Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2017-04-17 10:24:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Mon Apr 17 10:24:27 2017 rev:141 rq:487812 version:3.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2017-04-07
14:17:39.025177429 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2017-04-17
10:24:28.785776739 +0200
@@ -1,0 +2,23 @@
+Thu Apr 13 09:18:45 UTC 2017 - wer...@suse.de
+
+- Some cleanups
+ * Fix SUSE postfix-files to avoid chown errors (anyway this file
+ seems to be obsolete)
+ * Avoid installing shared libraries twice
+ * Refresh patch postfix-linux45.patch
+
+-------------------------------------------------------------------
+Sat Apr 8 15:06:14 UTC 2017 - ch...@computersalat.de
+
+- update postfix-master.cf.patch
+ * recover lost (with 3.2.0 update) submission, smtps sections
+ * merge with upstream update
+- update config.postfix
+ * update master.cf generation for submission
+- rebase patches against 3.2.0
+ * pointer_to_literals.patch
+ * postfix-no-md5.patch
+ * postfix-ssl-release-buffers.patch
+ * postfix-vda-v14-3.0.3.patch
+
+-------------------------------------------------------------------
@@ -160 +183 @@
- postfix-linux45.patch postfix-post-install.patch
+ postfix-post-install.patch
@@ -166,0 +190,2 @@
+- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64)
+ (bsc#940289)
New:
----
postfix-linux45.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:29.905618148 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:29.913617015 +0200
@@ -76,12 +76,14 @@
Patch3: ipv6_disabled.patch
Patch4: %{name}-main.cf.patch
Patch5: %{name}-master.cf.patch
+Patch6: %{name}-linux45.patch
Patch7: %{name}-ssl-release-buffers.patch
Patch8: %{name}-vda-v14-3.0.3.patch
BuildRequires: ca-certificates
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
+BuildRequires: diffutils
BuildRequires: libopenssl-devel
%if %{with lmdb}
BuildRequires: lmdb-devel
@@ -188,6 +190,7 @@
%patch3
%patch4
%patch5
+%patch6
%patch7
%patch8
@@ -385,6 +388,14 @@
%fdupes %{buildroot}%{pf_docdir}
%fdupes %{buildroot}%{_mandir}
%endif
+for path in %{buildroot}%{_libexecdir}/%{name}/libpostfix-*.so
+do
+ test -e "$path" || continue
+ name=${path##*/}
+ cmp "$path" %{buildroot}%{_libdir}/$name || continue
+ rm -vf $path
+ ln -sf %{_libdir}/$name $path
+done
# ---------------------------------------------------------------------------
install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/
++++++ pointer_to_literals.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:29.945612483 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:29.949611917 +0200
@@ -28,7 +28,7 @@
===================================================================
--- src/smtpd/smtpd_check.c.orig
+++ src/smtpd/smtpd_check.c
-@@ -368,6 +368,10 @@ static STRING_LIST *smtpd_acl_perm_log;
+@@ -379,6 +379,10 @@ static STRING_LIST *smtpd_acl_perm_log;
#define CONST_STR(x) ((const char *) vstring_str(x))
#define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); }
@@ -39,7 +39,7 @@
/*
* If some decision can't be made due to a temporary error, then change
* other decisions into deferrals.
-@@ -2297,8 +2301,6 @@ static int check_table_result(SMTPD_STAT
+@@ -2335,8 +2339,6 @@ static int check_table_result(SMTPD_STAT
if (msg_verbose)
msg_info("%s: %s %s %s", myname, table, value, datum);
@@ -48,7 +48,7 @@
/*
* DUNNO means skip this table. Silently ignore optional text.
