Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at Thu May 26 10:24:06 CEST 2011.
-------- --- postfix/postfix.changes 2011-05-11 10:25:11.000000000 +0200 +++ /mounts/work_src_done/STABLE/postfix/postfix.changes 2011-05-24 12:26:19.000000000 +0200 @@ -1,0 +2,32 @@ +Tue May 24 10:24:51 UTC 2011 - [email protected] + +- bnc#679187 - suseconfig/postfix: missing dependency + +------------------------------------------------------------------- +Tue May 17 22:31:46 UTC 2011 - [email protected] + +- fix master.cf + o fix missing + - amavis unix - - n - 4 smtp + - localhost:10025 inet n - n - - smtpd + o add master.cf patch +- rework patches + o main.cf (add two missing sasl vars) + o postfix-SuSE (SuSEconfig, cleanup those vars,...) + +------------------------------------------------------------------- +Sun May 15 14:16:03 UTC 2011 - [email protected] + +- rework TLS stuff + o reworked main.cf patch + o added postfix-SuSE patch + o added post-install patch + Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service + add only if it really does not exist +- removed Author from description +- updated vda patch + o vda-2.7.1 > vda-v10-2.8.1 +- fix build for SLE_10 + o no fdupes ;) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- postfix-2.7.1-main.cf.patch postfix-vda-2.7.1.patch New: ---- postfix-2.8.3-main.cf.patch postfix-2.8.3-master.cf.patch postfix-2.8.3-post-install.patch postfix-SuSE.patch postfix-vda-v10-2.8.1.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.wCFCMf/_old 2011-05-26 10:22:10.000000000 +0200 +++ /var/tmp/diff_new_pack.wCFCMf/_new 2011-05-26 10:22:10.000000000 +0200 @@ -21,7 +21,7 @@ Name: postfix Summary: A fast, secure, and flexible mailer Version: 2.8.3 -Release: 1 +Release: 7 License: IBM Public License .. Group: Productivity/Networking/Email/Servers Url: http://www.postfix.org/ @@ -35,25 +35,25 @@ Patch1: dynamic_maps_pie.patch Patch2: pointer_to_literals.patch Patch3: ipv6_disabled.patch -Patch10: %{name}-2.7.1-main.cf.patch -Patch11: %{name}-vda-2.7.1.patch +Patch10: %{name}-2.8.3-main.cf.patch +Patch11: %{name}-2.8.3-master.cf.patch +Patch12: %{name}-2.8.3-post-install.patch +Patch20: %{name}-vda-v10-2.8.1.patch +Patch30: %{name}-SuSE.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq PreReq: /usr/bin/getent PreReq: /usr/sbin/useradd /usr/sbin/groupadd PreReq: /bin/sed /bin/awk /bin/grep PreReq: textutils sh-utils fileutils pcre netcfg -%if 0%{?suse_version} > 1130 PreReq: sysvinit(syslog) sysvinit(network) -%endif +Requires: iproute2 BuildRequires: db-devel BuildRequires: mysql-devel BuildRequires: openldap2-devel pcre-devel postgresql-devel # require pwdutils to make postinstall script check work BuildRequires: pwdutils -%if 0%{?suse_version} >= 1100 BuildRequires: fdupes -%endif # Conflicts: sendmail exim Provides: smtp_daemon @@ -90,11 +90,6 @@ %description Postfix aims to be an alternative to the widely-used sendmail program. -Authors: --------- - Wietse Venema <[email protected]> - - %package devel Summary: Development headers for the postfix package License: IBM Public License .. @@ -105,11 +100,6 @@ %description devel Postfix aims to be an alternative to the widely-used sendmail program. -Authors: --------- - Wietse Venema <[email protected]> - - %package doc Summary: Documentations for the postfix package License: IBM Public License .. @@ -122,11 +112,6 @@ Postfix aims to be an alternative to the widely-used sendmail program. This package contains the documentation for %{name} -Authors: --------- - Wietse Venema <[email protected]> - - %package mysql Summary: Postfix plugin to support MySQL maps License: IBM Public License .. @@ -138,11 +123,6 @@ Postfix plugin to support MySQL maps. This library will be loaded by starting %{name} if you'll access a postmap which is stored in mysql. -Authors: --------- - Wietse Venema <[email protected]> - - %package postgresql Summary: Postfix plugin to support PostgreSQL maps License: IBM Public License .. @@ -155,11 +135,6 @@ by starting %{name} if you'll access a postmap which is stored in PostgreSQL. -Authors: --------- - Wietse Venema <[email protected]> - - %prep %setup -n %{name}-%{version} -a 1 -a 2 %patch -p1 @@ -168,6 +143,9 @@ %patch3 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch20 -p1 +%patch30 -p0 # --------------------------------------------------------------------------- %build @@ -294,9 +272,7 @@ "readme_directory = %{pf_readme_directory}" \ "html_directory = %{pf_html_directory}" \ "sample_directory = %{pf_sample_directory}" \ - "daemon_directory = %{pf_daemon_directory}" \ - "biff = no" \ - "inet_protocols = all" + "daemon_directory = %{pf_daemon_directory}" #Set Permissions install -m 644 %{name}-SuSE/%{name}-files $RPM_BUILD_ROOT/usr/lib/postfix/postfix-files # postfix-mysql @@ -313,8 +289,10 @@ done cp -a examples/* $RPM_BUILD_ROOT%{pf_sample_directory} cp -a html/* $RPM_BUILD_ROOT%{pf_html_directory} +%if 0%{?suse_version} >= 1100 %fdupes $RPM_BUILD_ROOT%{pf_docdir} %fdupes $RPM_BUILD_ROOT%{_mandir} +%endif # --------------------------------------------------------------------------- install -m 755 %{SOURCE11} $RPM_BUILD_ROOT/usr/sbin/ @@ -395,6 +373,10 @@ if [ ${1:-0} -gt 1 ]; then /usr/sbin/postfix upgrade-configuration || : fi +# before fillup we need to fix something +%{__sed} -i \ + -e "s/POSTFIX_SMTPD_SENDERNT_RESTRICTIONS/POSTFIX_SMTPD_SENDER_RESTRICTIONS/" \ + %{_sysconfdir}/sysconfig/%{name} %{fillup_and_insserv -y postfix} %{fillup_only -an mail} /sbin/ldconfig ++++++ postfix-2.7.1-main.cf.patch -> postfix-2.8.3-main.cf.patch ++++++ --- postfix/postfix-2.7.1-main.cf.patch 2011-05-11 10:33:37.000000000 +0200 +++ /mounts/work_src_done/STABLE/postfix/postfix-2.8.3-main.cf.patch 2011-05-17 22:14:18.000000000 +0200 @@ -1,16 +1,88 @@ -diff -ruN postfix-2.7.1-orig/conf/main.cf postfix-2.7.1/conf/main.cf ---- postfix-2.7.1-orig/conf/main.cf 2007-12-18 14:50:25.000000000 +0100 -+++ postfix-2.7.1/conf/main.cf 2010-12-11 20:47:20.000000000 +0100 -@@ -649,3 +649,38 @@ +diff -ruN postfix-2.8.3-orig/conf/main.cf postfix-2.8.3/conf/main.cf +--- postfix-2.8.3-orig/conf/main.cf 2007-12-18 14:50:25.000000000 +0100 ++++ postfix-2.8.3/conf/main.cf 2011-05-17 22:05:14.000000000 +0200 +@@ -649,3 +649,119 @@ # readme_directory: The location of the Postfix README files. # readme_directory = + ++biff = no ++content_filter = ++delay_warning_time = 0h ++disable_dns_lookups = no ++disable_mime_output_conversion = no ++inet_interfaces = all ++inet_protocols = ipv4 ++masquerade_classes = envelope_sender, header_sender, header_recipient ++masquerade_domains = ++masquerade_exceptions = ++mydestination = $myhostname, localhost.$mydomain ++myhostname = localhost ++mynetworks_style = subnet ++relayhost = + ++alias_maps = ++canonical_maps = ++relocated_maps = ++sender_canonical_maps = ++transport_maps = ++mail_spool_directory = /var/mail ++message_strip_characters = ++defer_transports = ++mailbox_command = ++mailbox_transport = ++mailbox_size_limit = 0 ++message_size_limit = 0 ++strict_8bitmime = no ++strict_rfc821_envelopes = no ++smtpd_helo_required = no ++ ++smtpd_client_restrictions = ++ ++smtpd_helo_restrictions = ++ ++smtpd_sender_restrictions = ++ ++smtpd_recipient_restrictions = ++ ++ ++############################################################ ++# SASL stuff ++############################################################ ++smtp_sasl_auth_enable = no ++smtp_sasl_security_options = ++smtp_sasl_password_maps = ++smtpd_sasl_auth_enable = no ++############################################################ ++# TLS stuff ++############################################################ ++#tls_append_default_CA = no ++relay_clientcerts = ++#tls_random_source = dev:/dev/urandom ++ ++smtp_use_tls = no ++#smtp_tls_loglevel = 0 ++smtp_enforce_tls = no ++smtp_tls_CAfile = ++smtp_tls_CApath = ++smtp_tls_cert_file = ++smtp_tls_key_file = ++#smtp_tls_session_cache_timeout = 3600s ++smtp_tls_session_cache_database = ++ ++smtpd_use_tls = no ++#smtpd_tls_loglevel = 0 ++smtpd_tls_CAfile = ++smtpd_tls_CApath = ++smtpd_tls_cert_file = ++smtpd_tls_key_file = ++smtpd_tls_ask_ccert = no ++smtpd_tls_received_header = no +############################################################ +# Start MySQL from postfixwiki.org +############################################################ +#relay_domains = $mydestination, hash:/etc/postfix/relay ++virtual_alias_domains = +#virtual_alias_maps = hash:/etc/postfix/virtual +#virtual_uid_maps = static:303 +#virtual_gid_maps = static:303 @@ -39,4 +111,13 @@ +############################################################ +# End