commit
a3267dc949
@ -0,0 +1,2 @@
|
||||
SOURCES/pflogsumm-1.1.5.tar.gz
|
||||
SOURCES/postfix-3.8.5.tar.gz
|
@ -0,0 +1,2 @@
|
||||
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
|
||||
be0d77af651b2373cecb0a6d1722efb1987316ba SOURCES/postfix-3.8.5.tar.gz
|
@ -0,0 +1,440 @@
|
||||
Quick Start to Authenticate with SASL and PAM:
|
||||
----------------------------------------------
|
||||
|
||||
If you don't need the details and are an experienced system
|
||||
administrator you can just do this, otherwise read on.
|
||||
|
||||
1) Edit /etc/postfix/main.cf and set this:
|
||||
|
||||
smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
smtpd_recipient_restrictions =
|
||||
permit_sasl_authenticated,
|
||||
permit_mynetworks,
|
||||
reject_unauth_destination
|
||||
|
||||
2) Turn on saslauthd:
|
||||
|
||||
/sbin/chkconfig --level 345 saslauthd on
|
||||
/sbin/service saslauthd start
|
||||
|
||||
3) Edit /etc/sysconfig/saslauthd and set this:
|
||||
|
||||
MECH=pam
|
||||
|
||||
4) Restart Postfix:
|
||||
|
||||
/sbin/service postfix restart
|
||||
|
||||
A crash course in using SASL with Postfix:
|
||||
------------------------------------------
|
||||
|
||||
Red Hat's Postfix RPMs include support for both SASL and TLS. SASL, the
|
||||
Simple Authentication and Security Layer, allows Postfix to implement RFC
|
||||
2554, which defines an extension to ESMTP, SMTP AUTH, which compliant
|
||||
ESMTP clients can use to authenticate themselves to ESMTP servers.
|
||||
Typically, this is used to allow roaming users to relay mail through a
|
||||
server safely without configuring the SMTP server to be an open relay.
|
||||
Inclusion of TLS support allows Postfix to implement RFC 2487, which
|
||||
defines an extension to ESMTP, SMTP STARTTLS, which compliant ESMTP
|
||||
clients and servers can use to encrypt the SMTP session. This is a
|
||||
security enhancement -- normally SMTP is transmitted as cleartext over the
|
||||
wire, making it vulnerable to both passive sniffing and active alteration
|
||||
via monkey-in-the-middle attacks. In addition, STARTTLS can also be
|
||||
used by either or both server and client to verify the identity of the
|
||||
other end, making it useful for the same sorts of purposes as SMTP AUTH.
|
||||
The two can even be combined. Typically, this is done by first starting
|
||||
TLS, to encrypt the SMTP session, and then issuing the SMTP AUTH command,
|
||||
to authenticate the client; this combination ensures that the username
|
||||
and password transferred as part of the SMTP AUTH are protected by the
|
||||
TLS encrypted session.
|
||||
|
||||
SMTP AUTH is implemented using SASL, an abstraction layer which can
|
||||
authenticate against a variety of sources. On Red Hat, SASL can use
|
||||
the /etc/shadow file, or it can use PAM libraries, or it can use its own
|
||||
password database (/etc/sasldb), or it can do various more exotic things.
|
||||
|
||||
Authentication raises a number of security concerns for obvious
|
||||
reasons. As a consequence authentication services on Red Hat systems
|
||||
are restricted to processes running with root privileges. However for
|
||||
security reasons it is also essential that a mail server such as
|
||||
Postfix run without root privileges so that mail operations cannot
|
||||
compromise the host system. This means that Postfix cannot directly
|
||||
use authentication services because it does not execute with root
|
||||
privileges. The answer to this this problem is to introduce an
|
||||
intermediary process that runs with root privileges which Postfix can
|
||||
communicate with and will perform authentication on behalf of
|
||||
Postfix. The SASL package includes an authentication daemon called
|
||||
saslauthd which provided this service, think of it as an
|
||||
authentication proxy.