*/
-@@ -3374,8 +3376,6 @@ static const char *rbl_expand_lookup(con
+@@ -3368,8 +3370,6 @@ static const char *rbl_expand_lookup(con
SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context;
SMTPD_STATE *state = rbl_exp->state;
++++++ postfix-SuSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SuSE/config.postfix
new/postfix-SuSE/config.postfix
--- old/postfix-SuSE/config.postfix 2017-01-21 23:16:39.016674120 +0100
+++ new/postfix-SuSE/config.postfix 2017-04-08 03:36:06.827649977 +0200
@@ -979,6 +979,12 @@
} else {
$line = "# ".$1;
}
+ } elsif( /^\#?\s{3}(-o\s+smtpd_tls_auth_only=.*)/ ) {
+ if ( $tlsserver eq "yes" && $authserver eq "yes") {
+ $line = " ".$1;
+ } else {
+ $line = "# ".$1;
+ }
} elsif( /^\#?\s{3}(-o\s+smtpd_relay_restrictions=.*)/ ) {
if ( $tlsserver ne "yes" ) {
$line = "# ".$1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SuSE/postfix-files
new/postfix-SuSE/postfix-files
--- old/postfix-SuSE/postfix-files 2011-05-11 10:23:17.000000000 +0200
+++ new/postfix-SuSE/postfix-files 2017-04-13 10:54:49.517011728 +0200
@@ -62,9 +62,8 @@
$queue_directory/trace:d:$mail_owner:-:700:ucr
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
-$daemon_directory/dict_ldap.so:f:root:-:755
-$daemon_directory/dict_pcre.so:f:root:-:755
-$daemon_directory/dict_tcp.so:f:root:-:755
+$daemon_directory/postfix-ldap.so:f:root:-:755
+$daemon_directory/postfix-pcre.so:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
@@ -72,8 +71,8 @@
$daemon_directory/flush:f:root:-:755
#$daemon_directory/lmtp:f:root:-:755
$daemon_directory/local:f:root:-:755
-$daemon_directory/main.cf:f:root:-:644
-$daemon_directory/master.cf:f:root:-:644
+$daemon_directory/main.cf.proto:f:root:-:644
+$daemon_directory/master.cf.proto:f:root:-:644
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix
new/postfix-SuSE/sysconfig.postfix
--- old/postfix-SuSE/sysconfig.postfix 2017-01-22 00:07:25.345079441 +0100
+++ new/postfix-SuSE/sysconfig.postfix 2017-01-26 18:31:57.871280147 +0100
@@ -226,42 +226,46 @@
POSTFIX_BASIC_SPAM_PREVENTION="off"
## Type: string
-## Default: "reject_unauth_pipelining, reject_unknown_client,
$POSTFIX_RBL_HOSTS"
+## Default: ""
## Config: postfix
#
# Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION
#
# A comma or space separated list of restrictions
-# Note: "if set to "medium" default is "$POSTFIX_RBL_HOSTS"
+# Note: if set to ...
+# medium: "$POSTFIX_RBL_HOSTS"
+# hard" : "permit_mynetworks, $POSTFIX_RBL_HOSTS,
reject_unknown_client_hostname"
#
# "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not
need to define it here.
# Fill "POSTFIX_RBL_HOSTS" instead
#
# Example:
-# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="reject_unauth_pipelining,
+# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="permit_mynetworks,
# check_client_access hash:/etc/postfix/pop-before-smtp,
# check_client_access hash:/etc/postfix/relay,
# check_client_access hash:/etc/postfix/access,
-# reject_unknown_client"
+# reject_unknown_client_hostname"
#
POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
## Type: string
-## Default: "reject_unauth_pipelining, reject_unknown_client"
+## Default: ""
## Config: postfix
#
# Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION
#
# A comma or space separated list of restrictions
-# Note: "if set to "medium" default is ""
+# Note: if set to ...
+# medium: ""
+# hard : "permit_mynetworks, reject_invalid_helo_hostname"
#
# Example:
-# POSTFIX_SMTPD_HELO_RESTRICTIONS="reject_unauth_pipelining,
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks,
# check_client_access hash:/etc/postfix/pop-before-smtp,
# check_client_access hash:/etc/postfix/relay,
# check_client_access hash:/etc/postfix/access,
# check_helo_access hash:/etc/postfix/helo_access,
-# reject_unknown_client"
+# reject_invalid_helo_hostname"
#
POSTFIX_SMTPD_HELO_RESTRICTIONS=""
@@ -272,14 +276,17 @@
# Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION
#
# A comma or space separated list of restrictions
-# Note: "if set to "medium" default is "hash:/etc/postfix/access,
reject_unknown_sender_domain"
+# Note: if set to ...
