Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2017-04-17 10:24:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Mon Apr 17 10:24:27 2017 rev:141 rq:487812 version:3.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2017-04-07 14:17:39.025177429 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2017-04-17 10:24:28.785776739 +0200 @@ -1,0 +2,23 @@ +Thu Apr 13 09:18:45 UTC 2017 - wer...@suse.de + +- Some cleanups + * Fix SUSE postfix-files to avoid chown errors (anyway this file + seems to be obsolete) + * Avoid installing shared libraries twice + * Refresh patch postfix-linux45.patch + +------------------------------------------------------------------- +Sat Apr 8 15:06:14 UTC 2017 - ch...@computersalat.de + +- update postfix-master.cf.patch + * recover lost (with 3.2.0 update) submission, smtps sections + * merge with upstream update +- update config.postfix + * update master.cf generation for submission +- rebase patches against 3.2.0 + * pointer_to_literals.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- @@ -160 +183 @@ - postfix-linux45.patch postfix-post-install.patch + postfix-post-install.patch @@ -166,0 +190,2 @@ +- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) + (bsc#940289) New: ---- postfix-linux45.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:29.905618148 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:29.913617015 +0200 @@ -76,12 +76,14 @@ Patch3: ipv6_disabled.patch Patch4: %{name}-main.cf.patch Patch5: %{name}-master.cf.patch +Patch6: %{name}-linux45.patch Patch7: %{name}-ssl-release-buffers.patch Patch8: %{name}-vda-v14-3.0.3.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel BuildRequires: db-devel +BuildRequires: diffutils BuildRequires: libopenssl-devel %if %{with lmdb} BuildRequires: lmdb-devel @@ -188,6 +190,7 @@ %patch3 %patch4 %patch5 +%patch6 %patch7 %patch8 @@ -385,6 +388,14 @@ %fdupes %{buildroot}%{pf_docdir} %fdupes %{buildroot}%{_mandir} %endif +for path in %{buildroot}%{_libexecdir}/%{name}/libpostfix-*.so +do + test -e "$path" || continue + name=${path##*/} + cmp "$path" %{buildroot}%{_libdir}/$name || continue + rm -vf $path + ln -sf %{_libdir}/$name $path +done # --------------------------------------------------------------------------- install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ ++++++ pointer_to_literals.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:29.945612483 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:29.949611917 +0200 @@ -28,7 +28,7 @@ =================================================================== --- src/smtpd/smtpd_check.c.orig +++ src/smtpd/smtpd_check.c -@@ -368,6 +368,10 @@ static STRING_LIST *smtpd_acl_perm_log; +@@ -379,6 +379,10 @@ static STRING_LIST *smtpd_acl_perm_log; #define CONST_STR(x) ((const char *) vstring_str(x)) #define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); } @@ -39,7 +39,7 @@ /* * If some decision can't be made due to a temporary error, then change * other decisions into deferrals. -@@ -2297,8 +2301,6 @@ static int check_table_result(SMTPD_STAT +@@ -2335,8 +2339,6 @@ static int check_table_result(SMTPD_STAT if (msg_verbose) msg_info("%s: %s %s %s", myname, table, value, datum); @@ -48,7 +48,7 @@ /* * DUNNO means skip this table. Silently ignore optional text. */ -@@ -3374,8 +3376,6 @@ static const char *rbl_expand_lookup(con +@@ -3368,8 +3370,6 @@ static const char *rbl_expand_lookup(con SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context; SMTPD_STATE *state = rbl_exp->state; ++++++ postfix-SuSE.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix --- old/postfix-SuSE/config.postfix 2017-01-21 23:16:39.016674120 +0100 +++ new/postfix-SuSE/config.postfix 2017-04-08 03:36:06.827649977 +0200 @@ -979,6 +979,12 @@ } else { $line = "# ".$1; } + } elsif( /^\#?\s{3}(-o\s+smtpd_tls_auth_only=.