Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2016-06-02 12:38:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2015-12-17 15:53:28.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2016-06-02 12:38:47.000000000 +0200 @@ -1,0 +2,265 @@ +Sun May 29 16:45:30 UTC 2016 - [email protected] + +- fix Changelog cause of Factory decline + +------------------------------------------------------------------- +Tue May 24 13:18:55 UTC 2016 - [email protected] + +- Fix typo in config.postfix + +------------------------------------------------------------------- +Tue May 24 04:29:41 UTC 2016 - [email protected] + +- bnc#981097 config.postfix creates broken main.cf for tls client configuration +- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete +- update to 3.1.1: +- The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. +- Machine-readable, JSON-formatted queue listing with "postqueue -j" + (no "mailq" equivalent). +- The milter_macro_defaults feature provides an optional list of macro + name=value pairs. These specify default values for Milter macros when + no value is available from the SMTP session context. +- Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + smtp_transport_rate_delay = 20s +- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. +- New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. +- New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. +- A new "postfix tls" command to quickly enable opportunistic TLS + in the Postfix SMTP client or server, and to manage SMTP server keys + and certificates, including certificate signing requests and + TLSA DNS records for DANE. + +------------------------------------------------------------------- +Tue Apr 19 07:59:32 UTC 2016 - [email protected] + +- build with working support for SMTPUTF8 + +------------------------------------------------------------------- +Sun Mar 20 14:11:27 UTC 2016 - [email protected] + +- fix build on sle11 by pointing _libexecdir to /usr/lib all the + time. + +------------------------------------------------------------------- +Sun Mar 20 13:46:56 UTC 2016 - [email protected] + +- some distros did not pull pkgconfig indirectly. pull it directly. + +------------------------------------------------------------------- +Sun Mar 20 08:19:23 UTC 2016 - [email protected] + +- fix building the dynamic maps: the old build had postgresql e.g. + with missing symbols. + - convert to AUXLIBS_* instead of plain AUXLIBS which is needed + for proper dynamic maps. + - reordered the CCARGS and AUXLIBS* lines to group by feature + - use pkgconfig or *_config tools where possible +- picked up signed char from fedora spec file +- enable lmdb support: new BR lmdb-devel, new subpackage + postfix-lmdb. +- don't delete vmail user/groups + +------------------------------------------------------------------- +Wed Mar 9 13:06:35 UTC 2016 - [email protected] + +- update to 3.1.0 +- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, + lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. + Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch + could be removed. +- Adapting all the patches to postfix 3.1.0 +- remove obsolete patches + * add_missed_library.patch + * postfix-opensslconfig.patch +- update vda patch + * remove postfix-vda-v13-2.10.0.patch + * add postfix-vda-v13-3.10.0.patch +- The patch postfix-db6.diff is not more neccessary + +- Backwards-compatibility safety net. + With NEW Postfix installs, you MUST install a main.cf file with + the setting "compatibility_level = 2". See conf/main.cf for an + example. + + With UPGRADES of existing Postfix systems, you MUST NOT change the + main.cf compatibility_level setting, nor add this setting if it + does not exist. + + Several Postfix default settings have changed with Postfix 3.0. To + avoid massive frustration with existing Postfix installations, + Postfix 3.0 comes with a safety net that forces Postfix to keep + running with backwards-compatible main.cf and master.cf default + settings. This safety net depends on the main.cf compatibility_level + setting (default: 0). Details are in COMPATIBILITY_README. + +- Major changes - tls +* [Feature 20160207] A new "postfix tls" command to quickly enable + opportunistic TLS in the Postfix SMTP client or server, and to + manage SMTP server keys and certificates, including certificate + signing requests and TLSA DNS records for DANE. +* As of the middle of 2015, all supported Postfix releases no longer + nable "export" grade ciphers for opportunistic TLS, and no longer + use the deprecated SSLv2 and SSLv3 protocols for mandatory or + opportunistic TLS. +* [Incompat 20150719] The default Diffie-Hellman non-export prime was + updated from 1024 to 2048 bits, because SMTP clients are starting + to reject TLS handshakes with primes smaller than 2048 bits. +* [Feature 20160103] The Postfix SMTP client by default enables DANE + policies when an MX host has a (DNSSEC) secure TLSA DNS record, + even if the MX DNS record was obtained with insecure lookups. The + existence of a secure TLSA record implies that the host wants to + talk TLS and not plaintext. For details see the + smtp_tls_dane_insecure_mx_policy configuration parameter. + +- Major changes - default settings + [Incompat 20141009] The default settings have changed for relay_domains + (new: empty, old: $mydestination) and mynetworks_style (new: host, + old: subnet). However the backwards-compatibility safety net will + prevent these changes from taking effect, giving the system + administrator the option to make an old default setting permanent + in main.cf or to adopt the new default setting, before turning off + backwards compatibility. See COMPATIBILITY_README for details. + + [Incompat 20141001] A new backwards-compatibility safety net forces + Postfix to run with backwards-compatible main.cf and master.cf + default settings after an upgrade to a newer but incompatible Postfix + version. See COMPATIBILITY_README for details. + + While the backwards-compatible default settings are in effect, + Postfix logs what services or what email would be affected by the + incompatible change. Based on this the administrator can make some + backwards-compatibility settings permanent in main.cf or master.cf, + before turning off backwards compatibility. + +- Major changes - address verification safety + [Feature 20151227] The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. + + Tempfailing verify requests is not as bad as one might think. The + Postfix verify cache proactively updates active addresses weeks + before they expire. The address_verify_pending_request_limit affects + only unknown addresses, and inactive addresses that have expired + from the address verify cache (by default, after 31 days). + +- Major changes - json support + [Feature 20151129] Machine-readable, JSON-formatted queue listing + with "postqueue -j" (no "mailq" equivalent). The output is a stream + of JSON objects, one per queue file. To simplify parsing, each + JSON object is formatted as one text line followed by one newline + character. See the postqueue(1) manpage for a detailed description + of the output format. + +- Major changes - milter support + [Feature 20150523] The milter_macro_defaults feature provides an + optional list of macro name=value pairs. These specify default + values for Milter macros when no value is available from the SMTP + session context. + + For example, with "milter_macro_defaults = auth_type=TLS", the + Postfix SMTP server will send an auth_type of "TLS" to a Milter, + unless the remote client authenticates with SASL. ++++ 68 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/postfix/postfix.changes ++++ and /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes Old: ---- add_missed_library.patch dynamic_maps.patch dynamic_maps_pie.patch postfix-2.11.7.tar.gz postfix-db6.diff postfix-opensslconfig.patch postfix-vda-v13-2.10.0.patch New: ---- postfix-3.1.1.tar.gz postfix-vda-v13-3.10.0.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:49.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:49.