+# medium: "hash:/etc/postfix/access, reject_unknown_sender_domain"
+# hard : "hash:/etc/postfix/access, reject_unknown_sender_domain"
#
# Example:
-# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining,
+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="
# check_client_access hash:/etc/postfix/pop-before-smtp,
# check_client_access hash:/etc/postfix/relay,
# check_client_access hash:/etc/postfix/access,
-# reject_unknown_client"
+# reject_unknown_sender_domain,
+# reject_unknown_client_hostname"
#
POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
@@ -290,21 +297,21 @@
# Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this
RESTRICTION
#
# A comma or space separated list of restrictions
-# Note: "if set to "medium" default is "permit_mynetworks,
reject_unauth_destination"
-# Note: "if set to "custom" just like medium
+# Note: if set to
+# medium: "permit_mynetworks, reject_unauth_destination"
+# hard : "permit_mynetworks, reject_unauth_destination"
#
# Example:
-# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="reject_unauth_pipelining,
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks,
# check_client_access hash:/etc/postfix/pop-before-smtp,
# check_client_access hash:/etc/postfix/relay,
# check_client_access hash:/etc/postfix/access,
-# permit_mynetworks,
# warn_if_reject,
# reject_unknown_sender_domain,
# warn_if_reject,
# reject_unknown_recipient_domain,
-# reject_unknown_hostname,
-# reject_unknown_client,
+# reject_unknown_helo_hostname,
+# reject_unknown_client_hostname,
# reject_non_fqdn_sender,
# reject_non_fqdn_recipient,
# reject_non_fqdn_hostname,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix.20170122
new/postfix-SuSE/sysconfig.postfix.20170122
--- old/postfix-SuSE/sysconfig.postfix.20170122 1970-01-01 01:00:00.000000000
+0100
+++ new/postfix-SuSE/sysconfig.postfix.20170122 2017-01-22 00:07:25.345079441
+0100
@@ -0,0 +1,515 @@
+## Path: Network/Mail/Postfix
+## Description: Basic configuration of the postfix MTA
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Should we use a mailrelay?
+# NOTE: ALL mail that is not considered to be my destination
+# (POSTFIX_LOCALDOMAINS), will be sent to this host.
+# If this host is not your MX, then you have to use [square brackets]
+# around the hostname, e.g. [relay.example.com]
+# You may also specify an alternate port number, e.g.
+# relay.example.com:26 or [relay.example.com]:26 to prevent MX lookups.
+#
+POSTFIX_RELAYHOST=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of IP's
+# NOTE: If not set, LISTEN on all interfaces
+#
+POSTFIX_LISTEN=""
+
+## Type: string
+## Default: "all"
+## Config: postfix
+#
+# One Argument for proto to listen to
+# Example: POSTFIX_INET_PROTO="ipv4"
+# NOTE: If not set, LISTEN on all proto
+#
+POSTFIX_INET_PROTO=""
+
+## Type: string
+## Default: "$(hostname -f)"
+## Config: postfix
+#
+# define HOSTNAME you want postfix to show
+# NOTE: If set, You should have a "MX Record" in DNS for that name
+# and have a valid reverse entry ;)
+#
+POSTFIX_MYHOSTNAME=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of domains that must have their subdomain
+# structure stripped off.
+# NOTE: If set, FROM_HEADER will also be appended to this list
+#
+POSTFIX_MASQUERADE_DOMAIN=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# Comma separated list of host-/domainnames for which postfix
+# should accept mail for.
+# localhost and the own hostname is the default if POSTFIX_LOCALDOMAINS
+# is set empty.