|
||||
|
||||
Using Saslauthd:
|
||||
----------------
|
||||
|
||||
To use saslauthd there are several things you must assure are
|
||||
configured.
|
||||
|
||||
Selecting an Authentication Method:
|
||||
-----------------------------------
|
||||
|
||||
Recall that it is saslauthd which is authenticating, not
|
||||
Postfix. To start with you must tell Postfix to use saslauthd, in
|
||||
main.cf edit this configuration parameter:
|
||||
|
||||
smtpd_sasl_auth_enable = yes
|
||||
|
||||
It is also recommended that you disable anonymous logins otherwise
|
||||
you've left your system open, so also add this configuration
|
||||
parameter.
|
||||
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
|
||||
Now you must tell saslauthd which authentication method to use. To
|
||||
determine the authentication methods currently supported by saslauthd
|
||||
invoke saslauthd with the -v parameter, it will print its version and
|
||||
its list of methods and then exit, for example:
|
||||
|
||||
/usr/sbin/saslauthd -v
|
||||
saslauthd 2.1.10
|
||||
authentication mechanisms: getpwent kerberos5 pam rimap shadow
|
||||
|
||||
When saslauthd starts up it reads its configuration options from the
|
||||
file /etc/sysconfig/saslauthd. Currently there are two parameters
|
||||
which can be set in this file, MECH and FLAGS. MECH is the
|
||||
authentication mechanism and FLAGS is any command line flags you may
|
||||
wish to pass to saslauthd. To tell saslauthd to use a specific
|
||||
mechanism edit /etc/sysconfig/saslauthd and set the MECH parameter,
|
||||
for example to use PAM it would look like this:
|
||||
|
||||
MECH=pam
|
||||
|
||||
Of course you may use any of the other authentication mechanisms that
|
||||
saslauthd reported it supports. PAM is an excellent choice as PAM
|
||||
supports many of the same authentication methods that saslauthd does,
|
||||
but by using PAM you will have centralized all of your authentication
|
||||
configuration under PAM which is one of PAM's greatest assets.
|
||||
|
||||
How Postfix Interacts with SASL to Name its Authentication Services:
|
||||
--------------------------------------------------------------------
|
||||
|
||||
It can be very helpful to understand how Postfix communicates with
|
||||
SASL to name its authentication services. Knowing this will let you
|
||||
identify the configuration files the various components will access.
|
||||
|
||||
When Postfix invokes SASL it must give SASL an application name that
|
||||
SASL will use among other things to locate a configuration file for
|
||||
the application. The application name Postfix identifies itself as is
|
||||
"smtpd". SASL will append ".conf" to the application name and look for
|
||||
a config file in its library and config directories. Thus SASL will
|
||||
read Postfix's configuration from
|
||||
|
||||
/etc/sasl2/smtpd.conf
|
||||
|
||||
This file names the authentication method SASL will use for Postfix
|
||||
(actually for smtpd, other MTA's such as sendmail may use the same
|
||||
file). Because we want to use the saslauthd authentication proxy
|
||||
daemon the contents of this file is:
|
||||
|
||||
pwcheck_method: saslauthd
|
||||
|
||||
This tells SASL when being invoked to authentication for Postfix that
|
||||
it should use saslauthd. Saslauthd's mechanism is set in
|
||||
/etc/sysconfig/saslauthd (see below).
|
||||
|
||||
When Postfix calls on SASL to authenticate it passes to SASL a service
|
||||
name. This service name is used in authentication method specific
|
||||
way. The service name Postfix passes to SASL is "smtp" (note this is
|
||||
not the same as the application name which is "smtpd"). To understand
|
||||
this better consider the case of using PAM authentication. When SASL,
|
||||
or in our case saslauthd, invokes PAM it passes the service name of
|
||||
"smtp" to PAM which means that when PAM wants to read configuration
|
||||
information for this client it will find it under the name of "smtp".