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package postfix # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,12 +16,19 @@ # +%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%bcond_without lmdb +%else +%bcond_with lmdb +%endif + # # Some defines # %define pf_docdir %{_docdir}/%{name}-doc %define pf_config_directory %{_sysconfdir}/%{name} %define pf_daemon_directory /usr/lib/%{name} +%define _libexecdir /usr/lib %define pf_command_directory %{_prefix}/sbin %define pf_queue_directory var/spool/%{name} %define pf_sendmail_path %{_sbindir}/sendmail @@ -52,39 +59,38 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 2.11.7 +Version: 3.1.1 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 Group: Productivity/Networking/Email/Servers Url: http://www.postfix.org/ -Source: http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz -#Source1: postfix-%{version}.tar.gz.asc +#Source: http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz +Source: postfix-%{version}.tar.gz Source2: %{name}-SuSE.tar.gz Source3: %{name}-mysql.tar.bz2 -#Source4: %{name}.keyring -Source10: postfix-rpmlintrc +Source10: %{name}-rpmlintrc Source11: check_mail_queue -Patch0: dynamic_maps.patch -Patch1: dynamic_maps_pie.patch +Patch1: %{name}-no-md5.patch Patch2: pointer_to_literals.patch Patch3: ipv6_disabled.patch -Patch10: %{name}-main.cf.patch -Patch11: %{name}-master.cf.patch -Patch12: %{name}-post-install.patch -Patch20: %{name}-ssl-release-buffers.patch -Patch21: postfix-opensslconfig.patch -Patch100: %{name}-vda-v13-2.10.0.patch -Patch101: postfix-db6.diff -#PATCH-FIX-SLE PATCH-FIX-OPENSUSE to be able to build the agent tls_proxy -Patch102: add_missed_library.patch -Patch103: postfix-no-md5.patch +Patch4: %{name}-main.cf.patch +Patch5: %{name}-master.cf.patch +Patch6: %{name}-post-install.patch +Patch7: %{name}-ssl-release-buffers.patch +Patch8: %{name}-vda-v13-3.10.0.patch + BuildRequires: cyrus-sasl-devel BuildRequires: db-devel BuildRequires: libopenssl-devel +%if %{with lmdb} +BuildRequires: lmdb-devel +%endif +BuildRequires: libicu-devel BuildRequires: mysql-devel BuildRequires: openldap2-devel BuildRequires: pcre-devel +BuildRequires: pkgconfig BuildRequires: postgresql-devel Requires: iproute2 Requires(pre): permissions @@ -158,42 +164,82 @@ by starting %{name} if you'll access a postmap which is stored in PostgreSQL. +%if %{with lmdb} +%package lmdb +Summary: Postfix plugin to support LMDB maps +Group: Productivity/Networking/Email/Servers +Requires(pre): %{name} = %{version} + +%description lmdb +Postfix plugin to support LMDB maps. This library will be loaded +by starting %{name} if you'll access a postmap which is stored in +PostgreSQL. +%endif + %prep %setup -q -a 2 -a 3 -%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -%patch10 -%patch11 -%patch12 -%patch20 -%patch21 -%patch100 -p1 -%patch101 -%patch102 -%patch103 -p1 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 -p1 + # --------------------------------------------------------------------------- %build -export CCARGS="-DHAS_LDAP -DHAS_PCRE -DUSE_SASL_AUTH -I%{_includedir}/sasl" -export CCARGS="$CCARGS -DMAX_DYNAMIC_MAPS" -export CCARGS="$CCARGS -DHAS_MYSQL -I%{_includedir}/mysql" -export CCARGS="$CCARGS -DHAS_PGSQL -I%{_includedir}/pgsql" -export CCARGS="$CCARGS -DUSE_CYRUS_SASL" -export AUXLIBS="-lldap -llber -lpcre" -export AUXLIBS="$AUXLIBS -lsasl2" -export AUXLIBS="$AUXLIBS -lssl -lcrypto" -export CCARGS="$CCARGS -DUSE_TLS" -export CCARGS="$CCARGS %{optflags} -Wno-comments" +unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB + +export CCARGS="${CCARGS} %{optflags} -Wno-comments -Wno-missing-braces -fPIC" +%ifarch s390 s390x ppc +export CCARGS="${CCARGS} -fsigned-char" +%endif +# +if pkg-config openssl ; then + export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" + export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)" +else + export CCARGS="${CCARGS} -DUSE_TLS" + export AUXLIBS="${AUXLIBS} -lssl -lcrypto" +fi +# +export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL" +export AUXLIBS_LDAP="-lldap -llber" +# +export CCARGS="${CCARGS} -DHAS_PCRE" +export AUXLIBS_PCRE="-lpcre" +# +export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" +if pkg-config libsasl2 ; then + export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)" +else + export AUXLIBS="$AUXLIBS -lsasl2" +fi +# +export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)" +export AUXLIBS_MYSQL="$(mysql_config --libs)" +# +export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)" +export AUXLIBS_PGSQL="-lpq" +# +%if %{with lmdb} +export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ +export AUXLIBS_LMDB="-llmdb" +%endif +# +# TODO +#export AUXLIBS_SQLITE +#export AUXLIBS_CDB +#export AUXLIBS_SDBM + export PIE=-pie -make makefiles DEBUG="" -cd lib -for i in dns global master tls util milter; do - ln -sf lib${i}.a lib%{name}-${i}.so.1.0.1; -done -cd - -make LD_LIBRARY_PATH=$(pwd)/lib:${LD_LIBRARY_PATH} +make makefiles pie=yes shared=yes dynamicmaps=yes \ + shlib_directory=/usr/lib/postfix \ + meta_directory=/usr/lib/postfix \ + config_directory=/etc/postfix +make # --------------------------------------------------------------------------- %install @@ -202,16 +248,9 @@ useradd -r -o -g %{name} -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} %{name} 2> /dev/null || : usermod -G %{maildrop_gid},%{mail_gid} %{name} 2> /dev/null || : mkdir -p %{buildroot}/%{_libdir} -install lib/*.1 %{buildroot}/%{_libdir} -for i in %{buildroot}/%{_libdir}/*.1; do - ln -sf ${i##*/} ${i%.*.*} -done -cd lib -for i in libpostfix-*; do - ln -sf $i %{buildroot}/%{_libdir}/${i%%so.*}so -done -cd - -ln -sf $(pwd)/lib/dict_* libexec/ +mkdir -p %{buildroot}/etc/postfix +cp conf/* %{buildroot}/etc/postfix/ +cp lib/libpostfix-* %{buildroot}/%{_libdir} export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} sh postfix-install -non-interactive \ install_root=%{buildroot} \ @@ -395,9 +434,6 @@ else echo "Can not find \"$FILE\". Not updating the file." >&2 fi - echo "Removing %{vmusr} user" - userdel %{vmusr} 2> /dev/null - groupdel %{vmusr} 2> /dev/null fi # --------------------------------------------------------------------------- @@ -469,6 +505,9 @@ %verify_permissions -e %{_sbindir}/postdrop %verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd %verify_permissions -e %{_sbindir}/sendmail +%{fillup_only postfix} +%else +%{fillup_and_insserv -y postfix} %endif # --------------------------------------------------------------------------- @@ -508,25 +547,23 @@ %config(noreplace) %{omc_dir}/%{name}.xml %dir %{_sysconfdir}/%{name} %config %{_sysconfdir}/%{name}/main.cf.default +%config(noreplace) %{_sysconfdir}/%{name}/[^mysql]*[^mysql] %config(noreplace) %{_sysconfdir}/%{name}/access %config(noreplace) %{_sysconfdir}/%{name}/aliases -%config(noreplace) %{_sysconfdir}/%{name}/generic -%config(noreplace) %{_sysconfdir}/%{name}/helo_access %config(noreplace) %{_sysconfdir}/%{name}/canonical +%config(noreplace) %{_sysconfdir}/%{name}/header_checks +%config(noreplace) %{_sysconfdir}/%{name}/helo_access +%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf %config(noreplace) %{_sysconfdir}/%{name}/main.cf %config(noreplace) %{_sysconfdir}/%{name}/master.cf -%config(noreplace) %{_sysconfdir}/%{name}/openssl_%{name}.conf.in -%config(noreplace) %{_sysconfdir}/%{name}/relocated -%config(noreplace) %{_sysconfdir}/%{name}/transport -%config(noreplace) %{_sysconfdir}/%{name}/virtual -%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd -%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical +%config(noreplace) %{_sysconfdir}/%{name}/post-install +%config(noreplace) %{_sysconfdir}/%{name}/postfix-files %config(noreplace) %{_sysconfdir}/%{name}/relay %config(noreplace) %{_sysconfdir}/%{name}/relay_ccerts -%config(noreplace) %{_sysconfdir}/%{name}/header_checks -%config(noreplace) %{_sysconfdir}/%{name}/bounce.cf.default -%config(noreplace) %{_sysconfdir}/%{name}/dynamicmaps.cf -%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf +%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd +%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical +%config(noreplace) %{_sysconfdir}/%{name}/virtual + %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/smtp %dir %{_sysconfdir}/sasl2/ %config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf @@ -569,9 +606,16 @@ %{_libexecdir}/sendmail %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/*[^.so] -%{_libexecdir}/%{name}/dict_ldap.so -%{_libexecdir}/%{name}/dict_pcre.so -%{_libexecdir}/%{name}/dict_tcp.so +%{_libexecdir}/%{name}/postfix-ldap.so +%{_libexecdir}/%{name}/postfix-pcre.so +%{_libexecdir}/%{name}/libpostfix-dns.so +%{_libexecdir}/%{name}/libpostfix-global.so +%{_libexecdir}/%{name}/libpostfix-master.so +%{_libexecdir}/%{name}/libpostfix-tls.so +%{_libexecdir}/%{name}/libpostfix-util.so +%{_libexecdir}/%{name}/main.cf.proto +%{_libexecdir}/%{name}/master.cf.proto + %{conf_backup_dir} %dir %attr(0700,%{name},root) %{pf_data_directory} %{_mandir}/man?