+# Examples:
+# POSTFIX_LOCALDOMAINS="\$myhostname, \$mydomain, localhost.\$mydomain"
+# if you want to use postfix internal variable substitutes or
+# POSTFIX_LOCALDOMAINS="example.com, host.example.com, localhost.example.com"
+#
+POSTFIX_LOCALDOMAINS=""
+
+## Type: yesno
+## Default: no
+## Config: postfix
+## ServiceRestart: postfix
+#
+# A null client is a machine that can only send mail. It receives no
+# mail from the network, and it does not deliver any mail locally.
+# A null client typically uses POP or NFS for mailbox access.
+# NOTE: This overrides the following variable: POSTFIX_LOCALDOMAINS
+#
+POSTFIX_NULLCLIENT="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# if set to yes, mail that will be delivered via smtp will stay
+# in the queue unless someone issues "sendmail -q" or equivalent.
+#
+POSTFIX_DIALUP="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Some people use Postfix to deliver mail across a LAN that is disconnected
+# most of the time. Under such conditions, mail delivery can suffer from
+# delays while the Postfix SMTP client performs sender and recipient
+# domain DNS lookups in order to be standards-compliant. To prevent these
+# delays, set this to yes.
+#
+POSTFIX_NODNS="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Start postfix services chrooted, that are able to run chrooted?
+# Note: if you want /usr/sbin/config.postfix to maintain the chroot jail, you
+# also have to set POSTFIX_UPDATE_CHROOT_JAIL to yes.
+# Note: if you want postfix runs in CHROOT enviroment, then the whole
+# /var directory must be on one partition.
+#
+POSTFIX_CHROOT="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should setup the chroot jail
itself
+#
+POSTFIX_UPDATE_CHROOT_JAIL="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate ldap stuff in
main.cf
+# This extends virtual_alias_maps with "ldap:/etc/postfix/ldap_aliases.cf"
+#
+POSTFIX_WITH_LDAP="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Set this to yes, if /usr/sbin/config.postfix should activate mysql stuff in
main.cf
+# and having 'mysql.sock' inside chroot jail
+# Note: When POSTFIX_CHROOT="yes" then 'mysql.sock' will be available
+# in postfix CHROOT
+#
+POSTFIX_WITH_MYSQL="no"
+
+## Type: string(socket,tcp)
+## Default: "socket"
+## Config: postfix
+#
+# Set this to "tcp", if your MySQL is not on localhost
+# Note: When POSTFIX_CHROOT="yes" then MYSQL_SOCKET will also be available
+# in postfix chroot, but you can use "tcp" just as well with MySQL
+# on localhost
+#
+POSTFIX_MYSQL_CONN="socket"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Some of the postfix services require a fifo to operate correctly at least
+# when the system load is high. Recurring fifo access will prevent the
+# disk to fall asleep, so you might want to use a unix domain socket
+# instead, if you are using a laptop.
+#
+POSTFIX_LAPTOP="no"
+
+## Type: yesno
+## Default: yes
+## Config: postfix
+#
+# Should /usr/sbin/config.postfix update the different .db maps in
/etc/postfix?
+#
+POSTFIX_UPDATE_MAPS="yes"
+
+## Type: string
+## Default: "virtual transport access canonical sender_canonical relocated
sasl_passwd:600 relay_ccerts"
+## Config: postfix
+#
+# The list of maps, which should be maintained, if
+# POSTFIX_UPDATE_MAPS=yes. POSTFIX_MAP_LIST must be a space seperated list of
+# file names without an absolute path. They are all to be exptected
+# within the directory /etc/postfix. Optionally a file mode can be appended
+# using a colon as separator
+#
+POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical
relocated sasl_passwd:600 relay_ccerts helo_access relay"
+
+## Type: string
+## Default: hash:/etc/postfix/transport
+#
+# The list of transport_maps postfix should look for
+#
+POSTFIX_TRANSPORT_MAPS=""
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# A comma seperated list of hosts that blacklist client IP addresses
+# Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set
+# to either "medium" or "hard" or "custom". If left empty, no RBL checks will
take place.
