Hello community, here is the log from the commit of package postfix.15285 for openSUSE:Leap:15.1:Update checked in at 2020-12-14 18:26:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/postfix.15285 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.postfix.15285.new.2328 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix.15285" Mon Dec 14 18:26:09 2020 rev:1 rq:854957 version:3.3.1 Changes: -------- New Changes file: --- /dev/null 2020-12-09 01:05:43.965003977 +0100 +++ /work/SRC/openSUSE:Leap:15.1:Update/.postfix.15285.new.2328/postfix.changes 2020-12-14 18:26:19.664537220 +0100 @@ -0,0 +1,4521 @@ +------------------------------------------------------------------- +Thu Nov 26 17:27:35 UTC 2020 - Peter Varkoly <[email protected]> + +- bsc#1176650 L3: What is regularly triggering the "fillup" + command and changing modify-time of /etc/sysconfig/postfix? + o Remove miss placed fillup_only call from %verifyscript + +------------------------------------------------------------------- +Thu Sep 12 08:12:55 UTC 2019 - Peter Varkoly <[email protected]> + +- bsc#1142881 - mkpostfixcert from Postfix still uses md5 + +------------------------------------------------------------------- +Fri Sep 6 08:51:46 UTC 2019 - Ludwig Nussel <[email protected]> + +- fix build on kernel 5 by handling LINUX5 define (boo#1149724) + +------------------------------------------------------------------- +Thu Jul 11 10:22:23 UTC 2019 - Peter Varkoly <[email protected]> + +- bsc#1104543 config.postfix does not start tlsmgr in master.cf + when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed + patch. + +------------------------------------------------------------------- +Thu Jul 11 10:14:33 UTC 2019 - Peter Varkoly <[email protected]> + +- bsc#1140521 Postfix can not use ldap tables + - add m4 as BuildRequires + +------------------------------------------------------------------- +Tue Apr 2 08:40:42 UTC 2019 - Peter Varkoly <[email protected]> + +- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang + Break loop if postfix has no permission in spool directory. + - add postfix-avoid-infinit-loop-if-no-permission.patch + +------------------------------------------------------------------- +Sun Jan 20 08:41:58 UTC 2019 - Peter Varkoly <[email protected]> + +- bsc#1120110 L3: Running postfix set-permissions gives error + that is cannot access postfix-ldap.so + o Adapt the proposed patch in postfix-files in postfix-SUSE.tar.gz + +------------------------------------------------------------------- +Fri May 25 11:19:22 UTC 2018 - [email protected] + +- bsc#1087471 Unreleased Postfix update breaks SUSE Manager + o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty + +------------------------------------------------------------------- +Mon May 21 16:31:57 UTC 2018 - [email protected] + +- Update to 3.3.1 (bsc#1094965) + * Postfix did not support running as a PID=1 process, which + complicated Postfix deployment in containers. The "postfix + start-fg" command will now run the Postfix master daemon as a + PID=1 process if possible. Thanks for inputs from Andreas + Schulze, Eray Aslan, and Viktor Dukhovni. + * Segfault in the postconf(1) command after it could not open a + Postfix database configuration file due to a file permission + error (dereferencing a null pointer). Reported by Andreas + Hasenack, fixed by Viktor Dukhovni. + * The luser_relay feature became a black hole, when the luser_relay + parameter was set to a non-existent local address (i.e. mail + disappeared silently). Reported by J?rgen Thomsen. + * Missing error propagation in the tlsproxy(8) daemon could result + in a segfault after TLS handshake error (dereferencing a + 0xffff...ffff pointer). This daemon handles the TLS protocol + when a non-whitelisted client sends a STARTTLS command to + postscreen(8). + +------------------------------------------------------------------- +Wed May 9 09:02:12 UTC 2018 - [email protected] + +- remove pre-requirements on sysvinit(network) and sysvinit(syslog). + There seems to be no good reason for that other than blowing up + the dependencies (bsc#1092408). + +------------------------------------------------------------------- +Mon Apr 9 09:32:56 UTC 2018 - [email protected] + +- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix + if the actual service is running. This prevents spurious + and irrelevant error messages in system logs. + +------------------------------------------------------------------- +Thu Mar 22 14:20:20 UTC 2018 - [email protected] + +- bsc#1082514 autoyast: postfix gets not set myhostname properly - + set to localhost + +------------------------------------------------------------------- +Mon Mar 12 13:43:43 UTC 2018 - [email protected] + +- Refresh spec-file via spec-cleaner and manual optinizations. + * Add %license macro. + * Set