|
||||
|
||||
Turning on the Authentication Daemon:
|
||||
-------------------------------------
|
||||
|
||||
Red Hat security policy is not to automatically enable services
|
||||
belonging to a package when the package is installed. The system
|
||||
administrator must explicitly enable the service. To enable saslauthd
|
||||
do the following:
|
||||
|
||||
1) Tell the init process to launch saslauthd when entering various run
|
||||
levels. Assuming you want saslauthd to run at run levels 3,4,5
|
||||
invoke chkconfig.
|
||||
|
||||
/sbin/chkconfig --level 345 saslauthd on
|
||||
|
||||
2) You will probably want to start saslauthd now without having to
|
||||
reboot, to do this:
|
||||
|
||||
/sbin/service saslauthd start
|
||||
|
||||
Trouble Shooting Authentication:
|
||||
--------------------------------
|
||||
|
||||
The best way to debug authentication problems is to examine log
|
||||
messages from the authentication components. However, normally these
|
||||
log messages are suppressed. There are two principle reasons the
|
||||
messages are suppressed. The first is that they are typically logged
|
||||
at the DEBUG logging priority level which is the lowest priority and
|
||||
the syslog configuration typically logs only higher priority
|
||||
messages. The second reason is that for security reasons authentication
|
||||
logging is considered a risk. Authentication logging has been divided
|
||||
into two different facilities, auth and authpriv. authpriv is private
|
||||
and is typically shunted off to a different log file with higher
|
||||
protection. You will want to be able to see both auth and authpriv
|
||||
messages at all priorities. To do this as root edit /etc/syslog.conf
|
||||
file, find the following line
|
||||
|
||||
authpriv.* /var/log/secure
|
||||
|
||||
edit the line to:
|
||||
|
||||
authpriv.*;auth.* /var/log/secure
|
||||
|
||||
Then restart syslogd so the syslog configuration changes will be
|
||||
picked up:
|
||||
|
||||
/sbin/service syslog restart
|
||||
|
||||
Now all authentication messages at all priorities will log to
|
||||
/var/log/secure.
|
||||
|
||||
Using PAM to Authenticate:
|
||||
--------------------------
|
||||
|
||||
Edit /etc/sysconfig/saslauthd and set MECH to PAM like this:
|
||||
|
||||
MECH=pam
|
||||
|
||||
When PAM is invoked via SASL it is passed a service name of
|
||||
"smtp". This means that PAM will read its configuration parameters for
|
||||
Postfix from the file: /etc/pam.d/smtp. By default this file is set to
|
||||
refer to the global system PAM authentication policy, thus by default
|
||||
you'll get whatever PAM authentication your system is configured for
|
||||
and virtually all applications use. Configuring PAM authentication is
|
||||
beyond the scope of this document, please refer to the PAM
|
||||
documentation if you which to modify PAM.
|
||||
|
||||
Trouble Shooting PAM Authentication:
|
||||
------------------------------------
|
||||
|
||||
1) One possible reason PAM may fail to authenticate even if the user
|
||||
is known to the system is if PAM fails to find the service
|
||||
configuration file in /etc/pam.d. Service configuration files are not
|
||||
required by PAM, if it does not find a service configuration file it
|
||||
will default to "other". Since PAM does not consider the absence of a
|
||||
service configuration file a problem it does not log anything nor does
|
||||
it return an error to the calling application. In other words it is
|
||||
completely silent about the fact it did not find a service
|
||||
configuration file. On Red Hat system the default implementation of
|
||||
"other" for PAM is to deny access. This means on Red Hat systems the
|
||||
absence of a PAM service configuration file will mean PAM will
|
||||
silently fail authentication. The PAM service configuration file for
|
||||
postfix is /etc/pam.d/smtp and is intalled by the Red Hat Postfix rpm
|
||||
and put under control of "alternatives" with name mta. Alternatives
|
||||
allows one to select between the sendmail and postfix MTA's and
|
||||
manages symbolic links for files the two MTA's share. /etc/pam.d/smtp
|
||||
is one such file, if you have not selected Postfix as your prefered
|
||||
MTA the link to this file will not be present. To select Postfix as
|
||||
your MTA do this: "/usr/sbin/alternatives --config mta" and follow the
|
||||
prompt to select postfix.
