfig
+
+ echo "creating CA request/certificate..."
+ $openssl req -days 2000 -config $sslconfig -new -x509 -nodes \
+ -keyout $sslpath/private/cakey.pem -out $sslpath/$POSTFIX_TLS_CAFILE 2>/dev/null || {
+ echo "error creating CA request/certificate"
+ rm -rf $sslpath
+ umask $oldmask
+ return
+ }
+
+ echo "creating certificate request..."
+ $openssl req -config $sslconfig -new -nodes -keyout \
+ $sslpath/$POSTFIX_TLS_KEYFILE -out $sslpath/certs/postfixreq.pem 2>/dev/null || {
+ echo "error creating certificate request"
+ rm -rf $sslpath
+ umask $oldmask
+ return
+ }
+
+ echo "signing server certificate..."
+ $openssl ca -config $sslconfig -notext -batch \
+ -out $sslpath/$POSTFIX_TLS_CERTFILE \
+ -infiles $sslpath/certs/postfixreq.pem 2>/dev/null || {
+ echo "error signing server certificate"
+ rm -rf $sslpath
+ umask $oldmask
+ return
+ }
+
+ chmod 755 $sslpath
+ chmod 755 $sslpath/certs
+ chmod 644 $sslpath/cacert.pem
+ umask $oldmask
+}
+
+###############################################################################
+#################################### MAIN #####################################
+###############################################################################
+
+r=$ROOT
+
+echo "Reading $r/etc/sysconfig and updating the system..."
+
+test -s $r/etc/sysconfig/postfix || {
+ echo "No $r/etc/sysconfig/postfix found."
+ exit 1
+}
+. $r/etc/sysconfig/postfix
+
+# this file contains generic mail setup information
+test -s $r/etc/sysconfig/mail || {
+ echo "No $r/etc/sysconfig/mail found."
+ exit 1
+}
+. $r/etc/sysconfig/mail
+
+# We may need TIMEZONE for chroot setup
+test -s $r/etc/sysconfig/clock && . $r/etc/sysconfig/clock
+
+# Do not try to get a valid hostname as per boo#934060
+if [ -z "$POSTFIX_MYHOSTNAME" ]; then
+ FQHOSTNAME=
+else
+ FQHOSTNAME=$POSTFIX_MYHOSTNAME
+fi
+
+# check whether we want to use amavis
+if [ -x /usr/sbin/amavisd ]; then
+ test -s $r/etc/sysconfig/amavis && . $r/etc/sysconfig/amavis
+ if [ "$USE_AMAVIS" = "yes" ]; then
+ gen_amavisd_cf
+ chkconfig amavis on
+ fi
+fi
+
+# call mkchroot. The conditions what to do take place in this function.
+mkchroot
+
+# restore main.cf and master.cf, if they had been removed by accident
+test -z "$r" && {
+ if [ ! -s /etc/postfix/main.cf ]; then
+ restore_cf main.cf
+ fi
+
+ if [ ! -s /etc/postfix/master.cf ]; then
+ restore_cf master.cf
+ fi
+}
+
+if test "$MAIL_CREATE_CONFIG" = "yes"; then
+ test -z "$r" && update_cf master.cf main.cf
+fi
+
+PFVERSION=$(/usr/sbin/postconf -h mail_version)
+test -z "$PFVERSION" && {
+ echo "ERROR - unable to determine the version of postfix, you are running"
+ echo "This should not happen. Exit..."
+ exit 1
+}
+PFMAJOR=${PFVERSION:0:1}
+
+if test -z "$r" && test "$POSTFIX_SMTP_TLS_SERVER" == yes ; then
+ test -d $POSTFIX_SSL_PATH || gen_CA
+fi
+
+if test -z "$r" && test "$POSTFIX_UPDATE_MAPS" == yes ; then
+ test -e /etc/aliases && \
+ if test /etc/aliases -nt /etc/aliases.db \
+ -o ! -e /etc/aliases.db ; then
+ echo "Rebuilding /etc/aliases.db."