/*.gz @@ -603,10 +647,16 @@ %doc %{name}-mysql/%{name}-mysql.sql %config(noreplace) %attr(640, root, %{name}) %{_sysconfdir}/%{name}/*_maps.cf %config(noreplace) %{_sysconfdir}/%{name}/main.cf-mysql -%{_libexecdir}/%{name}/dict_mysql.so +%{_libexecdir}/%{name}/postfix-mysql.so %files postgresql %defattr(-,root,root) -%{_libexecdir}/%{name}/dict_pgsql.so +%{_libexecdir}/%{name}/postfix-pgsql.so + +%if %{with lmdb} +%files lmdb +%defattr(-,root,root) +%{_libexecdir}/%{name}/postfix-lmdb.so +%endif %changelog ++++++ pointer_to_literals.patch ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:49.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:49.000000000 +0200 @@ -54,15 +54,3 @@ if (state->expand_buf == 0) state->expand_buf = vstring_alloc(10); -diff -Nur postfix-2.11.0/src/util/dict_open.c postfix-2.11.0-patched/src/util/dict_open.c ---- postfix-2.11.0/src/util/dict_open.c 2014-02-12 15:19:33.689563158 +0100 -+++ postfix-2.11.0-patched/src/util/dict_open.c 2014-02-12 15:17:28.174612493 +0100 -@@ -554,7 +554,7 @@ - } - - #ifndef NO_DYNAMIC_MAPS --#define STREQ(x,y) (x == y || (x[0] == y[0] && strcmp(x,y) == 0)) -+inline int STREQ(const char *x, const char *y) { return ( x == y || (*(x) == *(y) && strcmp((x), (y)) == 0)); } - - void dict_open_dlinfo(const char *path) - { ++++++ postfix-2.11.7.tar.gz -> postfix-3.1.1.tar.gz ++++++ ++++ 114418 lines of diff (skipped) ++++++ postfix-SuSE.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix --- old/postfix-SuSE/config.postfix 2015-08-12 12:50:59.000000000 +0200 +++ new/postfix-SuSE/config.postfix 2016-05-24 15:18:32.000000000 +0200 @@ -573,20 +573,25 @@ } fi if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then - $PCONF -e "smtpd_use_tls = yes" - if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then - $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + if [ -z "$POSTFIX_TLS_CERTFILE" -o -z "$POSTFIX_TLS_KEYFILE" -o ! -e "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" -o ! -e "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" ]; then + # BNC#981097 config.postfix creates broken main.cf for tls client configuration + warn_user 1>&2 "You have activated POSTFIX_SMTP_TLS_SERVER, but you don't have created or configured certificates." else - $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs" + $PCONF -e "smtpd_use_tls = yes" + if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then + $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + else + $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs" + fi + $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" + $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" + $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts" + $PCONF -e "smtpd_tls_ask_ccert = yes" + $PCONF -e "smtpd_tls_received_header = yes" + touch -m -d "1 minute ago" $TMPDIR/main.cf + CURRENT=$($PCONF -h smtpd_recipient_restrictions) + $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT" fi - $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" - $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" - $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts" - $PCONF -e "smtpd_tls_ask_ccert = yes" - $PCONF -e "smtpd_tls_received_header = yes" - touch -m -d "1 minute ago" $TMPDIR/main.cf - CURRENT=$($PCONF -h smtpd_recipient_restrictions) - $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT" else $PCONF -e "smtpd_use_tls = no" $PCONF -e "smtpd_tls_CAfile =" @@ -616,10 +621,12 @@ else $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/certs" fi - test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \ + if [ "$POSTFIX_TLS_CERTFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" ]; then $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" - test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \ + fi + if [ "$POSTFIX_TLS_KEYFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" ]; then $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" + fi $PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache" else $PCONF -e "smtp_tls_CAfile =" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix.orig new/postfix-SuSE/config.postfix.orig --- old/postfix-SuSE/config.postfix.orig 1970-01-01 01:00:00.000000000 +0100 +++ new/postfix-SuSE/config.postfix.orig 2015-08-12 12:50:59.000000000 +0200 @@ -0,0 +1,1336 @@ +#! /bin/bash +# Copyright (c) 1999-2001 SuSE GmbH Nuernberg, Germany. +# Copyright (c) 2002-2004 SuSE Linux AG +# Copyright (c) 2015 SUSE Linux GmbH +# +# Author: Carsten Hoeger <[email protected]> +# Author: Peter Varkoly <[email protected]> + +export LC_ALL=POSIX +export RUN="/var/run/" +if [ -d /run ]; then + export RUN="/run" +fi + +cpifnewer(){ + # remove files, that do no longer exist + if [ -d $2 -a "$(echo $2/*)" != "$2/*" ]; then + for i in $2/*; do + if [ ! -e "/$i" ]; then + echo "removing old or no longer used $i" + rm -f $i + fi + done + fi + test -d $2 || mkdir -p $2 + for i in $1; do + dst=$2/$(basename $i) + + if [ ! -f $dst -a ! -d $dst -a -e $i ]; then + echo "copying missing $dst from $i" + cp -af $i $dst + elif [ ! -d $dst -a $i -nt $dst -o $i -ot $dst ]; then + echo "updating $dst from $i" + cp -af $i $dst + fi + done +} + +update_db() { + while test "x$1" != "x" ; do + pfmap=/etc/postfix/${1%:*} + mode=${1#*:} + if [ "$mode" == "$1" ]; then + mode=644 + fi + chmod $mode ${pfmap} + test -e $pfmap && \ + if test $pfmap -nt ${pfmap}.db -o ! -e ${pfmap}.db ; then + echo "rebuilding ${pfmap}.db" + postmap ${pfmap} + fi + chmod $mode ${pfmap}.db + shift + done +} + +get_alias_maps(){ + test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \ + for i in $(find /etc/aliases.d -maxdepth 1 -type f \ + '!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \ + '!' -regex ".*/\(\.\|#\).*" \ + '!' -regex ".*~$") ; do + echo -n "$i "; + done +} + +warn_user(){ + tput bold + echo -e "\t*** WARNING ***" + echo -e $1 + echo -e "\t*** WARNING ***" + tput sgr0 +} + +mkchroot(){ + + PF_CHROOT="/var/spool/postfix" + + if [ ! -d "$PF_CHROOT" ]; then + warn_user "\t$PF_CHROOT does not exist!!!\n\ +\tThis should not happen!\n\ +\tPlease reinstall package postfix or create this directory!" + exit 1 + fi + cd "$PF_CHROOT" + + if [ "$(echo "$POSTFIX_MYSQL_CONN" | tr 'A-Z' 'a-z' )" == "socket" -a \ + "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then + if [ -n "$(my_print_defaults mysqld)" ]; then + MYSQL_SOCKET=$(my_print_defaults mysqld | grep -e '--socket[[:blank:]=]' | awk -F"=" '{print $2}') + MYSQL_SOCKET_DIR=$(dirname $MYSQL_SOCKET) + CHR_MYSQL_SOCKET=$(echo $MYSQL_SOCKET | sed -e "s,/,,") + CHR_MYSQL_SOCKET_DIR=$(dirname $CHR_MYSQL_SOCKET) + else + warn_user "\t/etc/my.cnf does not exist!!\n\ +\tThis should not happen!\n\ +\tPlease check if postfix-mysql is installed and check for package mysql." + fi + fi + if [ "$(echo "$POSTFIX_SMTP_AUTH_SERVER" | tr 'A-Z' 'a-z' )" != "no" ]; then + SASL_SOCKET_DIR="$RUN/sasl2" + CHR_SASL_SOCKET_DIR="run/sasl2" + fi + if [ "$(echo "$POSTFIX_CHROOT" | tr 'A-Z' 'a-z' )" != "yes" ]; then + # tidy-up in any case, to be safe (bnc#837561) + if grep '[[:blank:]]/var/spool/postfix/proc[[:blank:]]' /proc/mounts &> /dev/null; then + umount /var/spool/postfix/proc + fi + if [ -d etc ]; then + echo "removing postfix chroot environment..." + fi + + if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then + if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then + umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR + fi + fi + + if [ -n "$CHR_SASL_SOCKET_DIR" ]; then + if grep "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then + umount "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR + fi + fi + + rm -rvf etc @lib@ usr var proc + else + echo "checking postfix chroot environment..." + + if [ -e /lib/security/pam_ldap.so ]; then + cpifnewer /etc/openldap/ldap.conf etc/openldap + fi + + if [ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "yes" ]; then + if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then + if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then + umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR + fi + fi + fi + + if [ "$(echo "$POSTFIX_MYSQL_CONN" | tr 'A-Z' 'a-z' )" == "socket" -a \ + "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then + if [ ! -d $CHR_MYSQL_SOCKET_DIR ]; then + mkdir -p $CHR_MYSQL_SOCKET_DIR + fi + if ! grep $CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then + mount -o bind $MYSQL_SOCKET_DIR "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR + fi + fi + + if [ "$(echo "$POSTFIX_SMTP_AUTH_SERVER" | tr 'A-Z' 'a-z' )" != "no" ]; then + if [ ! -d $CHR_SASL_SOCKET_DIR ]; then + mkdir -p $CHR_SASL_SOCKET_DIR + fi + if ! grep $CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then + mount -o bind $SASL_SOCKET_DIR "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR + fi + fi + + # smtpd_tls_CApath + CAPATH=`postconf -h smtpd_tls_CApath` + if [ "$CAPATH" ] + then + cpifnewer "$CAPATH/*" ./$CAPATH + rsync -avH --copy-unsafe-links /etc/ssl/certs ./etc/ssl + fi + # smtpd_tls_CAfile + smtpd_tls_CAfile=`postconf -h smtpd_tls_CAfile` + if [ "$smtpd_tls_CAfile" ] + then + DIR=`dirname $smtpd_tls_CAfile` + cpifnewer $smtpd_tls_CAfile ./$DIR + fi + # smtpd_tls_cert_file + smtpd_tls_cert_file=`postconf -h smtpd_tls_cert_file` + if [ "$smtpd_tls_cert_file" ] + then + DIR=`dirname $smtpd_tls_cert_file` + cpifnewer $smtpd_tls_cert_file ./$DIR + fi + # smtpd_tls_key_file + smtpd_tls_key_file=`postconf -h smtpd_tls_key_file` + if [ -n "$smtpd_tls_key_file" ]; then + if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ] + then + DIR=`dirname $smtpd_tls_key_file` + cpifnewer $smtpd_tls_key_file ./$DIR + fi + fi + + # PAM + cpifnewer "/etc/pam.d/*" etc/pam.d + cpifnewer "/@lib@/security/*" @lib@/security + cpifnewer "/@lib@/libpam*" @lib@ + cpifnewer "/usr/@lib@/libcrack.so*" usr/@lib@ + + # SASL + cpifnewer /etc/sasldb2 etc + cpifnewer "/etc/sasl2/*" etc/sasl2 + cpifnewer "/usr/@lib@/sasl2/*" usr/@lib@/sasl2 + cpifnewer "/usr/@lib@/libsasl2*" usr/@lib@ + + # CYRUS + mkdir -p var/lib/imap/socket/ + ln -f /var/lib/imap/socket/lmtp var/lib/imap/socket/lmtp + + cpifnewer "/@lib@/libnss*" @lib@ + cpifnewer "/@lib@/libresolv*" @lib@ + cpifnewer "/@lib@/libdb*" @lib@ + cpifnewer "/@lib@/libxcrypt*" @lib@ + + cpifnewer /etc/host.conf etc + cpifnewer /etc/nsswitch.conf etc + cpifnewer /etc/resolv.conf etc + cpifnewer /etc/services etc + cpifnewer /etc/hosts etc + cpifnewer /etc/passwd etc + + if [ -L /etc/localtime ]; then + if [ -z "$TIMEZONE" -o "$TIMEZONE" == "YAST_ASK" ]; then + warn_user "\tUnable to setup your timezone!\n\ +\tThe logging of the current time in /var/log/mail may be wrong!\n\ +\tPlease set the variable TIMEZONE in /etc/sysconfig/clock!" + else + mkdir -p usr/share/zoneinfo/$(dirname $TIMEZONE) + if [ ! -e /usr/share/zoneinfo/$TIMEZONE ]; then + warn_user "\t$TIMEZONE is not a regular timezone or the corresponding\n\ +\tfile at /usr/share/zoneinfo does not exist" + else + cp -af /usr/share/zoneinfo/$TIMEZONE usr/share/zoneinfo/$TIMEZONE + ln -sf ../usr/share/zoneinfo/$TIMEZONE etc/localtime + fi + fi + else + cpifnewer /etc/localtime etc + fi + + # do not chown -R root /var/spool/postfix/var + # this will break ownership for mysql on suse < 1120 + if [ "$(echo "$POSTFIX_WITH_MYSQL" | tr 'A-Z' 'a-z' )" != "no" ]; then + chown -R root "$PF_CHROOT"/{etc,@lib@,usr} + else + chown -R root "$PF_CHROOT"/{etc,@lib@,usr,var} + fi + fi # "$POSTFIX_CHROOT" +} + +gen_main_cf(){ + TMPDIR=$(mktemp -d /tmp/config.postfix.XXXXXX) || exit 1 + PCONF="/usr/sbin/postconf -c $TMPDIR" + + # needed when for WITH_LDAP + export POSTFIX_WITH_LDAP + # needed when for WITH_MYSQL + export POSTFIX_WITH_MYSQL + MCF_DIR=$TMPDIR + export MCF_DIR + + if [ $? -ne 0 ]; then + warn_user "Can't create temp directory, exiting..." + exit 1 + fi + cp -f /etc/postfix/{main,master}.cf $TMPDIR + + # Some default settings, that seem to be useable, at least to me + $PCONF -e "mail_spool_directory = /var/mail" + $PCONF -e "canonical_maps = hash:/etc/postfix/canonical" + $PCONF -e "virtual_alias_domains = hash:/etc/postfix/virtual" + $PCONF -e "relocated_maps = hash:/etc/postfix/relocated" + if [ "$(echo "$POSTFIX_TRANSPORT_MAPS" | tr 'A-Z' 'a-z' )" != "" ]; then + $PCONF -e "transport_maps = $POSTFIX_TRANSPORT_MAPS" + else + $PCONF -e "transport_maps = hash:/etc/postfix/transport" + fi + $PCONF -e "sender_canonical_maps = hash:/etc/postfix/sender_canonical" + $PCONF -e "masquerade_exceptions = root" + $PCONF -e "masquerade_classes = envelope_sender, header_sender, header_recipient" + if [ -n "${FQHOSTNAME}" ]; then + $PCONF -e "myhostname = $FQHOSTNAME" + fi + $PCONF -e "delay_warning_time = 1h" + $PCONF -e 'message_strip_characters = \0' + + # to be on the save side + $PCONF -e "daemon_directory = @daemon_directory@" + $PCONF -e "readme_directory = @readme_directory@" + $PCONF -e "html_directory = @html_directory@" + $PCONF -e "sample_directory = @sample_directory@" + $PCONF -e "sendmail_path = @sendmail_path@" + $PCONF -e "setgid_group = @setgid_group@" + $PCONF -e "manpage_directory = @manpage_directory@" + $PCONF -e "newaliases_path = @newaliases_path@" + $PCONF -e "mailq_path = @mailq_path@" + if [ "$(echo "$POSTFIX_INET_PROTO" | tr 'A-Z' 'a-z' )" != "" ]; then + $PCONF -e "inet_protocols = $POSTFIX_INET_PROTO" + else + if [ "$( ip addr show dev lo | grep inet6 )" ]; then + $PCONF -e "inet_protocols = all" + else + $PCONF -e "inet_protocols = ipv4" + fi + fi + if test "$SMTPD_LISTEN_REMOTE" == "yes" ; then + if [ "$(echo "$POSTFIX_LISTEN" | tr 'A-Z' 'a-z' )" != "" ]; then + $PCONF -e "inet_interfaces = $POSTFIX_LISTEN" + else + $PCONF -e "inet_interfaces = all" + fi + else + $PCONF -e "inet_interfaces = localhost" + fi + test -n "$POSTFIX_MASQUERADE_DOMAIN" && \ + MASQ_DOMS=$POSTFIX_MASQUERADE_DOMAIN + if [ -n "$FROM_HEADER" -a "$FROM_HEADER" != "YAST_ASK" ]; then + if [ -n "$MASQ_DOMS" ]; then + MASQ_DOMS="$MASQ_DOMS, $FROM_HEADER" + else + MASQ_DOMS="$FROM_HEADER" + fi + fi + $PCONF -e "masquerade_domains = $MASQ_DOMS" + + if test -z "$POSTFIX_LOCALDOMAINS"; then + $PCONF -e 'mydestination = $myhostname, localhost.$mydomain' + else + $PCONF -e "mydestination = $POSTFIX_LOCALDOMAINS" + fi + + # this overrides the previous + if test "$POSTFIX_NULLCLIENT" == "yes"; then + $PCONF -e "mydestination = " + fi + + if test "$POSTFIX_DIALUP" == "yes"; then + $PCONF -e "defer_transports = smtp" + $PCONF -e "mynetworks_style = host" + else + $PCONF -e "defer_transports = " + if test -n "$POSTFIX_ADD_MYNETWORKS_STYLE" + then + $PCONF -e "mynetworks_style = $POSTFIX_ADD_MYNETWORKS_STYLE" + fi + fi + + if test "$POSTFIX_NODNS" == "yes"; then + $PCONF -e "disable_dns_lookups = yes" + else + $PCONF -e "disable_dns_lookups = no" + fi + if test -n "$POSTFIX_RELAYHOST"; then + $PCONF -e "relayhost = $POSTFIX_RELAYHOST" + else + $PCONF -e "relayhost = " + fi + if [ "$(echo "$USE_AMAVIS" | tr 'A-Z' 'a-z' )" != "yes" ]; then + $PCONF -e "content_filter = " + else + $PCONF -e "content_filter = amavis:[127.0.0.1]:10024" + fi + + case "$POSTFIX_MDA" in + procmail) + echo 1>&2 "Setting up procmail as MDA..." + if [ ! -x /usr/bin/procmail ]; then + warn_user 1>&2 "procmail is not installed, using local as MDA!" + $PCONF -e "mailbox_command = " + $PCONF -e "mailbox_transport = " + else + $PCONF -e "mailbox_command = /usr/bin/procmail" + $PCONF -e "mailbox_transport = " + fi + $PCONF -e "disable_mime_output_conversion = no" + ;; + cyrus) + echo 1>&2 "Setting up cyrus-imapd via lmtp as MDA..." + if [ ! -x /usr/lib/cyrus/bin/lmtpd ]; then + warn_user 1>&2 "cyrus-imapd is not installed, using local as MDA!" + $PCONF -e "mailbox_command = " + $PCONF -e "mailbox_transport = " + else + LMTPUNIX=$(grep -E "^[[:space:]]*lmtpunix.*" /etc/cyrus.conf) + if [ -z "$LMTPUNIX" ]; then + warn_user 1>&2 "you have to add\n\ +lmtpunix cmd=\"lmtpd\" listen=\"/var/lib/imap/socket/lmtp\" prefork=1\n\ +to /etc/cyrus.conf" + else + if [ -z "$(echo $LMTPUNIX | grep -E '/var/lib/imap/socket/lmtp')" ]; then + warn_user 1>&2 "the socket to listen on is wrong in /etc/cyrus.conf\n\ +use listen=\"/var/lib/imap/socket/lmtp\" instead!" + fi + fi + $PCONF -e "mailbox_command = " + $PCONF -e "mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp" + $PCONF -e "disable_mime_output_conversion = no" + if [ -z "$(id postfix | grep -E 'groups=.