|
||||
|
||||
2) Is SASL appending a realm or domain to a username? PAM
|
||||
authentication requires a bare username and password, other
|
||||
authentication methods require the username to be qualified with a
|
||||
realm. Typically the username will be rewritten as user@realm
|
||||
(e.g. user@foo.com) PAM does not understand a username with
|
||||
"@realm" appended to it and will fail the authentication with the
|
||||
message that the user is unknown. If the log files shows saslauthd
|
||||
usernames with "@realm" appended to it then the
|
||||
smtpd_sasl_local_domain configuration parameter is likely set in
|
||||
/etc/postfix/main.cf file, make sure its either not set or set it
|
||||
to an empty string. Restart postfix and test authtentication again,
|
||||
the log file should show only a bare username.
|
||||
|
||||
|
||||
|
||||
Using saslpasswd to Authenticate:
|
||||
---------------------------------
|
||||
|
||||
SASL can maintain its own password database independent of the host
|
||||
system's authentication setup, it is called saslpasswd. You may wish
|
||||
to use saslpasswd if you want to isolate who can smtp authenticate
|
||||
from general system users. However, it does add another password
|
||||
database that a system administrator must maintain.
|
||||
|
||||
To authenticate against sasldb, you'll first have to create accounts.
|
||||
These accounts are entirely separate from system accounts, and are used
|
||||
only by connecting SMTP clients to authenticate themselves. Use the
|
||||
saslpassword command:
|
||||
|
||||
saslpasswd -u `postconf -h myhostname` -c user
|
||||
|
||||
to create an account named user which can log into realm. For the
|
||||
realm, make absolutely certain that you use the same value as is set for
|
||||
myhostname in /etc/postfix/main.cf. If you don't, it likely won't work.
|
||||
|
||||
Also, be aware that saslpasswd is somewhat buggy. The first time you
|
||||
run it, it may generate an error message while initializing the sasldb.
|
||||
If it does, just add that user a second time.
|
||||
|
||||
You'll need to set permissions on the SASL password database so that
|
||||
the Postfix daemons can read it:
|
||||
|
||||
chgrp postfix /etc/sasldb
|
||||
chmod g+r /etc/sasldb
|
||||
|
||||
Now, you'll need to modify /etc/postfix/main.cf to tell it to
|
||||
support SASL. The complete options you might want to use are in the
|
||||
sample-auth.cf file in the Postfix documentation directory. An option
|
||||
you will definitely need is:
|
||||
|
||||
# enable SASL support
|
||||
smtpd_sasl_auth_enable = yes
|
||||
|
||||
You might also need to set the SASL authentication realm to whatever
|
||||
realm you used when you created your sasldb; by default, this is set to
|
||||
$myhostname, but you instead might need something like:
|
||||
|
||||
# set SASL realm to domain instead
|
||||
smtpd_sasl_local_domain = $mydomain
|
||||
|
||||
Other Postfix Authentication Parameters:
|
||||
----------------------------------------
|
||||
|
||||
If you want to allow your already configured users to still use your SMTP
|
||||
server, and to allow users authenticated via SMTP AUTH to use your server
|
||||
as well, then modify your existing smtpd_recipient_restrictions line to;
|
||||
|
||||
# also allow authenticated (RFC 2554) users
|
||||
smtpd_recipient_restrictions = permit_sasl_authenticated ...
|
||||
|
||||
If you want to restrict use of your server to just authenticated clients
|
||||
(Note: this is a bad idea for public mail servers), then instead use:
|
||||
|
||||
# restrict server access to authenticated (RFC 2554) clients
|
||||
smtpd_delay_reject = yes
|
||||
smtpd_client_restrictions = permit_sasl_authenticated ...