+ /usr/bin/newaliases
+ fi
+ update_db $POSTFIX_MAP_LIST
+
+ for i in $(get_alias_maps); do
+ if test $i -nt $i.db -o ! -e $i.db; then
+ echo "Rebuilding $i.db"
+ /usr/sbin/postalias $i
+ fi
+ done
+
+ /usr/sbin/postfix reload > /dev/null 2>&1
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix new/postfix-SuSE/sysconfig.postfix
--- old/postfix-SuSE/sysconfig.postfix 2014-02-12 16:00:37.000000000 +0100
+++ new/postfix-SuSE/sysconfig.postfix 2016-05-24 06:29:07.000000000 +0200
@@ -382,7 +382,7 @@
#
POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no"
-## Type: yesno
+## Type: list(no,yes,must)
## Default: no
## Config: postfix
#
++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200
+++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200
@@ -1,8 +1,6 @@
-Index: conf/main.cf
-===================================================================
---- conf/main.cf.orig
-+++ conf/main.cf
-@@ -548,6 +548,7 @@ unknown_local_recipient_reject_code = 55
+--- conf/main.cf.orig 2015-04-01 10:56:39.000000000 +0000
++++ conf/main.cf 2016-03-16 09:28:51.968093319 +0000
+@@ -567,6 +567,7 @@
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
@@ -10,7 +8,7 @@
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
-@@ -654,4 +655,120 @@ sample_directory =
+@@ -673,4 +674,120 @@
# readme_directory: The location of the Postfix README files.
#
readme_directory =
++++++ postfix-master.cf.patch ++++++
--- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200
+++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200
@@ -1,9 +1,7 @@
-Index: conf/master.cf
-===================================================================
---- conf/master.cf.orig
-+++ conf/master.cf
-@@ -10,32 +10,38 @@
- # (yes) (yes) (yes) (never) (100)
+--- conf/master.cf.orig 2016-03-16 09:28:26.256321206 +0100
++++ conf/master.cf 2016-03-16 09:35:02.748681617 +0100
+@@ -10,6 +10,11 @@
+ # (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
+#amavis unix - - n - 4 smtp
@@ -14,57 +12,18 @@
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
- #tlsproxy unix - - n - 0 tlsproxy
- #submission inet n - n - - smtpd
--# -o syslog_name=postfix/submission
--# -o smtpd_tls_security_level=encrypt
--# -o smtpd_sasl_auth_enable=yes
--# -o smtpd_reject_unlisted_recipient=no
--# -o smtpd_client_restrictions=$mua_client_restrictions
--# -o smtpd_helo_restrictions=$mua_helo_restrictions
--# -o smtpd_sender_restrictions=$mua_sender_restrictions
--# -o smtpd_recipient_restrictions=
--# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--# -o milter_macro_daemon_name=ORIGINATING
-+# -o syslog_name=postfix/submission
-+# -o smtpd_tls_security_level=encrypt
-+# -o smtpd_sasl_auth_enable=yes
-+# -o smtpd_reject_unlisted_recipient=no
-+# -o smtpd_client_restrictions=$mua_client_restrictions
-+# -o smtpd_helo_restrictions=$mua_helo_restrictions
-+# -o smtpd_sender_restrictions=$mua_sender_restrictions
-+# -o smtpd_recipient_restrictions=
-+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+# -o milter_macro_daemon_name=ORIGINATING
+@@ -28,6 +33,7 @@
#smtps inet n - n - - smtpd
--# -o syslog_name=postfix/smtps
--# -o smtpd_tls_wrappermode=yes
--# -o smtpd_sasl_auth_enable=yes
--# -o smtpd_reject_unlisted_recipient=no
--# -o smtpd_client_restrictions=$mua_client_restrictions
--# -o smtpd_helo_restrictions=$mua_helo_restrictions
--# -o smtpd_sender_restrictions=$mua_sender_restrictions
--# -o smtpd_recipient_restrictions=
--# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--# -o milter_macro_daemon_name=ORIGINATING
-+# -o syslog_name=postfix/smtps
-+# -o smtpd_tls_wrappermode=yes
-+# -o content_filter=smtp:[127.0.0.1]:10024
-+# -o smtpd_sasl_auth_enable=yes
-+# -o smtpd_reject_unlisted_recipient=no
-+# -o smtpd_client_restrictions=$mua_client_restrictions
-+# -o smtpd_helo_restrictions=$mua_helo_restrictions