*mail')" ]; then + warn_user 1>&2 "adding postfix user to group mail" + usermod -G mail postfix + fi + fi + ;; + dovecot) + echo 1>&2 "Setting up dovecot as MDA..." + if [ ! -x /usr/lib/dovecot/deliver ]; then + warn_user 1>&2 "dovecot is not installed, using local as MDA!" + $PCONF -e "mailbox_command = " + $PCONF -e "mailbox_transport = " + else + $PCONF -e "mailbox_command = /usr/lib/dovecot/deliver" + $PCONF -e "mailbox_transport = " + fi + $PCONF -e "disable_mime_output_conversion = no" + ;; + local|*) + echo 1>&2 "Setting up postfix local as MDA..." + $PCONF -e "mailbox_command = " + $PCONF -e "mailbox_transport = " + $PCONF -e "disable_mime_output_conversion = no" + ;; + esac + + case "$POSTFIX_BASIC_SPAM_PREVENTION" in + medium) + echo 1>&2 "Setting up medium SPAM protection..." + $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain" + if test -n "$POSTFIX_RBL_HOSTS"; then + rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ }) + clnt_restrictions="" + for i in $rblhosts; do + if [ -z "$clnt_restrictions" ]; then + clnt_restrictions="reject_rbl_client $i" + else + clnt_restrictions="$clnt_restrictions, reject_rbl_client $i" + fi + done + $PCONF -e "smtpd_client_restrictions = $clnt_restrictions" + else + $PCONF -e "smtpd_client_restrictions =" + fi + $PCONF -e "smtpd_helo_required = yes" + $PCONF -e "smtpd_helo_restrictions = " + $PCONF -e "strict_rfc821_envelopes = no" + $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination " + ;; + hard) + echo 1>&2 "Setting up hard SPAM protection..." + $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain" + if test -n "$POSTFIX_RBL_HOSTS"; then + rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ }) + clnt_restrictions="" + for i in $rblhosts; do + if [ -z "$clnt_restrictions" ]; then + clnt_restrictions="reject_rbl_client $i" + else + clnt_restrictions="$clnt_restrictions, reject_rbl_client $i" + fi + done + $PCONF -e "smtpd_client_restrictions = permit_mynetworks, $clnt_restrictions, reject_unknown_client" + + else + $PCONF -e \ + "smtpd_client_restrictions = permit_mynetworks, reject_unknown_client" + fi + $PCONF -e "smtpd_helo_required = yes" + $PCONF -e "smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname" + $PCONF -e "strict_rfc821_envelopes = yes" + $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination" + ;; + custom) + echo 1>&2 "Setting up custom SPAM protection..." + $PCONF -e "smtpd_helo_required = yes" + $PCONF -e "strict_rfc821_envelopes = no" + if [ -n "$POSTFIX_SMTPD_CLIENT_RESTRICTIONS" ]; then + s_clnt_restrictions=$(echo ${POSTFIX_SMTPD_CLIENT_RESTRICTIONS/\ \+/,/ }) + else + echo 1>&2 "No smtpd_client_restrictions defined ... setting to medium ..." + s_clnt_restrictions="reject_unauth_pipelining, reject_unknown_client" + fi + if [ -n "$POSTFIX_RBL_HOSTS" ]; then + rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ }) + maps_rbl="" + for i in $rblhosts; do + if [ -z "$maps_rbl" ]; then + maps_rbl="reject_rbl_client $i" + else + maps_rbl="$maps_rbl, reject_rbl_client $i" + fi + done + $PCONF -e "smtpd_client_restrictions = $s_clnt_restrictions, $maps_rbl" + else + $PCONF -e "smtpd_client_restrictions = $s_clnt_restrictions" + fi + if [ -n "$POSTFIX_SMTPD_HELO_RESTRICTIONS" ]; then + helo_restrictions=$(echo ${POSTFIX_SMTPD_HELO_RESTRICTIONS/\ \+/,/ }) + $PCONF -e "smtpd_helo_restrictions = $helo_restrictions" + else + $PCONF -e "smtpd_helo_restrictions = reject_unauth_pipelining, reject_unknown_client" + fi + if [ -n "$POSTFIX_SMTPD_SENDER_RESTRICTIONS" ]; then + sender_restrictions=$(echo ${POSTFIX_SMTPD_SENDER_RESTRICTIONS/\ \+/,/ }) + $PCONF -e "smtpd_sender_restrictions = $sender_restrictions" + else + $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain" + fi + if [ -n "$POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" ]; then + rcpt_restrictions=$(echo ${POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS/\ \+/,/ }) + fi + if [ -z "$POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS" ]; then + echo 1>&2 "No smtp_recipient_restrictions defined ... setting to medium ..." + $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination" + else + $PCONF -e "smtpd_recipient_restrictions = $rcpt_restrictions" + fi + ;; + *) + if test "$POSTFIX_BASIC_SPAM_PREVENTION" != "off"; then + warn_user 1>&2 "$POSTFIX_BASIC_SPAM_PREVENTION is an invalid value for POSTFIX_BASIC_SPAM_PREVENTION\n\ +using \"off\" instead!" + fi + echo 1>&2 "Setting SPAM protection to \"off\"..." + $PCONF -e "smtpd_sender_restrictions = hash:/etc/postfix/access" + $PCONF -e "smtpd_client_restrictions =" + $PCONF -e "smtpd_helo_required = no" + $PCONF -e "smtpd_helo_restrictions =" + $PCONF -e "strict_rfc821_envelopes = no" + $PCONF -e "smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination" + ;; + esac + + if test "$POSTFIX_SMTP_AUTH" == "yes"; then + $PCONF -e "smtp_sasl_auth_enable = yes" + $PCONF -e "smtp_sasl_security_options = $POSTFIX_SMTP_AUTH_OPTIONS" + $PCONF -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" + else + $PCONF -e "smtp_sasl_auth_enable = no" + $PCONF -e "smtp_sasl_security_options = " + $PCONF -e "smtp_sasl_password_maps = " + fi + + if test "$POSTFIX_SMTP_AUTH_SERVER" == "yes"; then + if [ -f /etc/sasl2/smtpd.conf ]; then + grep saslauthd /etc/sasl2/smtpd.conf >/dev/null && { + checkproc -p $RUN/sasl2/saslauthd.pid /usr/sbin/saslauthd || { + warn_user 1>&2 "You are using saslauthd as pwcheck_method in /etc/sasl2/smtpd.conf,\n\ +but saslauthd is not running." + } + } + elif [ -f /usr/@lib@/sasl2/smtpd.conf ]; then + grep saslauthd /usr/@lib@/sasl2/smtpd.conf >/dev/null && { + checkproc -p $RUN/sasl2/saslauthd.pid /usr/sbin/saslauthd || { + warn_user 1>&2 "You are using saslauthd as pwcheck_method in /usr/@lib@/sasl2/smtpd.conf,\n\ +but saslauthd is not running." + } + } + else + warn_user 1>&2 "You have activated POSTFIX_SMTP_AUTH_SERVER, but you don't have /etc/sasl2/smtpd.conf (nor /usr/@lib@/sasl2/smtpd.conf)" + fi + $PCONF -e "smtpd_sasl_auth_enable= yes" + touch -m -d "1 minute ago" $TMPDIR/main.cf + CURRENT=$($PCONF -h smtpd_client_restrictions) + $PCONF -e "smtpd_client_restrictions= permit_sasl_authenticated, $CURRENT" + touch -m -d "1 minute ago" $TMPDIR/main.cf + CURRENT=$($PCONF -h smtpd_recipient_restrictions) + $PCONF -e "smtpd_recipient_restrictions= permit_sasl_authenticated, $CURRENT" + else + $PCONF -e "smtpd_sasl_auth_enable= no" + fi + + + if test "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then + grep -E '^smtps' /etc/services >/dev/null || { + warn_user 1>&2 "adding service \"smtps\" to /etc/services" + echo "smtps 465/tcp # smtp over SSL" >> /etc/services + } + fi + if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then + $PCONF -e "smtpd_use_tls = yes" + if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then + $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + else + $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/certs" + fi + $PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" + $PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" + $PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts" + $PCONF -e "smtpd_tls_ask_ccert = yes" + $PCONF -e "smtpd_tls_received_header = yes" + touch -m -d "1 minute ago" $TMPDIR/main.cf + CURRENT=$($PCONF -h smtpd_recipient_restrictions) + $PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT" + else + $PCONF -e "smtpd_use_tls = no" + $PCONF -e "smtpd_tls_CAfile =" + $PCONF -e "smtpd_tls_CApath =" + $PCONF -e "smtpd_tls_cert_file =" + $PCONF -e "smtpd_tls_key_file =" + $PCONF -e "relay_clientcerts =" + $PCONF -e "smtpd_tls_ask_ccert = no" + $PCONF -e "smtpd_tls_received_header = no" + fi + + if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then + $PCONF -e "smtp_use_tls = no" + $PCONF -e "smtp_enforce_tls = no" + fi + if test "$POSTFIX_SMTP_TLS_CLIENT" == "yes"; then + $PCONF -e "smtp_use_tls = yes" + $PCONF -e "smtp_enforce_tls = no" + fi + if test "$POSTFIX_SMTP_TLS_CLIENT" == "must"; then + $PCONF -e "smtp_use_tls = yes" + $PCONF -e "smtp_enforce_tls = yes" + fi + if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then + if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then + $PCONF -e "smtp_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" + else + $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/certs" + fi + test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \ + $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" + test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \ + $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" + $PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache" + else + $PCONF -e "smtp_tls_CAfile =" + $PCONF -e "smtp_tls_CApath =" + $PCONF -e "smtp_tls_cert_file =" + $PCONF -e "smtp_tls_key_file =" + $PCONF -e "smtp_tls_session_cache_database =" + fi + + ALLMAPS="hash:/etc/aliases" + for i in $(get_alias_maps); do + ALLMAPS="${ALLMAPS}, hash:$i" + done + $PCONF -e "alias_maps = $ALLMAPS" + + for i in $(echo ${!POSTFIX_ADD_*}); do + touch -m -d "1 minute ago" $TMPDIR/main.cf + pfkey=$(echo ${i#POSTFIX_ADD_}) + pfval=$(eval "echo \$$i") + if [ -z "$($PCONF $pfkey 2>/dev/null)" ]; then + pfkey=$(echo ${i#POSTFIX_ADD_} | tr '[:upper:]' '[:lower:]') + if [ -z "$($PCONF $pfkey 2>/dev/null)" ]; then + warn_user 1>&2 "unknown parameter $i ignored" + else + #old style uppercase written variable + $PCONF -e "$pfkey = $pfval" + fi + else + $PCONF -e "$pfkey = $pfval" + fi + done + + perl -e 'use strict; + +my $mncf = "$ENV{MCF_DIR}/main.cf"; +my $line; + +my $with_ldap = + defined $ENV{POSTFIX_WITH_LDAP} ? $ENV{POSTFIX_WITH_LDAP} : "no"; + +$with_ldap = lc($with_ldap); + +my $with_mysql = + defined $ENV{POSTFIX_WITH_MYSQL} ? $ENV{POSTFIX_WITH_MYSQL} : "no"; + +$with_mysql = lc($with_mysql); + +open(MNCF,"<$mncf") || die "unable to open $mncf: $!"; + +while( <MNCF> ) { + chomp; + + if( /\#?