Re: macOS X, Operation not permitted - rename sendmail

2018-11-02 Thread Viktor Dukhovni 
> On Nov 2, 2018, at 1:37 AM, James Brown  wrote:
> 
> make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
> -DDEF_SERVER_SASL_TYPE=\"dovecot\" \
> -DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
> -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
> -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
> -DHAS_PCRE -I/usr/local/opt//include \
> -DHAS_SSL -I/usr/local/opt/openssl@1.1 \
> -DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' 
> AUXLIBS='-L/usr/local/lib -lpcre -lssl -lcrypto 
> -L/usr/local/opt/mysql@5.7/lib \
> -lmysqlclient -lz -lm' sendmail_path=/usr/local/sbin/sendmail 
> newaliases_path=/usr/local/bin/newaliases mailq_path=/usr/local/bin/mailq

You can make the recipe cleaner:

 set --  -DUSE_TLS
 set -- "$@" -DUSE_SASL_AUTH '-DDEF_SERVER_SASL_TYPE=\"dovecot\"'
 set -- "$@" -DHAS_PCRE -I/usr/local/opt/include
 set -- "$@" -DHAS_SSL -I/usr/local/opt/openssl@1.1
 set -- "$@" -DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql
 CCARGS="$@"

 set --  -L/usr/local/lib
 set -- "$@" -lpcre
 set -- "$@" -lssl -lcrypto
 set -- "$@" -L/usr/local/opt/mysql@5.7/lib -lmysqlclient -lz -lm
 AUXLIBS="$@"

 set --  config_directory=/usr/local/etc/postfix
 set -- "$@" command_directory=/usr/local/sbin 
 set -- "$@" daemon_directory=/usr/local/libexec/postfix
 set -- "$@" sendmail_path=/usr/local/sbin/sendmail
 set -- "$@" newaliases_path=/usr/local/bin/newaliases
 set -- "$@" mailq_path=/usr/local/bin/mailq

 make -f Makefile.init makefiles "$@" "CCARGS=${CCARGS}" "AUXLIBS=${AUXLIBS}"
 
-- 
Viktor.

Re: macOS X, Operation not permitted - rename sendmail

2018-11-01 Thread James Brown 
On 2 Nov 2018, at 4:11 pm, Viktor Dukhovni mailto:postfix-us...@dukhovni.org>> wrote:
> 
> On Fri, Nov 02, 2018 at 03:09:02PM +1100, James Brown wrote:
> 
>> I run make with:
>> 
>> $ make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
>> -DDEF_SERVER_SASL_TYPE=\"dovecot\" \
>> -DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
>> -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
>> -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
>> -DHAS_PCRE -I/usr/local/opt//include \
>> -DHAS_SSL -I/usr/local/opt/openssl@1.1 \
>> -DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' 
>> AUXLIBS='-L/usr/local/lib -lpcre -lssl -lcrypto 
>> -L/usr/local/opt/mysql@5.7/lib \
>> -lmysqlclient -lz -lm
>> 
>> How can I make it use /usr/local for sendmail?
> 
>http://www.postfix.org/INSTALL.html#build_over 
> 
> 
> -- 
>   Viktor.

That was it Viktor, I had already been there, but was using 
'-sendmail_path=/usr/local/sbin/‘. Ie putting a hyphen at the front out of 
habit.

Removed the hyphen and got:

Updating /usr/local/sbin/sendmail...
Updating /usr/bin/newaliases...
rm: /usr/bin/newaliases: Operation not permitted
make: *** [install] Error 1

So obviously I also needed to do a few more.

Anyway, finally got it to work with:

make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
-DDEF_SERVER_SASL_TYPE=\"dovecot\" \
-DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
-DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
-DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
-DHAS_PCRE -I/usr/local/opt//include \
-DHAS_SSL -I/usr/local/opt/openssl@1.1 \
-DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' AUXLIBS='-L/usr/local/lib 
-lpcre -lssl -lcrypto -L/usr/local/opt/mysql@5.7/lib \
-lmysqlclient -lz -lm' sendmail_path=/usr/local/sbin/sendmail 
newaliases_path=/usr/local/bin/newaliases mailq_path=/usr/local/bin/mailq

Thanks heaps for your help Victor.

James.

Re: macOS X, Operation not permitted - rename sendmail

2018-11-01 Thread Viktor Dukhovni 
On Fri, Nov 02, 2018 at 03:09:02PM +1100, James Brown wrote:

> I run make with:
> 
> $ make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
> -DDEF_SERVER_SASL_TYPE=\"dovecot\" \
> -DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
> -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
> -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
> -DHAS_PCRE -I/usr/local/opt//include \
> -DHAS_SSL -I/usr/local/opt/openssl@1.1 \
> -DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' 
> AUXLIBS='-L/usr/local/lib -lpcre -lssl -lcrypto 
> -L/usr/local/opt/mysql@5.7/lib \
> -lmysqlclient -lz -lm
> 
> How can I make it use /usr/local for sendmail?

http://www.postfix.org/INSTALL.html#build_over

-- 
Viktor.