-+# -o smtpd_sender_restrictions=$mua_sender_restrictions
-+# -o smtpd_recipient_restrictions=
-+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+# -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - n - - qmqpd
- pickup unix n - n 60 1 pickup
- cleanup unix n - n - 0 cleanup
-@@ -61,6 +67,26 @@ local unix - n n
- virtual unix - n n - - virtual
+ # -o syslog_name=postfix/smtps
+ # -o smtpd_tls_wrappermode=yes
++# -o content_filter=smtp:[127.0.0.1]:10024
+ # -o smtpd_sasl_auth_enable=yes
+ # -o smtpd_reject_unlisted_recipient=no
+ # -o smtpd_client_restrictions=$mua_client_restrictions
+@@ -62,6 +68,27 @@
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
+ scache unix - - n - 1 scache
+#localhost:10025 inet n - n - - smtpd
+# -o content_filter=
+# -o smtpd_delay_reject=no
@@ -85,10 +44,11 @@
+# -o local_header_rewrite_clients=
+# -o local_recipient_maps=
+# -o relay_recipient_maps=
- scache unix - - n - 1 scache
++
#
# ====================================================================
-@@ -95,7 +121,7 @@ scache unix - - n
+ # Interfaces to non-Postfix software. Be sure to examine the manual
+@@ -95,7 +122,7 @@
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
@@ -97,7 +57,7 @@
#
# ====================================================================
#
-@@ -128,3 +154,10 @@ scache unix - - n
+@@ -128,3 +155,10 @@
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
++++++ postfix-post-install.patch ++++++
--- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200
+++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200
@@ -1,13 +0,0 @@
-Index: conf/post-install
-===================================================================
---- conf/post-install.orig
-+++ conf/post-install
-@@ -708,7 +708,7 @@ EOF
- # Postfix 2.2.
- # Add missing tlsmgr service to master.cf.
-
-- grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
-+ grep '^#*tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
- echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
- cat >>$config_directory/master.cf < postfix-vda-v13-3.10.0.patch ++++++
--- /work/SRC/openSUSE:Factory/postfix/postfix-vda-v13-2.10.0.patch 2014-06-26 08:00:36.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix-vda-v13-3.10.0.patch 2016-06-02 12:38:47.000000000 +0200
@@ -1281,12 +1281,24 @@
+
return (deliver_status);
}
-diff -uNr postfix-2.10.0.orig/src/virtual/virtual.c postfix-2.10.0/src/virtual/virtual.c
---- postfix-2.10.0.orig/src/virtual/virtual.c 2011-02-19 01:46:06.000000000 +0100
-+++ postfix-2.10.0/src/virtual/virtual.c 2013-06-07 13:21:22.840143270 +0200
-@@ -335,12 +335,30 @@
- char *var_mail_spool_dir; /* XXX dependency fix */
+diff -uNr postfix-2.10.0.orig/src/virtual/virtual.h postfix-2.10.0/src/virtual/virtual.h
+--- postfix-2.10.0.orig/src/virtual/virtual.h 2006-01-08 00:59:47.000000000 +0100
++++ postfix-2.10.0/src/virtual/virtual.h 2013-06-07 13:21:22.841143270 +0200
+@@ -34,6 +34,9 @@
+ extern MAPS *virtual_mailbox_maps;
+ extern MAPS *virtual_uid_maps;
+ extern MAPS *virtual_gid_maps;
++extern MAPS *virtual_mailbox_limit_maps;
++extern MAPS *virtual_maildir_limit_message_maps;
++extern MAPS *virtual_maildir_filter_maps;
+
+ /*
+ * User attributes: these control the privileges for delivery to external
+--- postfix-3.1.0/src/virtual/virtual.c.orig 2016-03-16 09:58:37.790856521 +0100
++++ postfix-3.1.0/src/virtual/virtual.c 2016-03-16 10:04:44.267207460 +0100
+@@ -347,12 +347,28 @@
bool var_strict_mbox_owner;
+ char *var_virt_dsn_filter;
+char *var_virt_mailbox_limit_maps;
+bool var_virt_mailbox_limit_inbox;
@@ -1301,7 +1313,6 @@
+bool var_virt_maildir_filter;
+char *var_virt_maildir_filter_maps;
+
-+
/*
* Mappings.
*/
@@ -1311,46 +1322,33 @@
+MAPS *virtual_mailbox_limit_maps;
+MAPS *virtual_maildir_limit_message_maps;
+MAPS *virtual_maildir_filter_maps;
-+
/*
* Bit masks.