(virtual_alias_maps\s=\s).*/ ) { + if ($with_mysql ne "yes" && $with_ldap ne "yes") { + $line = $1."hash:/etc/postfix/virtual"; + } elsif ($with_ldap eq "yes" && $with_mysql ne "yes") { + $line = $1."hash:/etc/postfix/virtual ldap:/etc/postfix/ldap_aliases.cf"; + } elsif ($with_mysql eq "yes" && $with_ldap ne "yes") { + $line = $1."hash:/etc/postfix/virtual mysql:/etc/postfix/mysql_virtual_alias_maps.cf"; + } elsif ($with_mysql eq "yes" && $with_ldap eq "yes") { + $line = $1."hash:/etc/postfix/virtual ldap:/etc/postfix/ldap_aliases.cf mysql:/etc/postfix/mysql_virtual_alias_maps.cf"; + } + } elsif( /\#?(virtual_uid_maps\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_gid_maps\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_minimum_uid\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_base\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_domains\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_limit\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_maps\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_transport\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_limit_maps\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_mailbox_limit_override\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_maildir_limit_message\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /\#?(virtual_overquota_bounce\s=.*)/ ) { + if ($with_mysql ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /^(relay_domains\s=\s).*/ ) { + if ($with_mysql ne "yes") { + $line = $1."\$mydestination, hash:/etc/postfix/relay"; + } else { + $line = $1."\$mydestination, hash:/etc/postfix/relay, mysql:/etc/postfix/mysql_relay_domains_maps.cf"; + } + } else { + $line = $_; + } + + if( $line =~ /^\#/ ) { + print $line."\n"; + next; + } + + print $line."\n"; + +}' > $TMPDIR/new.cf + + mv $TMPDIR/new.cf $TMPDIR/main.cf + cat $TMPDIR/main.cf + rm -rf $TMPDIR +} + +gen_amavisd_cf(){ + cp /etc/amavisd.conf /etc/amavisd.conf.back + export FQHOSTNAME + if [ -n "${FQHOSTNAME}" ]; then + perl -e 'use strict; +open(ACF,"</etc/amavisd.conf") || die "unable to open /etc/amavisd.conf: $!"; + +my @CONF = (); +my $myhostname = $ENV{FQHOSTNAME}; +my ($h,$mydomain)= split /\./, $myhostname, 2; +my $ismyhostname = 0; +while( <ACF> ) { + if ( s/^\$myhostname = .*;/\$myhostname = "$myhostname";/ ) + { + next if $ismyhostname; + $ismyhostname = 1; + } + s/^\$mydomain = .*;/\$mydomain = "$mydomain";/; + push @CONF, $_ +} +close(ACF); +pop @CONF; +if ( ! $ismyhostname ) { + push @CONF, "\$myhostname = \"$myhostname\";\n"; +} +push @CONF, "1;"; +open(OUT,">/etc/amavisd.conf"); +print OUT @CONF; +close(OUT); +' + fi +} + +gen_master_cf(){ + export POSTFIX_LAPTOP + export POSTFIX_CHROOT + export POSTFIX_NULLCLIENT + export USE_AMAVIS + export POSTFIX_SMTP_AUTH_SERVER + export POSTFIX_SMTP_TLS_SERVER + export POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT + export POSTFIX_SMTP_TLS_CLIENT + + perl -e 'use strict; + +my $mcf = "/etc/postfix/master.cf"; +my $line; + +my $laptop = + defined $ENV{POSTFIX_LAPTOP} ? $ENV{POSTFIX_LAPTOP} : "no"; +my $nullclient = + defined $ENV{POSTFIX_NULLCLIENT} ? $ENV{POSTFIX_NULLCLIENT} : "no"; +my $chroot = + defined $ENV{POSTFIX_CHROOT} ? $ENV{POSTFIX_CHROOT} : "yes"; +my $use_amavis = + defined $ENV{USE_AMAVIS} ? $ENV{USE_AMAVIS} : "no"; +my $tlsserver = + defined $ENV{POSTFIX_SMTP_TLS_SERVER} ? $ENV{POSTFIX_SMTP_TLS_SERVER} : "no"; +my $sslserver = + defined $ENV{POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT} ? $ENV{POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT} : "no"; +my $tlsclient = + defined $ENV{POSTFIX_SMTP_TLS_CLIENT} ? $ENV{POSTFIX_SMTP_TLS_CLIENT} : "no"; +my $authserver = + defined $ENV{POSTFIX_SMTP_AUTH_SERVER} ? $ENV{POSTFIX_SMTP_AUTH_SERVER} : "no"; +my $normalize = {}; + + +$laptop = lc($laptop); +$chroot = lc($chroot); +$nullclient = lc($nullclient); +$use_amavis = lc($use_amavis); +$tlsserver = lc($tlsserver); +$tlsclient = lc($tlsclient); +$authserver = lc($authserver); + +open(MCF,"<$mcf") || die "unable to open $mcf: $!"; + +while( <MCF> ) { + chomp; + + if( /^\#?\s*(smtp\s+inet.*?smtpd)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ($nullclient eq "yes") { + $line = "#".$1; + } else { + $line = $1; + } + if ( $use_amavis eq "yes" ) { + $line =~ /(\#?\s*smtp\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."-".$2; + } else { + $line =~ /(\#?\s*smtp\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."-".$2; + } + ## amavis + } elsif( /^\#?\s*(amavis\s+unix.*)/ ) { + if ($use_amavis ne "yes") { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /^\#?\s\s(-o\s+smtp_data_done_timeout=.*)/ ) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtp_send_xforward_command=.*)/ ) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+disable_dns_lookups=.*)/ ) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+max_use=.*)/ ) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + ## end amavis + } elsif( /^\#?\s*(local\s+unix.*)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ($nullclient eq "yes") { + $line = "#".$1; + } else { + $line = $1; + } + ## submission + } elsif( /^\#?\s*(submission\s+inet.*?smtpd)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ( $tlsserver ne "yes" ) { + $line = "#".$1; + } else { + $line = $1; + } + if ( $use_amavis eq "yes" ) { + $line =~ /(^\#?\s*submission\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."10".$2; + } else { + $line =~ /(^\#?\s*submission\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."-".$2; + } + } elsif( /^\#?\s{3}(-o\s+syslog_name=.*)/ ) { + if ( $tlsserver ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif( /^\#?\s{3}(-o\s+smtpd_tls_security_level=.*)/ ) { + if ( $tlsserver ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif( /^\#?\s{3}(-o\s+smtpd_sasl_auth_enable=.*)/ ) { + if ( $tlsserver ne "yes" && $authserver ne "yes") { + $line = "# ".$1; + } else { + $line = " ".$1; + } + ## end submission + ## smtps + } elsif( /^\#?\s*(smtps\s+inet.*?smtpd)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ( $sslserver ne "yes" ) { + $line = "#".$1; + } else { + $line = $1; + } + if ( $use_amavis eq "yes" ) { + $line =~ /(^\#?\s*smtps\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."10".$2; + } else { + $line =~ /(^\#?\s*smtps\s+inet\s+[yn-]?\s+[yn-]?\s+[yn-]?\s+[0-9?yn-]?\s+)[0-9-]+(.*)/; + $line = $1."-".$2; + } + } elsif( /^\#?\s{4}(-o\s+syslog_name=.*)/ ) { + if ( $sslserver ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif( /^\#?\s{4}(-o\s+smtpd_tls_wrappermode=.*)/ ) { + if ( $sslserver ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif( /^\#?\s{4}(-o\s+content_filter=.*)/ ) { + if ( $sslserver ne "yes" && $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif( /^\#?\s{4}(-o\s+smtpd_sasl_auth_enable=.*)/ ) { + if ( $sslserver ne "yes" && $authserver ne "yes") { + $line = "# ".$1; + } else { + $line = " ".$1; + } + ## end smtps + ## tlsmgr + } elsif( /^\#?\s*(tlsmgr\s+unix.*)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ( $tlsclient ne "yes" && $tlsserver ne "yes" && $sslserver ne "yes" ) { + $line = "#".$1; + } else { + $line = $1; + } + ## end tlsmgr + ## localhost_10025 + } elsif( /^\#?\s*(localhost:10025\s+inet.*)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ( $use_amavis ne "yes" ) { + $line = "#".$1; + } else { + $line = $1; + } + } elsif ( /^\#?\s\s(-o\s+content_filter=.*)/ ) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_delay_reject=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + # next should match + # # -o smtpd_client_restrictions=permit_mynetworks,reject + # and not + # # -o smtpd_client_restrictions=permit_sasl_authenticated,reject + } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=)(.*)/) { + if ( $2 eq "permit_mynetworks,reject") { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1.$2; + } else { + $line = " ".$1.$2; + } + } + } elsif ( /^\#?\s\s(-o\s+smtpd_helo_restrictions=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_sender_restrictions=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_recipient_restrictions=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_data_restrictions=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_end_of_data_restrictions=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_restriction_classes=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+mynetworks=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_error_sleep_time=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_soft_error_limit=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_hard_error_limit=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_client_connection_count_limit=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+smtpd_client_connection_rate_limit=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+receive_override_options=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + if( $line !