+#
+# Example: POSTFIX_RBL_HOSTS="bl.spamcop.net, cbl.abuseat.org,
zen.spamhaus.org"
+#
+POSTFIX_RBL_HOSTS=""
+
+## Type: string(off,medium,hard)
+## Default: off
+## Config: postfix
+#
+# POSTFIX_BASIC_SPAM_PREVENTION possible values:
+# off : postfix default configuration
+# medium : medium UCE policy checks
+# hard : hard UCE policy checks
+# custom : you can define your own stuff
+
+# Note: when setting to "custom" and no settings in
+# "POSTFIX_SMTPD_CLIENT_RESTRICTIONS"
+# "POSTFIX_HELO_RESTRICTIONS"
+# "POSTFIX_SENDER_RESTRICTIONS"
+# "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" result is like setting to "medium"
+#
+# Setting this to medium or hard will activate some basic UCE controls
+# supported by postfix. This may lead to mails which are undeliverable
+# to your mailserver! USE THAT ON YOUR OWN RISC!!!
+# See http://www.postfix.org/uce.html for more details !
+#
+POSTFIX_BASIC_SPAM_PREVENTION="off"
+
+## Type: string
+## Default: "reject_unauth_pipelining, reject_unknown_client,
$POSTFIX_RBL_HOSTS"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: "if set to "medium" default is "$POSTFIX_RBL_HOSTS"
+#
+# "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not
need to define it here.
+# Fill "POSTFIX_RBL_HOSTS" instead
+#
+# Example:
+# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="reject_unauth_pipelining,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# reject_unknown_client"
+#
+POSTFIX_SMTPD_CLIENT_RESTRICTIONS=""
+
+## Type: string
+## Default: "reject_unauth_pipelining, reject_unknown_client"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: "if set to "medium" default is ""
+#
+# Example:
+# POSTFIX_SMTPD_HELO_RESTRICTIONS="reject_unauth_pipelining,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# check_helo_access hash:/etc/postfix/helo_access,
+# reject_unknown_client"
+#
+POSTFIX_SMTPD_HELO_RESTRICTIONS=""
+
+## Type: string
+## Default: "hash:/etc/postfix/access, reject_unknown_sender_domain"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: "if set to "medium" default is "hash:/etc/postfix/access,
reject_unknown_sender_domain"
+#
+# Example:
+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# reject_unknown_client"
+#
+POSTFIX_SMTPD_SENDER_RESTRICTIONS=""
+
+## Type: string
+## Default: "permit_mynetworks, reject_unauth_destination"
+## Config: postfix
+#
+# Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this
RESTRICTION
+#
+# A comma or space separated list of restrictions
+# Note: "if set to "medium" default is "permit_mynetworks,
reject_unauth_destination"
+# Note: "if set to "custom" just like medium
+#
+# Example:
+# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="reject_unauth_pipelining,
+# check_client_access hash:/etc/postfix/pop-before-smtp,
+# check_client_access hash:/etc/postfix/relay,
+# check_client_access hash:/etc/postfix/access,
+# permit_mynetworks,
+# warn_if_reject,
+# reject_unknown_sender_domain,
+# warn_if_reject,
+# reject_unknown_recipient_domain,
+# reject_unknown_hostname,
+# reject_unknown_client,
+# reject_non_fqdn_sender,
+# reject_non_fqdn_recipient,
+# reject_non_fqdn_hostname,
+# reject_unauth_destination"
+#
+POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS=""
+
+## Type: list(procmail,cyrus,dovecot,local)
+## Default: local
+## Config: postfix
+#
+# POSTFIX_MDA possible values:
+# procmail: use procmail to deliver mail locally
+# cyrus : use lmtp to deliver to cyrus-imapd
+# dovecot : use dovecot to deliver mail to dovecot
+# local : use postfix local MDA
+#
+POSTFIX_MDA="local"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Configure postfix to enable users to auth against postfix
+# to be able to relay mail independent of being within
+# the local network/domain.
+# You may want to edit /etc/sasl2/smtpd.conf to fit your needs.