Re: macOS X, Operation not permitted - rename sendmail

2018-11-01 Thread James Brown 


> On 1 Oct 2018, at 6:13 pm, Viktor Dukhovni  > wrote:
> 
> On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote:
> 
>> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.
>> 
>> Sudo make install finishes with:
>> 
>> Updating /usr/sbin/sendmail...
> 
> In MacOSX /usr is immutable, except during upgrade reboots.  You
> can't install Postfix in /usr.  You need to build it for installation
> in /usr/local.  This also means you can't replace /usr/sbin/sendmail,
> but that should not be a problem, since the system-provided sendmail
> will write compatible queue files, and the Postfix you build in
> /usr/local can use the same queue-directory (owned by the "_postfix"
> user and group-writable by "_postdrop").

Thanks Victor.

I run make with:

$ make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH \
-DDEF_SERVER_SASL_TYPE=\"dovecot\" \
-DDEF_COMMAND_DIR=\"/usr/local/sbin\" \
-DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" \
-DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" \
-DHAS_PCRE -I/usr/local/opt//include \
-DHAS_SSL -I/usr/local/opt/openssl@1.1 \
-DHAS_MYSQL -I/usr/local/opt/mysql@5.7/include/mysql' AUXLIBS='-L/usr/local/lib 
-lpcre -lssl -lcrypto -L/usr/local/opt/mysql@5.7/lib \
-lmysqlclient -lz -lm

How can I make it use /usr/local for sendmail?

Thanks,

James.

Re: macOS X, Operation not permitted - rename sendmail

2018-10-01 Thread Bill Cole 

On 1 Oct 2018, at 3:56, James Brown wrote:


Is this a SIP thing?


Yes. As Viktor said, Apple-populated paths under /usr are immutable 
while SIP is enabled.



Anyone come across this? How to fix?


Don't fight it. As Viktor said, you can adjust your build to NOT replace 
the system 'sendmail' (which is Apple's custom-built Postfix 3.2.2.) 
Even if you disable SIP to do that replacement, you will not be informed 
when a future minor system update re-installs Apple's binary.


If you don't feel like cobbling up your own build under the Homebrew 
model, MacPorts has a mature flexible port for Postfix, along with all 
of its dependencies and possible dependencies (e.g. Dovecot, if you're 
using it's SASL layer.)


And of course you CAN just try to work with Apple's build and buy their 
additions (not sure what those are exactly any more...) at the cost of 
their compile-time config choices. Everything you need to configure it 
is right there in /etc/postfix/...

Re: macOS X, Operation not permitted - rename sendmail

2018-10-01 Thread Larry Stone 
> On Oct 1, 2018, at 3:13 AM, Viktor Dukhovni  
> wrote:
> 
> On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote:
> 
>> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.
>> 
>> Sudo make install finishes with:
>> 
>> Updating /usr/sbin/sendmail...
> 
> In MacOSX /usr is immutable, except during upgrade reboots.  You
> can't install Postfix in /usr.  You need to build it for installation
> in /usr/local.  This also means you can't replace /usr/sbin/sendmail,

Not quite. If you turn off SIP (System Integrity Protection), you can modify 
/usr. I’ve been running with SIP off since shortly after Apple added that 
feature. So far, they haven’t added anything that gets upset with you for doing 
so. Although when Apple had their hands on my MacBookPro to replace the 
battery, I found they turned it back on.

> MacOS/X is no longer a good platform for running your own Postfix
> builds, the other major obstacle is that getting usable logs is is
> painfully different.  You're running Postfix on a system that is
> not designed to be a server.

Agree. As I like to say, Apple thinks they know best how you should be using 
their products - there’s the “Apple Way” and the “wrong way” with nothing in 
between.

I build Postfix (which I use only for outbound system messages) on an old MacOS 
10.9 system and then transfer the build. That keeps logging working the “right” 
way but is obviously not a long-term viable solution. Not concerned about 
having the latest and greatest Postfix since it’s not externally accessible.

-- 
Larry Stone
lston...@stonejongleux.com

Re: macOS X, Operation not permitted - rename sendmail

2018-10-01 Thread Viktor Dukhovni 
On Mon, Oct 01, 2018 at 05:56:57PM +1000, James Brown wrote:

> I’ve just tired to install Postfix 3.3.1 on macOS X 10.13.6 High Sierra.
> 
> Sudo make install finishes with:
> 
> Updating /usr/sbin/sendmail...

In MacOSX /usr is immutable, except during upgrade reboots.  You
can't install Postfix in /usr.  You need to build it for installation
in /usr/local.  This also means you can't replace /usr/sbin/sendmail,
but that should not be a problem, since the system-provided sendmail
will write compatible queue files, and the Postfix you build in
/usr/local can use the same queue-directory (owned by the "_postfix"
user and group-writable by "_postdrop").

However, you'll also need to disable the MacOS launchd agent for
the built-in Postfix, which watches the queue directory and starts
Postfix on demand and stops it when the queue is drained.  You'll
need a separate job to run your own Postfix.

MacOS/X is no longer a good platform for running your own Postfix
builds, the other major obstacle is that getting usable logs is is
painfully different.  You're running Postfix on a system that is
not designed to be a server.

-- 
Viktor.