license to IPL-1.0 OR EPL-2.0. +- Update to 3.3.0 + * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES + * Dual license: in addition to the historical IBM Public License + 1.0, Postfix is now also distributed with the more recent Eclipse + Public License 2.0. Recipients can choose to take the software + under the license of their choice. Those who are more comfortable + with the IPL can continue with that license. + * The postconf command now warns about unknown parameter names + in a Postfix database configuration file. As with other unknown + parameter names, these warnings can help to find typos early. + * Container support: Postfix 3.3 will run in the foreground with + "postfix start-fg". This requires that Postfix multi-instance + support is disabled (the default). To collect Postfix syslog + information on the container's host, mount the host's /dev/log + socket into the container, for example with "docker run -v + /dev/log:/dev/log ...other options...", and specify a distinct + Postfix syslog_name setting in the container (for example with + "postconf syslog_name=the-name-here"). + * Milter support: applications can now send RET and ENVID parameters + in SMFIR_CHGFROM (change envelope sender) requests. + * Postfix-generated From: headers with 'full name' information + are now formatted as "From: name <address>" by default. Specify + "header_from_format = obsolete" to get the earlier form "From: + address (name)". + * Interoperability: when Postfix IPv6 and IPv4 support are both + enabled, the Postfix SMTP client will now relax MX preferences + and attempt to schedule similar numbers of IPv4 and IPv6 + addresses. This works around mail delivery problems when a + destination announces lots of primary MX addresses on IPv6, but + is reachable only over IPv4 (or vice versa). The new behavior + is controlled with the smtp_balance_mx_inet_protocols parameter. + * Compatibility safety net: with compatibility_level < 1, the + Postfix SMTP server now warns for mail that would be blocked + by the Postfix 2.10 smtpd_relay_restrictions feature, without + blocking that mail. There still is a steady trickle of sites + that upgrade from an earlier Postfix version. + +------------------------------------------------------------------- +Tue Feb 13 10:39:37 UTC 2018 - [email protected] + +- bsc#1065411 Package postfix should require package system-user-nobody +- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth + was configured + +------------------------------------------------------------------- +Thu Dec 7 15:02:14 UTC 2017 - [email protected] + +- Fix usage of fillup_only:-y is not a valid option to this macro. + +------------------------------------------------------------------- +Thu Nov 23 13:43:17 UTC 2017 - [email protected] + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Wed Nov 8 13:32:28 CET 2017 - [email protected] + +- Don't mark postfix.service as config file, this is no config + file. +- Some of the Requires(pre) are needed for post-install and at + runtime, fix the requires. + +------------------------------------------------------------------- +Mon Oct 30 12:12:08 UTC 2017 - [email protected] + +- update to 3.2.4 + * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or + 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS + records associated with an intermediate CA certificate. Problem + report and initial fix by Erwan Legrand. + * Missing dynamicmaps support in the Postfix sendmail command. + This broke authorized_submit_users settings that use a + dynamically-loaded map type. Problem reported by Ulrich Zehl. + +------------------------------------------------------------------- +Fri Oct 20 12:27:12 UTC 2017 - [email protected] + +- bnc#1059512 L3: Postfix Problem + The applied changes breaks existing postfix configurations because + daemon_directory was not adapted to the new value. + + +------------------------------------------------------------------- +Sun Oct 15 22:47:29 UTC 2017 - [email protected] + +- fix build for SLE + * nothing provides libnsl-devel + * add bcond_with libnsl + +------------------------------------------------------------------- +Wed Oct 4 10:58:28 UTC 2017 - [email protected] + +- bnc#1059512 L3: Postfix Problem + To manage multiple Postfix instances on a single host requires + that daemon_directory and shlib_directory is different to + avoid use of the shared directories also as per-instance directories. + For this reason daemon_directory was set to /usr/lib/postfix/bin/. + shlib_directory stands /usr/lib/postfix/. ++++ 4324 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.postfix.15285.new.2328/postfix.changes New: ---- check_mail_queue fix-postfix-script.patch ipv6_disabled.patch pointer_to_literals.patch postfix-3.3.1.tar.gz postfix-SuSE.tar.gz postfix-avoid-infinit-loop-if-no-permission.patch postfix-linux45.patch postfix-main.cf.patch postfix-master.cf.patch postfix-mysql.tar.bz2 postfix-no-md5.patch postfix-rpmlintrc postfix-ssl-release-buffers.patch postfix-vda-v14-3.0.3.patch postfix.changes postfix.