MySQL from postfixwiki.org +############################################################ ++# Rewrite reject codes ++############################################################ ++#unknown_address_reject_code = 550 ++#unknown_client_reject_code = 550 ++#unknown_hostname_reject_code = 550 ++#soft_bounce = yes ++############################################################ ++#debug_peer_list = example.com ++#debug_peer_level = 3 + ++++++ postfix-2.8.3-master.cf.patch ++++++ diff -ruN postfix-2.8.3-orig/conf/master.cf postfix-2.8.3/conf/master.cf --- postfix-2.8.3-orig/conf/master.cf 2010-12-31 15:14:51.000000000 +0100 +++ postfix-2.8.3/conf/master.cf 2011-05-17 23:56:45.000000000 +0200 @@ -9,6 +9,11 @@ # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd +#amavis unix - - n - 4 smtp +# -o smtp_data_done_timeout=1200 +# -o smtp_send_xforward_command=yes +# -o disable_dns_lookups=yes +# -o max_use=20 #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog @@ -50,6 +55,26 @@ virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil +#localhost:10025 inet n - n - - smtpd +# -o content_filter= +# -o smtpd_delay_reject=no +# -o smtpd_client_restrictions=permit_mynetworks,reject +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_recipient_restrictions=permit_mynetworks,reject +# -o smtpd_data_restrictions=reject_unauth_pipelining +# -o smtpd_end_of_data_restrictions= +# -o smtpd_restriction_classes= +# -o mynetworks=127.0.0.0/8 +# -o smtpd_error_sleep_time=0 +# -o smtpd_soft_error_limit=1001 +# -o smtpd_hard_error_limit=1000 +# -o smtpd_client_connection_count_limit=0 +# -o smtpd_client_connection_rate_limit=0 +# -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings +# -o local_header_rewrite_clients= +# -o local_recipient_maps= +# -o relay_recipient_maps= scache unix - - n - 1 scache # # ==================================================================== @@ -84,7 +109,7 @@ # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # @@ -117,3 +142,7 @@ #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} +# +#procmail unix - n n - - pipe +# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} +# ++++++ postfix-2.8.3-post-install.patch ++++++ diff -ruN postfix-2.8.3-orig/conf/post-install postfix-2.8.3/conf/post-install --- postfix-2.8.3-orig/conf/post-install 2011-01-09 15:24:00.000000000 +0100 +++ postfix-2.8.3/conf/post-install 2011-05-15 16:11:52.000000000 +0200 @@ -696,7 +696,7 @@ # Postfix 2.2. # Add missing tlsmgr service to master.cf. - grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || { + grep '^#*tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || { echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service cat >>$config_directory/master.cf <<EOF || exit 1 tlsmgr unix - - n 1000? 1 tlsmgr ++++++ postfix-SuSE.patch ++++++ diff -ruN postfix-SuSE-orig/SuSEconfig.postfix postfix-SuSE/SuSEconfig.postfix --- postfix-SuSE-orig/SuSEconfig.postfix 2011-05-11 10:30:56.000000000 +0200 +++ postfix-SuSE/SuSEconfig.postfix 2011-05-18 00:29:48.000000000 +0200 @@ -143,7 +143,6 @@ if [ "$CAPATH" ] then cpifnewer "$CAPATH/*" ./$CAPATH - mkdir ./etc/ssl rsync -avH /etc/ssl/certs ./etc/ssl fi # smtpd_tls_CAfile @@ -162,10 +161,12 @@ fi # smtpd_tls_key_file smtpd_tls_key_file=`postconf -h smtpd_tls_key_file` - if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ] - then - DIR=`dirname $smtpd_tls_key_file` - cpifnewer $smtpd_tls_key_file ./$DIR + if [ -n "$smtpd_tls_key_file" ]; then + if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ] + then + DIR=`dirname $smtpd_tls_key_file` + cpifnewer $smtpd_tls_key_file ./$DIR + fi fi # PAM @@ -263,7 +264,6 @@ # to be on the save side $PCONF -e "daemon_directory = @daemon_directory@" - $PCONF -e "program_directory = @daemon_directory@" $PCONF -e "readme_directory = @readme_directory@" $PCONF -e "html_directory = @html_directory@" $PCONF -e "sample_directory = @sample_directory@" @@ -517,6 +517,8 @@ $PCONF -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" else $PCONF -e "smtp_sasl_auth_enable = no" + $PCONF -e "smtp_sasl_security_options = " + $PCONF -e "smtp_sasl_password_maps = " fi if test "$POSTFIX_SMTP_AUTH_SERVER" == "yes"; then @@ -557,19 +559,28 @@ fi if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then $PCONF -e "smtpd_use_tls = yes" - $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then + $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + else + $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/cacerts" + fi $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" - $PCONF -e "smtpd_tls_received_header = yes" - $PCONF -e "tls_daemon_random_source = dev:/dev/urandom" - $PCONF -e "tls_random_source = dev:/dev/urandom" $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts" $PCONF -e "smtpd_tls_ask_ccert = yes" + $PCONF -e "smtpd_tls_received_header = yes" touch -m -d "1 minute ago" $TMPDIR/main.cf CURRENT=$($PCONF -h smtpd_recipient_restrictions) $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT" else $PCONF -e "smtpd_use_tls = no" + $PCONF -e "smtpd_tls_CAfile =" + $PCONF -e "smtpd_tls_CApath =" + $PCONF -e "smtpd_tls_cert_file =" + $PCONF -e "smtpd_tls_key_file =" + $PCONF -e "relay_clientcerts =" + $PCONF -e "smtpd_tls_ask_ccert = no" + $PCONF -e "smtpd_tls_received_header = no" fi if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then @@ -585,16 +596,22 @@ $PCONF -e "smtp_enforce_tls = yes" fi if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then - test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" && \ + if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then $PCONF -e "smtp_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + else + $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/cacerts" + fi test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \ $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \ $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" - $PCONF -e "smtp_tls_session_cache_timeout = 3600s" $PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache" else - $PCONF -e "smtp_use_tls = no" + $PCONF -e "smtp_tls_CAfile =" + $PCONF -e "smtp_tls_CApath =" + $PCONF -e "smtp_tls_cert_file =" + $PCONF -e "smtp_tls_key_file =" + $PCONF -e "smtp_tls_session_cache_database =" fi ALLMAPS="hash:/etc/aliases" @@ -903,14 +920,16 @@ $line = " ".$1; } # next should match - # # -o smtpd_client_restrictions= + # # -o smtpd_client_restrictions=permit_mynetworks,reject # and not - # # -o smtpd_client_restrictions=permit_sasl_authenticated,reject - } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=.*)/) { - if ( $use_amavis ne "yes" ) { - $line = "# ".$1; - } else { - $line = " ".$1; + # # -o smtpd_client_restrictions=permit_sasl_authenticated,reject + } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=)(.*)/) { + if ( $2 eq "permit_mynetworks,reject") { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1.$2; + } else { + $line = " ".$1.$2; + } } } elsif ( /\#?\s\s(-o\s+smtpd_helo_restrictions=.*)/) { if ( $use_amavis ne "yes" ) { diff -ruN postfix-SuSE-orig/sysconfig.postfix postfix-SuSE/sysconfig.postfix --- postfix-SuSE-orig/sysconfig.postfix 2011-05-11 10:30:56.000000000 +0200 +++ postfix-SuSE/sysconfig.postfix 2011-05-18 00:28:16.000000000 +0200 @@ -198,9 +198,8 @@ # Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set # to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place. # -# Example: POSTFIX_RBL_HOSTS="rbl1.example.com, rbl2.example.com" +# Example: POSTFIX_RBL_HOSTS="cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org" # -#POSTFIX_RBL_HOSTS="zen.spamhaus.org, cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org" POSTFIX_RBL_HOSTS="" ## Type: yesno @@ -287,7 +286,7 @@ # Note: "if set to "medium" default is "hash:/etc/postfix/access, reject_unknown_sender_domain" # # Example: -# POSTFIX_SMTPD_SENDERNT_RESTRICTIONS="reject_unauth_pipelining, +# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining, # check_client_access hash:/etc/postfix/pop-before-smtp, # check_client_access hash:/etc/postfix/relay, # check_client_access hash:/etc/postfix/access, @@ -414,7 +413,12 @@ ## Default: "cacert.pem" ## Config: postfix # -# name of the CA file (below POSTFIX_SSL_PATH) +# name of the CAfile (below POSTFIX_SSL_PATH) +# +# when having more than one CA you want to trust, then +# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts ) +# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts +# after storing the certs. # POSTFIX_TLS_CAFILE="cacert.pem" ++++++ postfix-vda-v10-2.8.1.patch ++++++ ++++ 1403 lines (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