|
||||
|
||||
SASL supports several password types which have differing security
|
||||
properties. Different SMTP clients may support some or all of these
|
||||
password types. When the client issues an EHLO command, the server
|
||||
tells it which types it supports:
|
||||
|
||||
$ telnet station6 25
|
||||
Trying 10.100.0.6...
|
||||
Connected to station6.example.com.
|
||||
Escape character is '^]'.
|
||||
220 station6.example.com ESMTP Postfix
|
||||
ehlo station7
|
||||
250-station6.example.com
|
||||
250-PIPELINING
|
||||
250-SIZE 10240000
|
||||
250-VRFY
|
||||
250-ETRN
|
||||
250-STARTTLS
|
||||
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
|
||||
250-XVERP
|
||||
250 8BITMIME
|
||||
|
||||
Here, the server supports PLAIN, LOGIN, DIGEST-MD5, and CRAM-MD5 password
|
||||
methods.
|
||||
|
||||
The client then chooses the first of these listed methods which it also
|
||||
supports, and issues an SMTP AUTH request.
|
||||
|
||||
For security, PLAIN and LOGIN methods are typically disabled. These two
|
||||
methods use trivially decryptable encryption, making the username and
|
||||
password issued by the client vulnerable to interception via a sniffer
|
||||
in between the server and client. Unfortunately, they can't always
|
||||
be disabled. Some popular SMTP clients, including MS Outlook 5.x,
|
||||
only support PLAIN authentication, for example.
|
||||
|
||||
To limit the login methods offered by the server:
|
||||
|
||||
# disable unsafe password methods
|
||||
smtpd_sasl_security_options = noplaintext noanonymous
|
||||
|
||||
Available options are:
|
||||
|
||||
noplaintext, which disables LOGIN and PLAIN
|
||||
noanonymous, which disables disables ANON
|
||||
nodictionary, which disables methods vulnerable to dictionary attacks
|
||||
noactive, which disables methods vulnerable to active attacks
|
||||
|
||||
The last two are rarely used, since almost all supported methods are
|
||||
vulnerable to those attacks ;-).
|
||||
|
||||
Also be aware that some broken clients mis-implement the SMTP AUTH
|
||||
protocol, and send commands using incorrect syntax (AUTH=foo instead of
|
||||
the correct AUTH foo). MS Outlook 4.x clients have this bug, among
|
||||
a legion of others.... If you need to support these clients, use:
|
||||
|
||||
# support braindead MS products
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
To help prevent spoofing, you can also create a map file of SASL login
|
||||
names which are allowed to use specific envelope sender (MAIL FROM)
|
||||
addresses. If you choose to do this, you also have to tell Postfix to
|
||||
reject addresses which don't match login names:
|
||||
|
||||
# prevent spoofing by authenticated users
|
||||
reject_sender_login_mismatch
|
||||
smtpd_sender_login_maps=type:/path/to/file
|
||||
|
||||
Configuration of SASL clients is much simpler. Postfix itself can be
|
||||
made a SASL client; this is typically useful when roaming users run Linux
|
||||
on their laptop and need to relay mail back through the organization's
|
||||
main server.
|
||||
|
||||
To enable Postfix to act as an SMTP AUTH client, simply add to
|
||||
/etc/postfix/main.cf:
|
||||
|
||||
# support authentication (RFC 2557) when relaying through a server
|
||||
smtp_sasl_auth_enable = yes
|
||||
|
||||
and tell Postfix where to find the usernames and passwords it should
|
||||
use to authenticate:
|
||||
|
||||
# location of passwords for authentication client
|
||||
smtp_sasl_password_maps = type:/path/to/file
|
||||
|
||||
The file itself should have the format:
|
||||
|
||||
destination username:password
|
||||
|
||||
where destination is the name of the server, and username:password are
|
||||
the username and password which should be presented to that server to
|
||||
authenticate when connecting to it as a client.