-@@ -450,15 +468,28 @@
- */
- virtual_mailbox_maps =
- maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps,
-- DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
-+ DICT_FLAG_LOCK);
+@@ -475,6 +491,19 @@
+ DICT_FLAG_LOCK | DICT_FLAG_PARANOID
+ | DICT_FLAG_UTF8_REQUEST);
- virtual_uid_maps =
- maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps,
-- DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
-+ DICT_FLAG_LOCK);
-
- virtual_gid_maps =
- maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps,
-- DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
-+ DICT_FLAG_LOCK);
-+
+ virtual_mailbox_limit_maps =
+ maps_create(VAR_VIRT_MAILBOX_LIMIT_MAPS, var_virt_mailbox_limit_maps,
-+ DICT_FLAG_LOCK);
++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST );
+
+ virtual_maildir_limit_message_maps =
+ maps_create(VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, var_virt_maildir_limit_message_maps,
-+ DICT_FLAG_LOCK);
++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST );
+
+ virtual_maildir_filter_maps =
+ maps_create(VAR_VIRT_MAILDIR_FILTER_MAPS, var_virt_maildir_filter_maps,
-+ DICT_FLAG_LOCK);
++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST );
++
+
-
virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock);
}
-@@ -510,10 +541,22 @@
- VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0,
+
+@@ -526,6 +555,12 @@
VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0,
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
+ VAR_VIRT_DSN_FILTER, DEF_VIRT_DSN_FILTER, &var_virt_dsn_filter, 0, 0,
+ VAR_VIRT_MAILBOX_LIMIT_MAPS, DEF_VIRT_MAILBOX_LIMIT_MAPS, &var_virt_mailbox_limit_maps, 0, 0,
+ VAR_VIRT_MAILDIR_LIMIT_MESSAGE, DEF_VIRT_MAILDIR_LIMIT_MESSAGE, &var_virt_maildir_limit_message, 1, 0,
+ VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, DEF_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, &var_virt_maildir_limit_message_maps, 0, 0,
@@ -1360,34 +1358,3 @@
0,
};
static const CONFIG_BOOL_TABLE bool_table[] = {
- VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
-+ VAR_VIRT_MAILBOX_LIMIT_INBOX, DEF_VIRT_MAILBOX_LIMIT_INBOX, &var_virt_mailbox_limit_inbox,
-+ VAR_VIRT_MAILBOX_LIMIT_OVERRIDE, DEF_VIRT_MAILBOX_LIMIT_OVERRIDE, &var_virt_mailbox_limit_override,
-+ VAR_VIRT_MAILDIR_EXTENDED, DEF_VIRT_MAILDIR_EXTENDED, &var_virt_maildir_extended,
-+ VAR_VIRT_OVERQUOTA_BOUNCE, DEF_VIRT_OVERQUOTA_BOUNCE, &var_virt_overquota_bounce,
-+ VAR_VIRT_TRASH_COUNT, DEF_VIRT_TRASH_COUNT, &var_virt_trash_count,
-+ VAR_VIRT_MAILDIR_FILTER, DEF_VIRT_MAILDIR_FILTER, &var_virt_maildir_filter,
- 0,
- };
-
-@@ -530,6 +573,7 @@
- MAIL_SERVER_PRE_INIT, pre_init,
- MAIL_SERVER_POST_INIT, post_init,
- MAIL_SERVER_PRE_ACCEPT, pre_accept,
-+ MAIL_SERVER_BOOL_TABLE, bool_table,
- MAIL_SERVER_PRIVILEGED,
- 0);
- }
-diff -uNr postfix-2.10.0.orig/src/virtual/virtual.h postfix-2.10.0/src/virtual/virtual.h
---- postfix-2.10.0.orig/src/virtual/virtual.h 2006-01-08 00:59:47.000000000 +0100
-+++ postfix-2.10.0/src/virtual/virtual.h 2013-06-07 13:21:22.841143270 +0200
-@@ -34,6 +34,9 @@
- extern MAPS *virtual_mailbox_maps;
- extern MAPS *virtual_uid_maps;
- extern MAPS *virtual_gid_maps;
-+extern MAPS *virtual_mailbox_limit_maps;
-+extern MAPS *virtual_maildir_limit_message_maps;
-+extern MAPS *virtual_maildir_filter_maps;
-
- /*
- * User attributes: these control the privileges for delivery to external