*)/ ) { + if ( $tlsserver eq "yes" && $authserver eq "yes") { + $line = " ".$1; + } else { + $line = "# ".$1; + } } elsif( /^\#?\s{3}(-o\s+smtpd_relay_restrictions=.*)/ ) { if ( $tlsserver ne "yes" ) { $line = "# ".$1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/postfix-files new/postfix-SuSE/postfix-files --- old/postfix-SuSE/postfix-files 2011-05-11 10:23:17.000000000 +0200 +++ new/postfix-SuSE/postfix-files 2017-04-13 10:54:49.517011728 +0200 @@ -62,9 +62,8 @@ $queue_directory/trace:d:$mail_owner:-:700:ucr $daemon_directory/anvil:f:root:-:755 $daemon_directory/bounce:f:root:-:755 -$daemon_directory/dict_ldap.so:f:root:-:755 -$daemon_directory/dict_pcre.so:f:root:-:755 -$daemon_directory/dict_tcp.so:f:root:-:755 +$daemon_directory/postfix-ldap.so:f:root:-:755 +$daemon_directory/postfix-pcre.so:f:root:-:755 $daemon_directory/cleanup:f:root:-:755 $daemon_directory/discard:f:root:-:755 $daemon_directory/dnsblog:f:root:-:755 @@ -72,8 +71,8 @@ $daemon_directory/flush:f:root:-:755 #$daemon_directory/lmtp:f:root:-:755 $daemon_directory/local:f:root:-:755 -$daemon_directory/main.cf:f:root:-:644 -$daemon_directory/master.cf:f:root:-:644 +$daemon_directory/main.cf.proto:f:root:-:644 +$daemon_directory/master.cf.proto:f:root:-:644 $daemon_directory/master:f:root:-:755 $daemon_directory/oqmgr:f:root:-:755 $daemon_directory/pickup:f:root:-:755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix new/postfix-SuSE/sysconfig.postfix --- old/postfix-SuSE/sysconfig.postfix 2017-01-22 00:07:25.345079441 +0100 +++ new/postfix-SuSE/sysconfig.postfix 2017-01-26 18:31:57.871280147 +0100 @@ -226,42 +226,46 @@ POSTFIX_BASIC_SPAM_PREVENTION="off" ## Type: string -## Default: "reject_unauth_pipelining, reject_unknown_client, $POSTFIX_RBL_HOSTS" +## Default: "" ## Config: postfix # # Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION # # A comma or space separated list of restrictions -# Note: "if set to "medium" default is "$POSTFIX_RBL_HOSTS" +# Note: if set to ... +# medium: "$POSTFIX_RBL_HOSTS" +# hard" : "permit_mynetworks, $POSTFIX_RBL_HOSTS, reject_unknown_client_hostname" # # "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not need to define it here. # Fill "POSTFIX_RBL_HOSTS" instead # # Example: -# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="reject_unauth_pipelining, +# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="permit_mynetworks, # check_client_access hash:/etc/postfix/pop-before-smtp, # check_client_access hash:/etc/postfix/relay, # check_client_access hash:/etc/postfix/access, -# reject_unknown_client" +# reject_unknown_client_hostname" # POSTFIX_SMTPD_CLIENT_RESTRICTIONS="" ## Type: string -## Default: "reject_unauth_pipelining, reject_unknown_client" +## Default: "" ## Config: postfix # # Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION # # A comma or space separated list of restrictions -# Note: "if set to "medium" default is "" +# Note: if set to ... +# medium: "" +# hard : "permit_mynetworks, reject_invalid_helo_hostname" # # Example: -# POSTFIX_SMTPD_HELO_RESTRICTIONS="reject_unauth_pipelining, +# POSTFIX_SMTPD_HELO_RESTRICTIONS="permit_mynetworks, # check_client_access hash:/etc/postfix/pop-before-smtp, # check_client_access hash:/etc/postfix/relay, # check_client_access hash:/etc/postfix/access, # check_helo_access hash:/etc/postfix/helo_access, -# reject_unknown_client" +# reject_invalid_helo_hostname" # POSTFIX_SMTPD_HELO_RESTRICTIONS="" @@ -272,14 +276,17 @@ # Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION # # A comma or space separated list of restrictions -# Note: "if set to "medium" default is "hash:/etc/postfix/access, reject_unknown_sender_domain" +# Note: if set to ... +# medium: "hash:/etc/postfix/access, reject_unknown_sender_domain" +# hard : "hash:/etc/postfix/access, reject_unknown_sender_domain" # # Example: -# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining, +# POSTFIX_SMTPD_SENDER_RESTRICTIONS=" # check_client_access hash:/etc/postfix/pop-before-smtp, # check_client_access hash:/etc/postfix/relay, # check_client_access hash:/etc/postfix/access, -# reject_unknown_client" +# reject_unknown_sender_domain, +# reject_unknown_client_hostname" # POSTFIX_SMTPD_SENDER_RESTRICTIONS="" @@ -290,21 +297,21 @@ # Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this RESTRICTION # # A comma or space separated list of restrictions -# Note: "if set to "medium" default is "permit_mynetworks, reject_unauth_destination" -# Note: "if set to "custom" just like medium +# Note: if set to +# medium: "permit_mynetworks, reject_unauth_destination" +# hard : "permit_mynetworks, reject_unauth_destination" # # Example: -# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="reject_unauth_pipelining, +# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks, # check_client_access hash:/etc/postfix/pop-before-smtp, # check_client_access hash:/etc/postfix/relay, # check_client_access hash:/etc/postfix/access, -# permit_mynetworks, # warn_if_reject, # reject_unknown_sender_domain, # warn_if_reject, # reject_unknown_recipient_domain, -# reject_unknown_hostname, -# reject_unknown_client, +# reject_unknown_helo_hostname, +# reject_unknown_client_hostname, # reject_non_fqdn_sender, # reject_non_fqdn_recipient, # reject_non_fqdn_hostname, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix.20170122 new/postfix-SuSE/sysconfig.postfix.20170122 --- old/postfix-SuSE/sysconfig.postfix.20170122 1970-01-01 01:00:00.000000000 +0100 +++ new/postfix-SuSE/sysconfig.postfix.20170122 2017-01-22 00:07:25.345079441 +0100 @@ -0,0 +1,515 @@ +## Path: Network/Mail/Postfix +## Description: Basic configuration of the postfix MTA +## Type: string +## Default: "" +## Config: postfix +# +# Should we use a mailrelay? +# NOTE: ALL mail that is not considered to be my destination +# (POSTFIX_LOCALDOMAINS), will be sent to this host. +# If this host is not your MX, then you have to use [square brackets] +# around the hostname, e.g. [relay.example.com] +# You may also specify an alternate port number, e.g. +# relay.example.com:26 or [relay.example.com]:26 to prevent MX lookups. +# +POSTFIX_RELAYHOST="" + +## Type: string +## Default: "" +## Config: postfix +# +# Comma separated list of IP's +# NOTE: If not set, LISTEN on all interfaces +# +POSTFIX_LISTEN="" + +## Type: string +## Default: "all" +## Config: postfix +# +# One Argument for proto to listen to +# Example: POSTFIX_INET_PROTO="ipv4" +# NOTE: If not set, LISTEN on all proto +# +POSTFIX_INET_PROTO="" + +## Type: string +## Default: "$(hostname -f)" +## Config: postfix +# +# define HOSTNAME you want postfix to show +# NOTE: If set, You should have a "MX Record" in DNS for that name +# and have a valid reverse entry ;) +# +POSTFIX_MYHOSTNAME="" + +## Type: string +## Default: "" +## Config: postfix +# +# Comma separated list of domains that must have their subdomain +# structure stripped off. +# NOTE: If set, FROM_HEADER will also be appended to this list +# +POSTFIX_MASQUERADE_DOMAIN="" + +## Type: string +## Default: "" +## Config: postfix +# +# Comma separated list of host-/domainnames for which postfix +# should accept mail for. +# localhost and the own hostname is the default if POSTFIX_LOCALDOMAINS +# is set empty. +# Examples: +# POSTFIX_LOCALDOMAINS="\$myhostname, \$mydomain, localhost.