|
||||
|
||||
Optionally, the authentication methods to be used can be specified for
|
||||
the Postfix client, just as they can be for the Postfix server:
|
||||
|
||||
# disable plaintext and anonymous
|
||||
smtp_sasl_security_options = noplaintext noanonymous
|
||||
|
||||
Many popular end-user MUAs can also be configured as SMTP AUTH clients.
|
||||
Clients capable of this supplied with Red Hat include pine, Netscape,
|
||||
and Mozilla.
|
||||
|
||||
Other Sources of Documentation:
|
||||
-------------------------------
|
||||
|
||||
/usr/share/doc/postfix-<version>/README_FILES/SASL_README
|
||||
|
||||
Local configuration examples:
|
||||
|
||||
/usr/share/doc/postfix-*/samples
|
||||
|
||||
Postfix Howtos, Guides and Tips by Ralf Hildebrandt and Patrick
|
||||
Koetter can be found at: http://postfix.state-of-mind.de
|
||||
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
Please send any comments / corrections to Chris Ricker
|
||||
<kaboom@gatech.edu>. This material can be freely modified and
|
||||
redistributed. Additional material provided by John Dennis
|
||||
<jdennis@redhat.com> and Dax Kelson <dax@gurulabs.com>.
|
@ -0,0 +1,15 @@
|
||||
diff --git pflogsumm-1.1.5/pflogsumm.pl pflogsumm-1.1.5/pflogsumm.pl
|
||||
index 31de5bd..36384dd 100755
|
||||
--- pflogsumm-1.1.5/pflogsumm.pl
|
||||
+++ pflogsumm-1.1.5/pflogsumm.pl
|
||||
@@ -398,8 +398,8 @@ Copyright (C) 1998-2010 by James S. Seymour, Release 1.1.5
|
||||
use strict;
|
||||
use locale;
|
||||
use Getopt::Long;
|
||||
-eval { require Date::Calc };
|
||||
-my $hasDateCalc = $@ ? 0 : 1;
|
||||
+require Date::Calc;
|
||||
+my $hasDateCalc = 1;
|
||||
|
||||
my $mailqCmd = "mailq";
|
||||
my $release = "1.1.5";
|
@ -0,0 +1,13 @@
|
||||
diff --git pflogsumm-1.1.5/pflogsumm.pl pflogsumm-1.1.5/pflogsumm.pl
|
||||
index 36384dd..eb527d0 100755
|
||||
--- pflogsumm-1.1.5/pflogsumm.pl
|
||||
+++ pflogsumm-1.1.5/pflogsumm.pl
|
||||
@@ -1536,7 +1536,7 @@ sub gimme_domain {
|
||||
# split domain/ipaddr into separates
|
||||
# newer versions of Postfix have them "dom.ain[i.p.add.ress]"
|
||||
# older versions of Postfix have them "dom.ain/i.p.add.ress"
|
||||
- unless((($domain, $ipAddr) = /^([^\[]+)\[((?:\d{1,3}\.){3}\d{1,3})\]/) == 2 ||
|
||||
+ unless((($domain, $ipAddr) = /^([^\[]+)\[((?:\d{1,3}\.){3}\d{1,3}|[0-9a-f:]+)\]/) == 2 ||
|
||||
(($domain, $ipAddr) = /^([^\/]+)\/([0-9a-f.:]+)/i) == 2) {
|
||||
# more exhaustive method
|
||||
($domain, $ipAddr) = /^([^\[\(\/]+)[\[\(\/]([^\]\)]+)[\]\)]?:?\s*$/;
|
@ -0,0 +1,18 @@
|
||||
diff --git a/pflogsumm-1.1.5/pflogsumm.pl b/pflogsumm-1.1.5/pflogsumm.pl
|
||||
index eb527d0..7e26206 100755
|
||||
--- a/pflogsumm-1.1.5/pflogsumm.pl
|
||||
+++ b/pflogsumm-1.1.5/pflogsumm.pl
|
||||
@@ -503,7 +503,12 @@ $usageMsg =
|
||||
# Accept either "_"s or "-"s in --switches
|
||||
foreach (@ARGV) {
|
||||
last if($_ eq "--");
|
||||
- tr/_/-/ if(/^--\w/);
|
||||
+ if (/^--\w/)
|
||||
+ {
|
||||
+ my @argspl = split("=", $_, 2);
|
||||
+ $argspl[0] =~ tr/_/-/;
|
||||
+ $_ = join("=", @argspl);
|
||||
+ }
|
||||
}
|
||||
|
||||
# Some pre-inits for convenience
|
@ -0,0 +1,22 @@
|
||||
diff --git a/conf/post-install b/conf/post-install
|
||||
index 25ef7e6..4fd6434 100644
|
||||
--- a/conf/post-install
|
||||
+++ b/conf/post-install
|
||||
@@ -537,6 +537,17 @@ test -n "$create" && {
|
||||
case $path in
|
||||
no|no/*) continue;;
|
||||
esac
|
||||
+ # Munge paths for alternatives.