~ /receive_override_options=no_unknown_recipient_checks,no_header_body_checks/ ) + { + $line = " -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings"; + } + } + } elsif ( /^\#?\s\s(-o\s+local_header_rewrite_clients=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+local_recipient_maps=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + } elsif ( /^\#?\s\s(-o\s+relay_recipient_maps=.*)/) { + if ( $use_amavis ne "yes" ) { + $line = "# ".$1; + } else { + $line = " ".$1; + } + ## end localhost_10025 + } elsif( /^(\#?\s*(?:pickup|qmgr)\s+)(?:fifo|unix)(\s+.*)/ ) { + if( defined $normalize->{$1} ) { next; } else { $normalize->{$1} = 1; } + if ( $laptop eq "yes" ) { + $line = $1."unix".$2; + } else { + $line = $1."fifo".$2; + } + } else { + $line = $_; + } + + if( $line =~ /^\#/ ) { + print $line."\n"; + next; + } + + my $match = 0; + foreach my $serv ( ( "smtp", "pickup", "cleanup", "rewrite", + "bounce", "defer", "showq", "error", + "lmtp", "smtps", "tlsmgr", "localhost:10025" ) ) { + if( $line =~ /^$serv\s+/ ) { + $line =~ /(^$serv\s+\w+\s+[yn-]?\s+[yn-]?\s+)[yn-]?(.*)/; + print $1.( $chroot eq "yes" ? "y" : "n" ).$2."\n"; + $match = 1; + } else { + next; + } + } + print $line."\n" if ! $match; +}' + +} + +update_cf() { + while test "x$1" != "x" ; do + B=$( find /etc/postfix/${1} -printf %CY%Cm%Cd%CI%CM ) + cp /etc/postfix/${1} "@conf_backup_dir@/${1}$B" + cp /etc/postfix/${1} "@conf_backup_dir@/${1}" + eval gen_${1/\./_} > /tmp/${1}.config + mv /tmp/${1}.config /etc/postfix/${1}; + shift + done +} + +restore_cf() { + while test "x$1" != "x" ; do + warn_user "/etc/postfix/${1}: zero file size or missing, restoring +from @conf_backup_dir@/${1}" + if [ ! -s @conf_backup_dir@/$1 ]; then + warn_user "@conf_backup_dir@/${1}: zero file size or missing, exiting..." + exit 1 + fi + cp --remove-destination @conf_backup_dir@/$1 /etc/postfix/$1 + + update_cf $1 + shift + done +} + +gen_CA() { + openssl=/usr/bin/openssl + sslpath=$POSTFIX_SSL_PATH + sslconfig=$sslpath/openssl_postfix.conf + date="$(date)" + + oldmask=$(umask) + umask 077 + mkdir -p $sslpath/private + mkdir -p $sslpath/certs + mkdir -p $sslpath/newcerts + + test -f $sslpath/serial || \ + echo 01 > $sslpath/serial + touch $sslpath/index.txt + sed -e "s/@POSTFIX_SSL_COUNTRY@/$POSTFIX_SSL_COUNTRY/" \ + -e "s/@POSTFIX_SSL_STATE@/$POSTFIX_SSL_STATE/" \ + -e "s/@POSTFIX_SSL_LOCALITY@/$POSTFIX_SSL_LOCALITY/" \ + -e "s/@POSTFIX_SSL_ORGANIZATION@/$POSTFIX_SSL_ORGANIZATION/" \ + -e "s/@POSTFIX_SSL_ORGANIZATIONAL_UNIT@/$POSTFIX_SSL_ORGANIZATIONAL_UNIT/" \ + -e "s/@POSTFIX_SSL_COMMON_NAME@/$POSTFIX_SSL_COMMON_NAME/" \ + -e "s/@POSTFIX_SSL_EMAIL_ADDRESS@/$POSTFIX_SSL_EMAIL_ADDRESS/" \ + -e "s/@RANDOM@/${RANDOM}${RANDOM}/" \ + -e "s/@COMMENT@/generated by onfig.postfix at $date/" \ + /etc/postfix/openssl_postfix.conf.in > $sslconfig + + echo "creating CA request/certificate..." + $openssl req -days 2000 -config $sslconfig -new -x509 -nodes \ + -keyout $sslpath/private/cakey.pem -out $sslpath/$POSTFIX_TLS_CAFILE 2>/dev/null || { + echo "error creating CA request/certificate" + rm -rf $sslpath + umask $oldmask + return + } + + echo "creating certificate request..." + $openssl req -config $sslconfig -new -nodes -keyout \ + $sslpath/$POSTFIX_TLS_KEYFILE -out $sslpath/certs/postfixreq.pem 2>/dev/null || { + echo "error creating certificate request" + rm -rf $sslpath + umask $oldmask + return + } + + echo "signing server certificate..." + $openssl ca -config $sslconfig -notext -batch \ + -out $sslpath/$POSTFIX_TLS_CERTFILE \ + -infiles $sslpath/certs/postfixreq.pem 2>/dev/null || { + echo "error signing server certificate" + rm -rf $sslpath + umask $oldmask + return + } + + chmod 755 $sslpath + chmod 755 $sslpath/certs + chmod 644 $sslpath/cacert.pem + umask $oldmask +} + +############################################################################### +#################################### MAIN ##################################### +############################################################################### + +r=$ROOT + +echo "Reading $r/etc/sysconfig and updating the system..." + +test -s $r/etc/sysconfig/postfix || { + echo "No $r/etc/sysconfig/postfix found." + exit 1 +} +. $r/etc/sysconfig/postfix + +# this file contains generic mail setup information +test -s $r/etc/sysconfig/mail || { + echo "No $r/etc/sysconfig/mail found." + exit 1 +} +. $r/etc/sysconfig/mail + +# We may need TIMEZONE for chroot setup +test -s $r/etc/sysconfig/clock && . $r/etc/sysconfig/clock + +# Do not try to get a valid hostname as per boo#934060 +if [ -z "$POSTFIX_MYHOSTNAME" ]; then + FQHOSTNAME= +else + FQHOSTNAME=$POSTFIX_MYHOSTNAME +fi + +# check whether we want to use amavis +if [ -x /usr/sbin/amavisd ]; then + test -s $r/etc/sysconfig/amavis && . $r/etc/sysconfig/amavis + if [ "$USE_AMAVIS" = "yes" ]; then + gen_amavisd_cf + chkconfig amavis on + fi +fi + +# call mkchroot. The conditions what to do take place in this function. +mkchroot + +# restore main.cf and master.cf, if they had been removed by accident +test -z "$r" && { + if [ ! -s /etc/postfix/main.cf ]; then + restore_cf main.cf + fi + + if [ ! -s /etc/postfix/master.cf ]; then + restore_cf master.cf + fi +} + +if test "$MAIL_CREATE_CONFIG" = "yes"; then + test -z "$r" && update_cf master.cf main.cf +fi + +PFVERSION=$(/usr/sbin/postconf -h mail_version) +test -z "$PFVERSION" && { + echo "ERROR - unable to determine the version of postfix, you are running" + echo "This should not happen. Exit..." + exit 1 +} +PFMAJOR=${PFVERSION:0:1} + +if test -z "$r" && test "$POSTFIX_SMTP_TLS_SERVER" == yes ; then + test -d $POSTFIX_SSL_PATH || gen_CA +fi + +if test -z "$r" && test "$POSTFIX_UPDATE_MAPS" == yes ; then + test -e /etc/aliases && \ + if test /etc/aliases -nt /etc/aliases.db \ + -o ! -e /etc/aliases.db ; then + echo "Rebuilding /etc/aliases.db." + /usr/bin/newaliases + fi + update_db $POSTFIX_MAP_LIST + + for i in $(get_alias_maps); do + if test $i -nt $i.db -o ! -e $i.db; then + echo "Rebuilding $i.db" + /usr/sbin/postalias $i + fi + done + + /usr/sbin/postfix reload > /dev/null 2>&1 +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/sysconfig.postfix new/postfix-SuSE/sysconfig.postfix --- old/postfix-SuSE/sysconfig.postfix 2014-02-12 16:00:37.000000000 +0100 +++ new/postfix-SuSE/sysconfig.postfix 2016-05-24 06:29:07.000000000 +0200 @@ -382,7 +382,7 @@ # POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT="no" -## Type: yesno +## Type: list(no,yes,must) ## Default: no ## Config: postfix # ++++++ postfix-main.cf.patch ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200 @@ -1,8 +1,6 @@ -Index: conf/main.cf -=================================================================== ---- conf/main.cf.orig -+++ conf/main.cf -@@ -548,6 +548,7 @@ unknown_local_recipient_reject_code = 55 +--- conf/main.cf.orig 2015-04-01 10:56:39.000000000 +0000 ++++ conf/main.cf 2016-03-16 09:28:51.968093319 +0000 +@@ -567,6 +567,7 @@ # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) @@ -10,7 +8,7 @@ # PARALLEL DELIVERY TO THE SAME DESTINATION # -@@ -654,4 +655,120 @@ sample_directory = +@@ -673,4 +674,120 @@ # readme_directory: The location of the Postfix README files. # readme_directory = ++++++ postfix-master.cf.patch ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200 @@ -1,9 +1,7 @@ -Index: conf/master.cf -=================================================================== ---- conf/master.cf.orig -+++ conf/master.cf -@@ -10,32 +10,38 @@ - # (yes) (yes) (yes) (never) (100) +--- conf/master.cf.orig 2016-03-16 09:28:26.256321206 +0100 ++++ conf/master.cf 2016-03-16 09:35:02.748681617 +0100 +@@ -10,6 +10,11 @@ + # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd +#amavis unix - - n - 4 smtp @@ -14,57 +12,18 @@ #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog - #tlsproxy unix - - n - 0 tlsproxy - #submission inet n - n - - smtpd --# -o syslog_name=postfix/submission --# -o smtpd_tls_security_level=encrypt --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/submission -+# -o smtpd_tls_security_level=encrypt -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING +@@ -28,6 +33,7 @@ #smtps inet n - n - - smtpd --# -o syslog_name=postfix/smtps --# -o smtpd_tls_wrappermode=yes --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/smtps -+# -o smtpd_tls_wrappermode=yes -+# -o content_filter=smtp:[127.0.0.1]:10024 -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING - #628 inet n - n - - qmqpd - pickup unix n - n 60 1 pickup - cleanup unix n - n - 0 cleanup -@@ -61,6 +67,26 @@ local unix - n n - virtual unix - n n - - virtual + # -o syslog_name=postfix/smtps + # -o smtpd_tls_wrappermode=yes ++# -o content_filter=smtp:[127.0.0.1]:10024 + # -o smtpd_sasl_auth_enable=yes + # -o smtpd_reject_unlisted_recipient=no + # -o smtpd_client_restrictions=$mua_client_restrictions +@@ -62,6 +68,27 @@ lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil + scache unix - - n - 1 scache +#localhost:10025 inet n - n - - smtpd +# -o content_filter= +# -o smtpd_delay_reject=no @@ -85,10 +44,11 @@ +# -o local_header_rewrite_clients= +# -o local_recipient_maps= +# -o relay_recipient_maps= - scache unix - - n - 1 scache ++ # # ==================================================================== -@@ -95,7 +121,7 @@ scache unix - - n + # Interfaces to non-Postfix software. Be sure to examine the manual +@@ -95,7 +122,7 @@ # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe @@ -97,7 +57,7 @@ # # ==================================================================== # -@@ -128,3 +154,10 @@ scache unix - - n +@@ -128,3 +155,10 @@ #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} ++++++ postfix-post-install.patch ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200 @@ -1,13 +0,0 @@ -Index: conf/post-install -=================================================================== ---- conf/post-install.orig -+++ conf/post-install -@@ -708,7 +708,7 @@ EOF - # Postfix 2.2. - # Add missing tlsmgr service to master.cf. - -- grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || { -+ grep '^#*tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || { - echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service - cat >>$config_directory/master.cf <<EOF || exit 1 - tlsmgr unix - - n 1000? 1 tlsmgr ++++++ postfix-ssl-release-buffers.patch ++++++ --- /var/tmp/diff_new_pack.m0Tlbu/_old 2016-06-02 12:38:51.000000000 +0200 +++ /var/tmp/diff_new_pack.m0Tlbu/_new 2016-06-02 12:38:51.000000000 +0200 @@ -1,10 +1,8 @@ -Index: src/tls/tls_client.c -=================================================================== ---- src/tls/tls_client.c.orig -+++ src/tls/tls_client.c -@@ -356,6 +356,12 @@ TLS_APPL_STATE *tls_client_init(const TL - return (0); - } +--- src/tls/tls_client.c.orig 2016-03-16 09:45:17.686921418 +0100 ++++ src/tls/tls_client.c 2016-03-16 09:46:24.431617807 +0100 +@@ -369,6 +369,12 @@ + SSL_CTX_set_security_level(client_ctx, 0); + #endif + /* Keep memory usage as low as possible */ + @@ -15,15 +13,14 @@ /* * See the verify callback in tls_verify.c */ -Index: src/tls/tls_server.c -=================================================================== ---- src/tls/tls_server.c.orig -+++ src/tls/tls_server.c -@@ -426,6 +426,11 @@ TLS_APPL_STATE *tls_server_init(const TL - return (0); - } +--- src/tls/tls_server.c.orig 2016-03-16 09:45:39.487150299 +0100 ++++ src/tls/tls_server.c 2016-03-16 09:51:32.230678857 +0100 +@@ -451,6 +451,12 @@ + SSL_CTX_set_security_level(server_ctx, 0); + #endif -+ /* Keep memory usage as low as possible */ ++ /* Keep memory usage as low as possible */ ++ +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif ++++++ postfix-vda-v13-2.10.0.patch -> postfix-vda-v13-3.10.0.patch ++++++ --- /work/SRC/openSUSE:Factory/postfix/postfix-vda-v13-2.10.0.patch 2014-06-26 08:00:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix-vda-v13-3.10.0.patch 2016-06-02 12:38:47.000000000 +0200 @@ -1281,12 +1281,24 @@ + return (deliver_status); } -diff -uNr postfix-2.10.0.orig/src/virtual/virtual.c postfix-2.10.0/src/virtual/virtual.c ---- postfix-2.10.0.orig/src/virtual/virtual.c 2011-02-19 01:46:06.000000000 +0100 -+++ postfix-2.10.0/src/virtual/virtual.c 2013-06-07 13:21:22.840143270 +0200 -@@ -335,12 +335,30 @@ - char *var_mail_spool_dir; /* XXX dependency fix */ +diff -uNr postfix-2.10.0.orig/src/virtual/virtual.h postfix-2.10.0/src/virtual/virtual.h +--- postfix-2.10.0.orig/src/virtual/virtual.h 2006-01-08 00:59:47.000000000 +0100 ++++ postfix-2.10.0/src/virtual/virtual.h 2013-06-07 13:21:22.841143270 +0200 +@@ -34,6 +34,9 @@ + extern MAPS *virtual_mailbox_maps; + extern MAPS *virtual_uid_maps; + extern MAPS *virtual_gid_maps; ++extern MAPS *virtual_mailbox_limit_maps; ++extern MAPS *virtual_maildir_limit_message_maps; ++extern MAPS *virtual_maildir_filter_maps; + + /* + * User attributes: these control the privileges for delivery to external +--- postfix-3.1.0/src/virtual/virtual.c.orig 2016-03-16 09:58:37.790856521 +0100 ++++ postfix-3.1.0/src/virtual/virtual.c 2016-03-16 10:04:44.267207460 +0100 +@@ -347,12 +347,28 @@ bool var_strict_mbox_owner; + char *var_virt_dsn_filter; +char *var_virt_mailbox_limit_maps; +bool var_virt_mailbox_limit_inbox; @@ -1301,7 +1313,6 @@ +bool var_virt_maildir_filter; +char *var_virt_maildir_filter_maps; + -+ /* * Mappings. */ @@ -1311,46 +1322,33 @@ +MAPS *virtual_mailbox_limit_maps; +MAPS *virtual_maildir_limit_message_maps; +MAPS *virtual_maildir_filter_maps; -+ /* * Bit masks. -@@ -450,15 +468,28 @@ - */ - virtual_mailbox_maps = - maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps, -- DICT_FLAG_LOCK | DICT_FLAG_PARANOID); -+ DICT_FLAG_LOCK); +@@ -475,6 +491,19 @@ + DICT_FLAG_LOCK | DICT_FLAG_PARANOID + | DICT_FLAG_UTF8_REQUEST); - virtual_uid_maps = - maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps, -- DICT_FLAG_LOCK | DICT_FLAG_PARANOID); -+ DICT_FLAG_LOCK); - - virtual_gid_maps = - maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps, -- DICT_FLAG_LOCK | DICT_FLAG_PARANOID); -+ DICT_FLAG_LOCK); -+ + virtual_mailbox_limit_maps = + maps_create(VAR_VIRT_MAILBOX_LIMIT_MAPS, var_virt_mailbox_limit_maps, -+ DICT_FLAG_LOCK); ++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST ); + + virtual_maildir_limit_message_maps = + maps_create(VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, var_virt_maildir_limit_message_maps, -+ DICT_FLAG_LOCK); ++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST ); + + virtual_maildir_filter_maps = + maps_create(VAR_VIRT_MAILDIR_FILTER_MAPS, var_virt_maildir_filter_maps, -+ DICT_FLAG_LOCK); ++ DICT_FLAG_LOCK | DICT_FLAG_UTF8_REQUEST ); ++ + - virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock); } -@@ -510,10 +541,22 @@ - VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0, + +@@ -526,6 +555,12 @@ VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0, VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, + VAR_VIRT_DSN_FILTER, DEF_VIRT_DSN_FILTER, &var_virt_dsn_filter, 0, 0, + VAR_VIRT_MAILBOX_LIMIT_MAPS, DEF_VIRT_MAILBOX_LIMIT_MAPS, &var_virt_mailbox_limit_maps, 0, 0, + VAR_VIRT_MAILDIR_LIMIT_MESSAGE, DEF_VIRT_MAILDIR_LIMIT_MESSAGE, &var_virt_maildir_limit_message, 1, 0, + VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, DEF_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, &var_virt_maildir_limit_message_maps, 0, 0, @@ -1360,34 +1358,3 @@ 0, }; static const CONFIG_BOOL_TABLE bool_table[] = { - VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, -+ VAR_VIRT_MAILBOX_LIMIT_INBOX, DEF_VIRT_MAILBOX_LIMIT_INBOX, &var_virt_mailbox_limit_inbox, -+ VAR_VIRT_MAILBOX_LIMIT_OVERRIDE, DEF_VIRT_MAILBOX_LIMIT_OVERRIDE, &var_virt_mailbox_limit_override, -+ VAR_VIRT_MAILDIR_EXTENDED, DEF_VIRT_MAILDIR_EXTENDED, &var_virt_maildir_extended, -+ VAR_VIRT_OVERQUOTA_BOUNCE, DEF_VIRT_OVERQUOTA_BOUNCE, &var_virt_overquota_bounce, -+ VAR_VIRT_TRASH_COUNT, DEF_VIRT_TRASH_COUNT, &var_virt_trash_count, -+ VAR_VIRT_MAILDIR_FILTER, DEF_VIRT_MAILDIR_FILTER, &var_virt_maildir_filter, - 0, - }; - -@@ -530,6 +573,7 @@ - MAIL_SERVER_PRE_INIT, pre_init, - MAIL_SERVER_POST_INIT, post_init, - MAIL_SERVER_PRE_ACCEPT, pre_accept, -+ MAIL_SERVER_BOOL_TABLE, bool_table, - MAIL_SERVER_PRIVILEGED, - 0); - } -diff -uNr postfix-2.10.0.orig/src/virtual/virtual.h postfix-2.10.0/src/virtual/virtual.h ---- postfix-2.10.0.orig/src/virtual/virtual.h 2006-01-08 00:59:47.000000000 +0100 -+++ postfix-2.10.0/src/virtual/virtual.h 2013-06-07 13:21:22.841143270 +0200 -@@ -34,6 +34,9 @@ - extern MAPS *virtual_mailbox_maps; - extern MAPS *virtual_uid_maps; - extern MAPS *virtual_gid_maps; -+extern MAPS *virtual_mailbox_limit_maps; -+extern MAPS *virtual_maildir_limit_message_maps; -+extern MAPS *virtual_maildir_filter_maps; - - /* - * User attributes: these control the privileges for delivery to external