+# See /usr/share/doc/packages/postfix/README_FILES/SASL_README
+# for more details.
+#
+POSTFIX_SMTP_AUTH_SERVER="no"
+
+## Type: string(cyrus,dovecot)
+## Default: "cyrus"
+## Config: postfix
+#
+# Configure postfix which SASL service to use
+# cyrus : smtpd_sasl_type = cyrus, smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth
+#
+POSTFIX_SMTP_AUTH_SERVICE="cyrus"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Enable SMTP-AUTH for the postfix smtp client
+# you have to edit /etc/postfix/sasl_passwd and call
+# /usr/sbin/config.postfix afterwards
+#
+POSTFIX_SMTP_AUTH="no"
+
+## Type: string
+## Default: ""
+## Config: postfix
+#
+# POSTFIX_SMTP_AUTH_OPTIONS possible values:
+# comma separated list of one or more of
+#
+# noplaintext: disallow methods that use plaintext passwords
+# noactive: disallow methods subject to active (non-dictionary) attack
+# nodictionary: disallow methods subject to passive (dictionary) attack
+# noanonymous: disallow methods that allow anonymous authentication
+#
+POSTFIX_SMTP_AUTH_OPTIONS=""
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Do you want to use STARTTLS
+#
+POSTFIX_SMTP_TLS_SERVER="no"
+
+## Type: yesno
+## Default: no
+## Config: postfix
+#
+# Do you want to use SMTP over SSL.
+# assigns port 465 to smtps in /etc/services
+# CAUTION: the IANA has assigned a different protocol to port 465
+# Usage of port 465 for smtps was not officially encouraged
+# If you enable this you need to make sure that it does not collide
+# with protocol urd
+#
+POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no"
+
+## Type: list(no,yes,must)
+## Default: no
+## Config: postfix
+#
+# Do you want to enable postfix smtp client to use TLS
+#
+POSTFIX_SMTP_TLS_CLIENT="no"
+
+## Type: string
+## Default: "/etc/postfix/ssl"
+## Config: postfix
+#
+# path to the directory where the certificates (default: certs/postfixcert.pem)
+# and CA certificates (default: ./cacerts) can be found
+#
+# This folder will be synced via 'config.postfix' when running 'chrooted'
+#
+POSTFIX_SSL_PATH="/etc/postfix/ssl"
+
+## Type: string
+## Default: "cacert.pem"
+## Config: postfix
+#
+# name of the CAfile (below POSTFIX_SSL_PATH)
+#
+# when having more than one CA you want to trust, then
+# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts )
+# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts
+# after storing the certs.
+#
+POSTFIX_TLS_CAFILE=""
+
+## Type: string
+## Default: "certs/postfixcert.pem"
+## Config: postfix
+#
+# name of the file containing the certificate (below POSTFIX_SSL_PATH)
+#
+POSTFIX_TLS_CERTFILE="certs/postfixcert.pem"
+
+## Type: string
+## Default: "certs/postfixkey.pem"
+## Config: postfix
+#
+# name of the file containing the key (below POSTFIX_SSL_PATH)
+#
+POSTFIX_TLS_KEYFILE="certs/postfixkey.pem"
+
+#
+# The following options are used by /usr/sbin/config.postfix and mkpostfixcert
+# to create a CA and certificates
+# POSTFIX_SSL_COUNTRY must be a two letter code defined by ISO 3166
+#
+## Type: string
+## Default: "XX"
+POSTFIX_SSL_COUNTRY=""
+
+## Type: string
+## Default: "Some state"
+POSTFIX_SSL_STATE=""
+
+## Type: string
+## Default: "Some locality"
+POSTFIX_SSL_LOCALITY=""
+
+## Type: string
+## Default: "Some Organization"
+POSTFIX_SSL_ORGANIZATION=""
+
+## Type: string
+## Default: "Some Organizational Unit"
+POSTFIX_SSL_ORGANIZATIONAL_UNIT=""
+
+## Type: string
+## Default: "A common name"
+POSTFIX_SSL_COMMON_NAME=""
+
+## Type: string
+## Default: "postmaster"
+POSTFIX_SSL_EMAIL_ADDRESS=""
+
+#
+# POSTFIX_ADD_*
+# You may add any existing postfix parameter here. Just execute the
+# postconf command to get a complete list. You then have to uppercase
+# the parameter and prepend POSTFIX_ADD_.