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ ++++ 641 lines (skipped) ++++++ check_mail_queue ++++++ #!/bin/bash nm() { NM=$( /usr/bin/mailq 2> /dev/null | tail -1 | /usr/bin/gawk '{ print $5 }' ) if [ "$NM" ] then return 0 else return 1 fi } test -e /var/run/check_mail_queue.pid && exit; echo $$ > /var/run/check_mail_queue.pid while( nm ) do /etc/init.d/postfix status || /etc/init.d/postfix start sleep 10 /usr/sbin/postfix flush done /etc/init.d/postfix status && /etc/init.d/postfix stop rm /var/run/check_mail_queue.pid ++++++ fix-postfix-script.patch ++++++ --- conf/postfix-script 2016-01-31 16:05:46.000000000 -0500 +++ conf/postfix-script 2016-03-01 19:23:51.000000000 -0500 @@ -272,10 +277,17 @@ } todo=`echo "$todo" | tr ' ' '\12' | sort -u` - find $todo ! -user root \ + if find -L $config_directory/main.cf >/dev/null 2>&1 + then + FIND="find -L" + else + FIND=find + fi + + $FIND $todo ! -user root \ -exec $WARN not owned by root: {} \; - find $todo \( -perm -020 -o -perm -002 \) \ + $FIND $todo \( -perm -020 -o -perm -002 \) \ -exec $WARN group or other writable: {} \; # Check Postfix mail_owner-owned directory tree owner/permissions. ++++++ ipv6_disabled.patch ++++++ Index: src/util/inet_proto.c =================================================================== --- src/util/inet_proto.c.orig +++ src/util/inet_proto.c @@ -195,7 +195,6 @@ INET_PROTO_INFO *inet_proto_init(const c if ((sock = socket(PF_INET6, SOCK_STREAM, 0)) >= 0) { close(sock); } else if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { - msg_warn("%s: disabling IPv6 name/address support: %m", context); inet_proto_mask &= ~INET_PROTO_MASK_IPV6; } else { msg_fatal("socket: %m"); ++++++ pointer_to_literals.patch ++++++ Index: src/cleanup/cleanup_message.c =================================================================== --- src/cleanup/cleanup_message.c.orig +++ src/cleanup/cleanup_message.c @@ -290,7 +290,7 @@ static const char *cleanup_act(CLEANUP_S while (*optional_text && ISSPACE(*optional_text)) optional_text++; -#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) +inline int STREQUAL(const char *x, const char *y, size_t l) { return (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0); } #define CLEANUP_ACT_DROP 0 /* Index: src/local/local_expand.c =================================================================== --- src/local/local_expand.c.orig +++ src/local/local_expand.c @@ -115,7 +115,7 @@ static const char *local_expand_lookup(c LOCAL_EXP *local = (LOCAL_EXP *) ptr; static char rcpt_delim[2]; -#define STREQ(x,y) (*(x) == *(y) && strcmp((x), (y)) == 0) +inline int STREQ(const char *x, const char *y) { return (*(x) == *(y) && strcmp((x), (y)) == 0); } if (STREQ(name, "user")) { return (local->state->msg_attr.user); Index: src/smtpd/smtpd_check.c =================================================================== --- src/smtpd/smtpd_check.c.orig +++ src/smtpd/smtpd_check.c @@ -379,6 +379,10 @@ static STRING_LIST *smtpd_acl_perm_log; #define CONST_STR(x) ((const char *) vstring_str(x)) #define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); } +inline int STREQ(const char *x, const char *y) { return (*(x) == *(y) && strcmp((x), (y)) == 0); } +inline int STREQUAL(const char *x, const char *y, size_t l) { return (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0); } +inline int STREQN(const char *x, const char *y, size_t n) { return (*(x) == *(y) && strncmp((x), (y), (n)) == 0); } + /* * If some decision can't be made due to a temporary error, then change * other decisions into deferrals. @@ -2335,8 +2339,6 @@ static int check_table_result(SMTPD_STAT if (msg_verbose) msg_info("%s: %s %s %s", myname, table, value, datum); -#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) - /* * DUNNO means skip this table. Silently ignore optional text. */ @@ -3368,8 +3370,6 @@ static const char *rbl_expand_lookup(con SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context; SMTPD_STATE *state = rbl_exp->state; -#define STREQ(x,y) (*(x) == *(y) && strcmp((x), (y)) == 0) - if (state->expand_buf == 0) state->expand_buf = vstring_alloc(10); ++++++ postfix-avoid-infinit-loop-if-no-permission.patch ++++++ --- src/global/mail_queue.c-orig 2019-04-01 14:37:54.136169772 +0200 +++ src/global/mail_queue.c 2019-04-01 14:42:35.191382999 +0200 @@ -363,6 +363,14 @@ break; if (errno == EEXIST || errno == EISDIR) continue; + /* + * Avoid getting into an infinite loop when we don't have permission to + * read temp_path + */ + if (errno == EACCES) { + msg_fatal("%s: create file %s: no permission", myname, STR(temp_path)); + break; + } msg_warn("%s: create file %s: %m", myname, STR(temp_path)); sleep(10); } ++++++ postfix-linux45.patch ++++++ --- makedefs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: makedefs =================================================================== --- makedefs.orig +++ makedefs @@ -546,7 +546,7 @@ EOF : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; - Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR + Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; Index: src/util/sys_defs.h =================================================================== --- src/util/sys_defs.h.orig +++ src/util/sys_defs.h @@ -748,7 +748,7 @@ extern int initgroups(const char *, int) /* * LINUX. */ -#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) +#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) #define SUPPORTED #define UINT32_TYPE unsigned int #define UINT16_TYPE unsigned short ++++++ postfix-main.cf.patch ++++++ Index: conf/main.cf =================================================================== --- conf/main.cf.orig +++ conf/main.cf @@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55 # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) +smtpd_banner = $myhostname ESMTP # PARALLEL DELIVERY TO THE SAME DESTINATION # @@ -673,4 +674,132 @@ sample_directory = # readme_directory: The location of the Postfix README files. # readme_directory = + +############################################################ +# +# before changing values manually consider editing +# /etc/sysconfig/postfix +# and run +# config.postfix +# +# if you miss a feature of config.postfix then just send a +# mail to [email protected] +# patches for new feature(s) are also welcome :) +# +############################################################ + +biff = no +content_filter = +delay_warning_time = 0h +disable_dns_lookups = no +disable_mime_output_conversion = no +disable_vrfy_command = yes +inet_interfaces = all inet_protocols = ipv4 +masquerade_classes = envelope_sender, header_sender, header_recipient +masquerade_domains = +masquerade_exceptions = +mydestination = $myhostname, localhost.$mydomain +myhostname = localhost +mynetworks_style = subnet +relayhost = + +alias_maps = +canonical_maps = +relocated_maps = +sender_canonical_maps = +transport_maps = +mail_spool_directory = /var/mail +message_strip_characters = +defer_transports = +mailbox_command = +mailbox_transport = +mailbox_size_limit = 0 +message_size_limit = 0 +strict_8bitmime = no +strict_rfc821_envelopes = no +smtpd_delay_reject = yes +smtpd_helo_required = no + +smtpd_client_restrictions = + +smtpd_helo_restrictions = + +smtpd_sender_restrictions = + +smtpd_recipient_restrictions = + + +############################################################ +# SASL stuff +############################################################ +smtp_sasl_auth_enable = no +smtp_sasl_security_options = +smtp_sasl_password_maps = +smtpd_sasl_auth_enable = no +############################################################ +# TLS stuff +############################################################ +#tls_append_default_CA = no +relay_clientcerts = +#tls_random_source = dev:/dev/urandom + +smtp_use_tls = no +#smtp_tls_loglevel = 0 +smtp_enforce_tls = no +smtp_tls_CAfile = +smtp_tls_CApath = +smtp_tls_cert_file = +smtp_tls_key_file = +#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy +#smtp_tls_session_cache_timeout = 3600s +smtp_tls_session_cache_database = + +smtpd_use_tls = no +#smtpd_tls_loglevel = 0 +smtpd_tls_CAfile = +smtpd_tls_CApath = +smtpd_tls_cert_file = +smtpd_tls_key_file = +smtpd_tls_ask_ccert = no +smtpd_tls_received_header = no +############################################################ +# Start MySQL from postfixwiki.org +############################################################ +relay_domains = $mydestination, hash:/etc/postfix/relay +virtual_alias_domains = +#virtual_alias_maps = hash:/etc/postfix/virtual +#virtual_uid_maps = static:303 +#virtual_gid_maps = static:303 +#virtual_minimum_uid = 303 +#virtual_mailbox_base = /srv/maildirs +#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf +#virtual_mailbox_limit = 0 +#virtual_mailbox_limit_inbox = no +#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf +## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp' +#virtual_transport = virtual +## Additional for quota support +#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf +#virtual_mailbox_limit_override = yes +### Needs Maildir++ compatible IMAP servers, like Courier-IMAP +#virtual_maildir_filter = yes +#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter +#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. +#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg +#virtual_overquota_bounce = yes +#virtual_trash_count = yes +#virtual_trash_name = ".Trash" +############################################################ +# End MySQL from postfixwiki.org +############################################################ +# Rewrite reject codes +############################################################ +#unknown_address_reject_code = 550 +#unknown_client_reject_code = 550 +#unknown_hostname_reject_code = 550 +#soft_bounce = yes +############################################################ +#debug_peer_list = example.com +#debug_peer_level = 3 + ++++++ postfix-master.cf.patch ++++++ Index: conf/master.cf =================================================================== --- conf/master.cf.orig +++ conf/master.cf @@ -10,33 +10,39 @@ # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd +#amavis unix - - n - 4 smtp +# -o smtp_data_done_timeout=1200 +# -o smtp_send_xforward_command=yes +# -o disable_dns_lookups=yes +# -o max_use=20 #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy #submission inet n - n - - smtpd -# -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_tls_auth_only=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd -# -o syslog_name=postfix/smtps -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o content_filter=smtp:[127.0.0.1]:10024 +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup @@ -63,6 +69,27 @@ virtual unix - n n lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache +#localhost:10025 inet n - n - - smtpd +# -o content_filter= +# -o smtpd_delay_reject=no +# -o smtpd_client_restrictions=permit_mynetworks,reject +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_recipient_restrictions=permit_mynetworks,reject +# -o smtpd_data_restrictions=reject_unauth_pipelining +# -o smtpd_end_of_data_restrictions= +# -o smtpd_restriction_classes= +# -o mynetworks=127.0.0.0/8 +# -o smtpd_error_sleep_time=0 +# -o smtpd_soft_error_limit=1001 +# -o smtpd_hard_error_limit=1000 +# -o smtpd_client_connection_count_limit=0 +# -o smtpd_client_connection_rate_limit=0 +# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings +# -o local_header_rewrite_clients= +# -o local_recipient_maps= +# -o relay_recipient_maps= + # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual @@ -96,7 +123,7 @@ scache unix - - n # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # @@ -129,3 +156,10 @@ scache unix - - n #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} +# +#procmail unix - n n - - pipe +# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} +# +#dovecot unix - n n - - pipe +# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} +# ++++++ postfix-no-md5.patch ++++++ Index: src/global/mail_params.h =================================================================== --- src/global/mail_params.h.orig +++ src/global/mail_params.h @@ -1338,7 +1338,7 @@ extern char *var_smtpd_tls_excl_ciph; extern char *var_smtpd_tls_mand_excl; #define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest" -#define DEF_SMTPD_TLS_FPT_DGST "md5" +#define DEF_SMTPD_TLS_FPT_DGST "sha1" extern char *var_smtpd_tls_fpt_dgst; #define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file" @@ -1497,9 +1497,9 @@ extern char *var_smtp_tls_excl_ciph; extern char *var_smtp_tls_mand_excl; #define VAR_SMTP_TLS_FPT_DGST "smtp_tls_fingerprint_digest" -#define DEF_SMTP_TLS_FPT_DGST "md5" +#define DEF_SMTP_TLS_FPT_DGST "sha1" #define VAR_LMTP_TLS_FPT_DGST "lmtp_tls_fingerprint_digest" -#define DEF_LMTP_TLS_FPT_DGST "md5" +#define DEF_LMTP_TLS_FPT_DGST "sha1" extern char *var_smtp_tls_fpt_dgst; #define VAR_SMTP_TLS_TAFILE "smtp_tls_trust_anchor_file" ++++++ postfix-rpmlintrc ++++++ addFilter("executable-sourced-script .*/sbin/conf.d/SuSEconfig.postfix") addFilter("sourced-script-with-shebang .*/sbin/conf.d/SuSEconfig.postfix") addFilter("devel-file-in-non-devel-package .*/usr/lib/libpostfix*.so") addFilter("devel-file-in-non-devel-package .*/usr/lib64/libpostfix*.so") ++++++ postfix-ssl-release-buffers.patch ++++++ Index: src/tls/tls_client.c =================================================================== --- src/tls/tls_client.c.orig +++ src/tls/tls_client.c @@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL SSL_CTX_set_security_level(client_ctx, 0); #endif + /* Keep memory usage as low as possible */ + +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + /* * See the verify callback in tls_verify.c */ Index: src/tls/tls_server.c =================================================================== --- src/tls/tls_server.c.orig +++ src/tls/tls_server.c @@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL SSL_CTX_set_security_level(server_ctx, 0); #endif + /* Keep memory usage as low as possible */ + +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + /* * See the verify callback in tls_verify.c */ ++++++ postfix-vda-v14-3.0.3.patch ++++++ ++++ 1385 lines (skipped) _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