\$mydomain" +# if you want to use postfix internal variable substitutes or +# POSTFIX_LOCALDOMAINS="example.com, host.example.com, localhost.example.com" +# +POSTFIX_LOCALDOMAINS="" + +## Type: yesno +## Default: no +## Config: postfix +## ServiceRestart: postfix +# +# A null client is a machine that can only send mail. It receives no +# mail from the network, and it does not deliver any mail locally. +# A null client typically uses POP or NFS for mailbox access. +# NOTE: This overrides the following variable: POSTFIX_LOCALDOMAINS +# +POSTFIX_NULLCLIENT="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# if set to yes, mail that will be delivered via smtp will stay +# in the queue unless someone issues "sendmail -q" or equivalent. +# +POSTFIX_DIALUP="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Some people use Postfix to deliver mail across a LAN that is disconnected +# most of the time. Under such conditions, mail delivery can suffer from +# delays while the Postfix SMTP client performs sender and recipient +# domain DNS lookups in order to be standards-compliant. To prevent these +# delays, set this to yes. +# +POSTFIX_NODNS="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Start postfix services chrooted, that are able to run chrooted? +# Note: if you want /usr/sbin/config.postfix to maintain the chroot jail, you +# also have to set POSTFIX_UPDATE_CHROOT_JAIL to yes. +# Note: if you want postfix runs in CHROOT enviroment, then the whole +# /var directory must be on one partition. +# +POSTFIX_CHROOT="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Set this to yes, if /usr/sbin/config.postfix should setup the chroot jail itself +# +POSTFIX_UPDATE_CHROOT_JAIL="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Set this to yes, if /usr/sbin/config.postfix should activate ldap stuff in main.cf +# This extends virtual_alias_maps with "ldap:/etc/postfix/ldap_aliases.cf" +# +POSTFIX_WITH_LDAP="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Set this to yes, if /usr/sbin/config.postfix should activate mysql stuff in main.cf +# and having 'mysql.sock' inside chroot jail +# Note: When POSTFIX_CHROOT="yes" then 'mysql.sock' will be available +# in postfix CHROOT +# +POSTFIX_WITH_MYSQL="no" + +## Type: string(socket,tcp) +## Default: "socket" +## Config: postfix +# +# Set this to "tcp", if your MySQL is not on localhost +# Note: When POSTFIX_CHROOT="yes" then MYSQL_SOCKET will also be available +# in postfix chroot, but you can use "tcp" just as well with MySQL +# on localhost +# +POSTFIX_MYSQL_CONN="socket" + +## Type: yesno +## Default: no +## Config: postfix +# +# Some of the postfix services require a fifo to operate correctly at least +# when the system load is high. Recurring fifo access will prevent the +# disk to fall asleep, so you might want to use a unix domain socket +# instead, if you are using a laptop. +# +POSTFIX_LAPTOP="no" + +## Type: yesno +## Default: yes +## Config: postfix +# +# Should /usr/sbin/config.postfix update the different .db maps in /etc/postfix? +# +POSTFIX_UPDATE_MAPS="yes" + +## Type: string +## Default: "virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts" +## Config: postfix +# +# The list of maps, which should be maintained, if +# POSTFIX_UPDATE_MAPS=yes. POSTFIX_MAP_LIST must be a space seperated list of +# file names without an absolute path. They are all to be exptected +# within the directory /etc/postfix. Optionally a file mode can be appended +# using a colon as separator +# +POSTFIX_MAP_LIST="virtual transport access canonical sender_canonical relocated sasl_passwd:600 relay_ccerts helo_access relay" + +## Type: string +## Default: hash:/etc/postfix/transport +# +# The list of transport_maps postfix should look for +# +POSTFIX_TRANSPORT_MAPS="" + +## Type: string +## Default: "" +## Config: postfix +# +# A comma seperated list of hosts that blacklist client IP addresses +# Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set +# to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place. +# +# Example: POSTFIX_RBL_HOSTS="bl.spamcop.net, cbl.abuseat.org, zen.spamhaus.org" +# +POSTFIX_RBL_HOSTS="" + +## Type: string(off,medium,hard) +## Default: off +## Config: postfix +# +# POSTFIX_BASIC_SPAM_PREVENTION possible values: +# off : postfix default configuration +# medium : medium UCE policy checks +# hard : hard UCE policy checks +# custom : you can define your own stuff + +# Note: when setting to "custom" and no settings in +# "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" +# "POSTFIX_HELO_RESTRICTIONS" +# "POSTFIX_SENDER_RESTRICTIONS" +# "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" result is like setting to "medium" +# +# Setting this to medium or hard will activate some basic UCE controls +# supported by postfix. This may lead to mails which are undeliverable +# to your mailserver! USE THAT ON YOUR OWN RISC!!! +# See http://www.postfix.org/uce.html for more details ! +# +POSTFIX_BASIC_SPAM_PREVENTION="off" + +## Type: string +## Default: "reject_unauth_pipelining, reject_unknown_client, $POSTFIX_RBL_HOSTS" +## Config: postfix +# +# Fill "POSTFIX_SMTPD_CLIENT_RESTRICTIONS" for completion of this RESTRICTION +# +# A comma or space separated list of restrictions +# Note: "if set to "medium" default is "$POSTFIX_RBL_HOSTS" +# +# "POSTFIX_RBL_HOSTS" will be placed by /usr/sbin/config.postfix. You do not need to define it here. +# Fill "POSTFIX_RBL_HOSTS" instead +# +# Example: +# POSTFIX_SMTPD_CLIENT_RESTRICTIONS="reject_unauth_pipelining, +# check_client_access hash:/etc/postfix/pop-before-smtp, +# check_client_access hash:/etc/postfix/relay, +# check_client_access hash:/etc/postfix/access, +# reject_unknown_client" +# +POSTFIX_SMTPD_CLIENT_RESTRICTIONS="" + +## Type: string +## Default: "reject_unauth_pipelining, reject_unknown_client" +## Config: postfix +# +# Fill "POSTFIX_SMTPD_HELO_RESTRICTIONS" for completion of this RESTRICTION +# +# A comma or space separated list of restrictions +# Note: "if set to "medium" default is "" +# +# Example: +# POSTFIX_SMTPD_HELO_RESTRICTIONS="reject_unauth_pipelining, +# check_client_access hash:/etc/postfix/pop-before-smtp, +# check_client_access hash:/etc/postfix/relay, +# check_client_access hash:/etc/postfix/access, +# check_helo_access hash:/etc/postfix/helo_access, +# reject_unknown_client" +# +POSTFIX_SMTPD_HELO_RESTRICTIONS="" + +## Type: string +## Default: "hash:/etc/postfix/access, reject_unknown_sender_domain" +## Config: postfix +# +# Fill "POSTFIX_SMTPD_SENDER_RESTRICTIONS" for completion of this RESTRICTION +# +# A comma or space separated list of restrictions +# Note: "if set to "medium" default is "hash:/etc/postfix/access, reject_unknown_sender_domain" +# +# Example: +# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining, +# check_client_access hash:/etc/postfix/pop-before-smtp, +# check_client_access hash:/etc/postfix/relay, +# check_client_access hash:/etc/postfix/access, +# reject_unknown_client" +# +POSTFIX_SMTPD_SENDER_RESTRICTIONS="" + +## Type: string +## Default: "permit_mynetworks, reject_unauth_destination" +## Config: postfix +# +# Fill "POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" for completion of this RESTRICTION +# +# A comma or space separated list of restrictions +# Note: "if set to "medium" default is "permit_mynetworks, reject_unauth_destination" +# Note: "if set to "custom" just like medium +# +# Example: +# POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="reject_unauth_pipelining, +# check_client_access hash:/etc/postfix/pop-before-smtp, +# check_client_access hash:/etc/postfix/relay, +# check_client_access hash:/etc/postfix/access, +# permit_mynetworks, +# warn_if_reject, +# reject_unknown_sender_domain, +# warn_if_reject, +# reject_unknown_recipient_domain, +# reject_unknown_hostname, +# reject_unknown_client, +# reject_non_fqdn_sender, +# reject_non_fqdn_recipient, +# reject_non_fqdn_hostname, +# reject_unauth_destination" +# +POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="" + +## Type: list(procmail,cyrus,dovecot,local) +## Default: local +## Config: postfix +# +# POSTFIX_MDA possible values: +# procmail: use procmail to deliver mail locally +# cyrus : use lmtp to deliver to cyrus-imapd +# dovecot : use dovecot to deliver mail to dovecot +# local : use postfix local MDA +# +POSTFIX_MDA="local" + +## Type: yesno +## Default: no +## Config: postfix +# +# Configure postfix to enable users to auth against postfix +# to be able to relay mail independent of being within +# the local network/domain. +# You may want to edit /etc/sasl2/smtpd.conf to fit your needs. +# See /usr/share/doc/packages/postfix/README_FILES/SASL_README +# for more details. +# +POSTFIX_SMTP_AUTH_SERVER="no" + +## Type: string(cyrus,dovecot) +## Default: "cyrus" +## Config: postfix +# +# Configure postfix which SASL service to use +# cyrus : smtpd_sasl_type = cyrus, smtpd_sasl_path = smtpd +# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth +# +POSTFIX_SMTP_AUTH_SERVICE="cyrus" + +## Type: yesno +## Default: no +## Config: postfix +# +# Enable SMTP-AUTH for the postfix smtp client +# you have to edit /etc/postfix/sasl_passwd and call +# /usr/sbin/config.postfix afterwards +# +POSTFIX_SMTP_AUTH="no" + +## Type: string +## Default: "" +## Config: postfix +# +# POSTFIX_SMTP_AUTH_OPTIONS possible values: +# comma separated list of one or more of +# +# noplaintext: disallow methods that use plaintext passwords +# noactive: disallow methods subject to active (non-dictionary) attack +# nodictionary: disallow methods subject to passive (dictionary) attack +# noanonymous: disallow methods that allow anonymous authentication +# +POSTFIX_SMTP_AUTH_OPTIONS="" + +## Type: yesno +## Default: no +## Config: postfix +# +# Do you want to use STARTTLS +# +POSTFIX_SMTP_TLS_SERVER="no" + +## Type: yesno +## Default: no +## Config: postfix +# +# Do you want to use SMTP over SSL. +# assigns port 465 to smtps in /etc/services +# CAUTION: the IANA has assigned a different protocol to port 465 +# Usage of port 465 for smtps was not officially encouraged +# If you enable this you need to make sure that it does not collide +# with protocol urd +# +POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no" + +## Type: list(no,yes,must) +## Default: no +## Config: postfix +# +# Do you want to enable postfix smtp client to use TLS +# +POSTFIX_SMTP_TLS_CLIENT="no" + +## Type: string +## Default: "/etc/postfix/ssl" +## Config: postfix +# +# path to the directory where the certificates (default: certs/postfixcert.pem) +# and CA certificates (default: ./cacerts) can be found +# +# This folder will be synced via 'config.postfix' when running 'chrooted' +# +POSTFIX_SSL_PATH="/etc/postfix/ssl" + +## Type: string +## Default: "cacert.pem" +## Config: postfix +# +# name of the CAfile (below POSTFIX_SSL_PATH) +# +# when having more than one CA you want to trust, then +# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts ) +# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts +# after storing the certs. +# +POSTFIX_TLS_CAFILE="" + +## Type: string +## Default: "certs/postfixcert.pem" +## Config: postfix +# +# name of the file containing the certificate (below POSTFIX_SSL_PATH) +# +POSTFIX_TLS_CERTFILE="certs/postfixcert.pem" + +## Type: string +## Default: "certs/postfixkey.pem" +## Config: postfix +# +# name of the file containing the key (below POSTFIX_SSL_PATH) +# +POSTFIX_TLS_KEYFILE="certs/postfixkey.pem" + +# +# The following options are used by /usr/sbin/config.postfix and mkpostfixcert +# to create a CA and certificates +# POSTFIX_SSL_COUNTRY must be a two letter code defined by ISO 3166 +# +## Type: string +## Default: "XX" +POSTFIX_SSL_COUNTRY="" + +## Type: string +## Default: "Some state" +POSTFIX_SSL_STATE="" + +## Type: string +## Default: "Some locality" +POSTFIX_SSL_LOCALITY="" + +## Type: string +## Default: "Some Organization" +POSTFIX_SSL_ORGANIZATION="" + +## Type: string +## Default: "Some Organizational Unit" +POSTFIX_SSL_ORGANIZATIONAL_UNIT="" + +## Type: string +## Default: "A common name" +POSTFIX_SSL_COMMON_NAME="" + +## Type: string +## Default: "postmaster" +POSTFIX_SSL_EMAIL_ADDRESS="" + +# +# POSTFIX_ADD_* +# You may add any existing postfix parameter here. Just execute the +# postconf command to get a complete list. You then have to uppercase +# the parameter and prepend POSTFIX_ADD_. +# Example: +# Let's say you want to add the postfix parameter mailbox_size_limit. +# Then just add +# POSTFIX_ADD_MAILBOX_SIZE_LIMIT=0 +# POSTFIX_ADD_MESSAGE_SIZE_LIMIT=30000000 + +## Type: string +## Default: 0 +POSTFIX_ADD_MAILBOX_SIZE_LIMIT="0" + +## Type: string +## Default: 10240000 +POSTFIX_ADD_MESSAGE_SIZE_LIMIT="0" + +## Type: yesno +## Default: yes +## Config: postfix +# +# Automatically register to slpd, if running? +# +POSTFIX_REGISTER_SLP="yes" + +## Type: list(subnet,host,class) +## Default: subnet +## Config: postfix +# +# +# The postfix default for this setting is "subnet" +# for security reasons you should use host +# otherwise every user in the same subnet as you, can use +# your postfix server as a mail relay for spam. +# If you set POSTFIX_DIALUP to "yes" mynetworks_style +# will be set to "host" by /usr/sbin/config.postfix. +# +POSTFIX_ADD_MYNETWORKS_STYLE="subnet" ++++++ postfix-linux45.patch ++++++ --- makedefs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- makedefs +++ makedefs 2017-04-13 08:33:01.425823067 +0000 @@ -543,7 +543,7 @@ EOF : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; - Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR + Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; ++++++ postfix-main.cf.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.021601722 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.025601155 +0200 @@ -64,8 +64,10 @@ +smtp_sasl_security_options = +smtp_sasl_password_maps = +smtpd_sasl_auth_enable = no -+smtpd_sasl_path = smtpd -+smtpd_sasl_type = cyrus ++#smtpd_sasl_path = private/auth ++#smtpd_sasl_type = dovecot ++#smtpd_sasl_path = smtpd ++#smtpd_sasl_type = cyrus +############################################################ +# TLS stuff +############################################################ ++++++ postfix-master.cf.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.033600022 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.033600022 +0200 @@ -2,7 +2,7 @@ =================================================================== --- conf/master.cf.orig +++ conf/master.cf -@@ -10,6 +10,11 @@ +@@ -10,33 +10,39 @@ # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd @@ -14,7 +14,56 @@ #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog -@@ -63,6 +68,27 @@ virtual unix - n n + #tlsproxy unix - - n - 0 tlsproxy + #submission inet n - n - - smtpd +-# -o syslog_name=postfix/submission +-# -o smtpd_tls_security_level=encrypt +-# -o smtpd_sasl_auth_enable=yes +-# -o smtpd_tls_auth_only=yes +-# -o smtpd_reject_unlisted_recipient=no +-# -o smtpd_client_restrictions=$mua_client_restrictions +-# -o smtpd_helo_restrictions=$mua_helo_restrictions +-# -o smtpd_sender_restrictions=$mua_sender_restrictions +-# -o smtpd_recipient_restrictions= +-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +-# -o milter_macro_daemon_name=ORIGINATING ++# -o syslog_name=postfix/submission ++# -o smtpd_tls_security_level=encrypt ++# -o smtpd_sasl_auth_enable=yes ++# -o smtpd_tls_auth_only=yes ++# -o smtpd_reject_unlisted_recipient=no ++# -o smtpd_client_restrictions=$mua_client_restrictions ++# -o smtpd_helo_restrictions=$mua_helo_restrictions ++# -o smtpd_sender_restrictions=$mua_sender_restrictions ++# -o smtpd_recipient_restrictions= ++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ++# -o milter_macro_daemon_name=ORIGINATING + #smtps inet n - n - - smtpd +-# -o syslog_name=postfix/smtps +-# -o smtpd_tls_wrappermode=yes +-# -o smtpd_sasl_auth_enable=yes +-# -o smtpd_reject_unlisted_recipient=no +-# -o smtpd_client_restrictions=$mua_client_restrictions +-# -o smtpd_helo_restrictions=$mua_helo_restrictions +-# -o smtpd_sender_restrictions=$mua_sender_restrictions +-# -o smtpd_recipient_restrictions= +-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +-# -o milter_macro_daemon_name=ORIGINATING ++# -o syslog_name=postfix/smtps ++# -o smtpd_tls_wrappermode=yes ++# -o content_filter=smtp:[127.0.0.1]:10024 ++# -o smtpd_sasl_auth_enable=yes ++# -o smtpd_reject_unlisted_recipient=no ++# -o smtpd_client_restrictions=$mua_client_restrictions ++# -o smtpd_helo_restrictions=$mua_helo_restrictions ++# -o smtpd_sender_restrictions=$mua_sender_restrictions ++# -o smtpd_recipient_restrictions= ++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ++# -o milter_macro_daemon_name=ORIGINATING + #628 inet n - n - - qmqpd + pickup unix n - n 60 1 pickup + cleanup unix n - n - 0 cleanup +@@ -63,6 +69,27 @@ virtual unix - n n lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache @@ -42,7 +91,7 @@ # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual -@@ -96,7 +122,7 @@ scache unix - - n +@@ -96,7 +123,7 @@ scache unix - - n # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe @@ -51,7 +100,7 @@ # # ==================================================================== # -@@ -129,3 +155,10 @@ scache unix - - n +@@ -129,3 +156,10 @@ scache unix - - n #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} ++++++ postfix-no-md5.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.049597757 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.049597757 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/global/mail_params.h.orig +++ src/global/mail_params.h -@@ -1333,7 +1333,7 @@ extern char *var_smtpd_tls_excl_ciph; +@@ -1338,7 +1338,7 @@ extern char *var_smtpd_tls_excl_ciph; extern char *var_smtpd_tls_mand_excl; #define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest" @@ -11,7 +11,7 @@ extern char *var_smtpd_tls_fpt_dgst; #define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file" -@@ -1488,9 +1488,9 @@ extern char *var_smtp_tls_excl_ciph; +@@ -1497,9 +1497,9 @@ extern char *var_smtp_tls_excl_ciph; extern char *var_smtp_tls_mand_excl; #define VAR_SMTP_TLS_FPT_DGST "smtp_tls_fingerprint_digest" ++++++ postfix-ssl-release-buffers.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.069594925 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.073594359 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/tls/tls_client.c.orig +++ src/tls/tls_client.c -@@ -371,6 +371,12 @@ TLS_APPL_STATE *tls_client_init(const TL +@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL SSL_CTX_set_security_level(client_ctx, 0); #endif @@ -19,7 +19,7 @@ =================================================================== --- src/tls/tls_server.c.orig +++ src/tls/tls_server.c -@@ -462,6 +462,12 @@ TLS_APPL_STATE *tls_server_init(const TL +@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL SSL_CTX_set_security_level(server_ctx, 0); #endif ++++++ postfix-vda-v14-3.0.3.patch ++++++ --- /var/tmp/diff_new_pack.sIhPkJ/_old 2017-04-17 10:24:30.085592659 +0200 +++ /var/tmp/diff_new_pack.sIhPkJ/_new 2017-04-17 10:24:30.085592659 +0200 @@ -19,7 +19,7 @@ =================================================================== --- src/global/mail_params.h.orig +++ src/global/mail_params.h -@@ -2474,6 +2474,54 @@ extern char *var_virt_uid_maps; +@@ -2487,6 +2487,54 @@ extern char *var_virt_uid_maps; #define DEF_VIRT_GID_MAPS "" extern char *var_virt_gid_maps;