+# Example:
+# Let's say you want to add the postfix parameter mailbox_size_limit.
+# Then just add
+# POSTFIX_ADD_MAILBOX_SIZE_LIMIT=0
+# POSTFIX_ADD_MESSAGE_SIZE_LIMIT=30000000
+
+## Type: string
+## Default: 0
+POSTFIX_ADD_MAILBOX_SIZE_LIMIT="0"
+
+## Type: string
+## Default: 10240000
+POSTFIX_ADD_MESSAGE_SIZE_LIMIT="0"
+
+## Type: yesno
+## Default: yes
+## Config: postfix
+#
+# Automatically register to slpd, if running?
+#
+POSTFIX_REGISTER_SLP="yes"
+
+## Type: list(subnet,host,class)
+## Default: subnet
+## Config: postfix
+#
+#
+# The postfix default for this setting is "subnet"
+# for security reasons you should use host
+# otherwise every user in the same subnet as you, can use
+# your postfix server as a mail relay for spam.
+# If you set POSTFIX_DIALUP to "yes" mynetworks_style
+# will be set to "host" by /usr/sbin/config.postfix.
+#
+POSTFIX_ADD_MYNETWORKS_STYLE="subnet"
++++++ postfix-linux45.patch ++++++
---
makedefs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- makedefs
+++ makedefs 2017-04-13 08:33:01.425823067 +0000
@@ -543,7 +543,7 @@ EOF
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR
+ Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.021601722 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.025601155 +0200
@@ -64,8 +64,10 @@
+smtp_sasl_security_options =
+smtp_sasl_password_maps =
+smtpd_sasl_auth_enable = no
-+smtpd_sasl_path = smtpd
-+smtpd_sasl_type = cyrus
++#smtpd_sasl_path = private/auth
++#smtpd_sasl_type = dovecot
++#smtpd_sasl_path = smtpd
++#smtpd_sasl_type = cyrus
+############################################################
+# TLS stuff
+############################################################
++++++ postfix-master.cf.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.033600022 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.033600022 +0200
@@ -2,7 +2,7 @@
===================================================================
--- conf/master.cf.orig
+++ conf/master.cf
-@@ -10,6 +10,11 @@
+@@ -10,33 +10,39 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
@@ -14,7 +14,56 @@
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
-@@ -63,6 +68,27 @@ virtual unix - n n
+ #tlsproxy unix - - n - 0 tlsproxy
+ #submission inet n - n - - smtpd
+-# -o syslog_name=postfix/submission
+-# -o smtpd_tls_security_level=encrypt
+-# -o smtpd_sasl_auth_enable=yes
+-# -o smtpd_tls_auth_only=yes
+-# -o smtpd_reject_unlisted_recipient=no
+-# -o smtpd_client_restrictions=$mua_client_restrictions
+-# -o smtpd_helo_restrictions=$mua_helo_restrictions
+-# -o smtpd_sender_restrictions=$mua_sender_restrictions
+-# -o smtpd_recipient_restrictions=
+-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+-# -o milter_macro_daemon_name=ORIGINATING
++# -o syslog_name=postfix/submission
++# -o smtpd_tls_security_level=encrypt
++# -o smtpd_sasl_auth_enable=yes
++# -o smtpd_tls_auth_only=yes
++# -o smtpd_reject_unlisted_recipient=no
++# -o smtpd_client_restrictions=$mua_client_restrictions
++# -o smtpd_helo_restrictions=$mua_helo_restrictions
++# -o smtpd_sender_restrictions=$mua_sender_restrictions
++# -o smtpd_recipient_restrictions=
++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
++# -o milter_macro_daemon_name=ORIGINATING
+ #smtps inet n - n - - smtpd
+-# -o syslog_name=postfix/smtps
+-# -o smtpd_tls_wrappermode=yes
+-# -o smtpd_sasl_auth_enable=yes
+-# -o smtpd_reject_unlisted_recipient=no
+-# -o smtpd_client_restrictions=$mua_client_restrictions
+-# -o smtpd_helo_restrictions=$mua_helo_restrictions
+-# -o smtpd_sender_restrictions=$mua_sender_restrictions
+-# -o smtpd_recipient_restrictions=
+-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+-# -o milter_macro_daemon_name=ORIGINATING
++# -o syslog_name=postfix/smtps
++# -o smtpd_tls_wrappermode=yes
++# -o content_filter=smtp:[127.0.0.1]:10024
++# -o smtpd_sasl_auth_enable=yes
++# -o smtpd_reject_unlisted_recipient=no
++# -o smtpd_client_restrictions=$mua_client_restrictions
++# -o smtpd_helo_restrictions=$mua_helo_restrictions
++# -o smtpd_sender_restrictions=$mua_sender_restrictions
++# -o smtpd_recipient_restrictions=
++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
++# -o milter_macro_daemon_name=ORIGINATING
+ #628 inet n - n - - qmqpd
+ pickup unix n - n 60 1 pickup
+ cleanup unix n - n - 0 cleanup
+@@ -63,6 +69,27 @@ virtual unix - n n
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
@@ -42,7 +91,7 @@
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
-@@ -96,7 +122,7 @@ scache unix - - n
+@@ -96,7 +123,7 @@ scache unix - - n
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
@@ -51,7 +100,7 @@
#
# ====================================================================
#
-@@ -129,3 +155,10 @@ scache unix - - n
+@@ -129,3 +156,10 @@ scache unix - - n
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
++++++ postfix-no-md5.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.049597757 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.049597757 +0200
@@ -2,7 +2,7 @@
===================================================================
--- src/global/mail_params.h.orig
+++ src/global/mail_params.h
-@@ -1333,7 +1333,7 @@ extern char *var_smtpd_tls_excl_ciph;
+@@ -1338,7 +1338,7 @@ extern char *var_smtpd_tls_excl_ciph;
extern char *var_smtpd_tls_mand_excl;
#define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest"
@@ -11,7 +11,7 @@
extern char *var_smtpd_tls_fpt_dgst;
#define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file"
-@@ -1488,9 +1488,9 @@ extern char *var_smtp_tls_excl_ciph;
+@@ -1497,9 +1497,9 @@ extern char *var_smtp_tls_excl_ciph;
extern char *var_smtp_tls_mand_excl;
#define VAR_SMTP_TLS_FPT_DGST "smtp_tls_fingerprint_digest"
++++++ postfix-ssl-release-buffers.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.069594925 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.073594359 +0200
@@ -2,7 +2,7 @@
===================================================================
--- src/tls/tls_client.c.orig
+++ src/tls/tls_client.c
-@@ -371,6 +371,12 @@ TLS_APPL_STATE *tls_client_init(const TL
+@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL
SSL_CTX_set_security_level(client_ctx, 0);
#endif
@@ -19,7 +19,7 @@
===================================================================
--- src/tls/tls_server.c.orig
+++ src/tls/tls_server.c
-@@ -462,6 +462,12 @@ TLS_APPL_STATE *tls_server_init(const TL
+@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL
SSL_CTX_set_security_level(server_ctx, 0);
#endif
++++++ postfix-vda-v14-3.0.3.patch ++++++
--- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.085592659 +0200
+++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.085592659 +0200
@@ -19,7 +19,7 @@
===================================================================
--- src/global/mail_params.h.orig
+++ src/global/mail_params.h
-@@ -2474,6 +2474,54 @@ extern char *var_virt_uid_maps;
+@@ -2487,6 +2487,54 @@ extern char *var_virt_uid_maps;
#define DEF_VIRT_GID_MAPS ""
extern char *var_virt_gid_maps;