|
||||
+ case $path in
|
||||
+ /usr/bin/mailq) path=$path.postfix ;;
|
||||
+ /usr/bin/newaliases) path=$path.postfix ;;
|
||||
+ /usr/bin/rmail) path=$path.postfix ;;
|
||||
+ /usr/sbin/sendmail) path=$path.postfix ;;
|
||||
+ /usr/share/man/man1/mailq.1.gz) path=/usr/share/man/man1/mailq.postfix.1.gz ;;
|
||||
+ /usr/share/man/man1/newaliases.1.gz) path=/usr/share/man/man1/newaliases.postfix.1.gz ;;
|
||||
+ /usr/share/man/man5/aliases.5.gz) path=/usr/share/man/man5/aliases.postfix.5.gz ;;
|
||||
+ /usr/share/man/man8/smtpd.8.gz) path=/usr/share/man/man8/smtpd.postfix.8.gz ;;
|
||||
+ esac
|
||||
# Pick up the flags.
|
||||
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
|
||||
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
|
@ -0,0 +1,63 @@
|
||||
diff --git a/conf/postfix-files b/conf/postfix-files
|
||||
index 4ed9d1f..19711d2 100644
|
||||
--- a/conf/postfix-files
|
||||
+++ b/conf/postfix-files
|
||||
@@ -83,7 +83,6 @@ $shlib_directory/${LIB_PREFIX}sqlite${LIB_SUFFIX}:f:root:-:755
|
||||
$meta_directory/dynamicmaps.cf.d:d:root:-:755
|
||||
$meta_directory/dynamicmaps.cf:f:root:-:644
|
||||
$meta_directory/main.cf.proto:f:root:-:644
|
||||
-$meta_directory/makedefs.out:f:root:-:644
|
||||
$meta_directory/master.cf.proto:f:root:-:644
|
||||
$meta_directory/postfix-files.d:d:root:-:755
|
||||
$meta_directory/postfix-files:f:root:-:644
|
||||
@@ -141,18 +140,13 @@ $command_directory/postqueue:f:root:$setgid_group:2755:u
|
||||
$sendmail_path:f:root:-:755
|
||||
$newaliases_path:l:$sendmail_path
|
||||
$mailq_path:l:$sendmail_path
|
||||
-$config_directory/LICENSE:f:root:-:644:1
|
||||
-$config_directory/TLS_LICENSE:f:root:-:644:1
|
||||
$config_directory/access:f:root:-:644:p1
|
||||
-$config_directory/aliases:f:root:-:644:p1
|
||||
-$config_directory/bounce.cf.default:f:root:-:644:1
|
||||
$config_directory/canonical:f:root:-:644:p1
|
||||
$config_directory/cidr_table:f:root:-:644:o
|
||||
$config_directory/generic:f:root:-:644:p1
|
||||
$config_directory/generics:f:root:-:644:o
|
||||
$config_directory/header_checks:f:root:-:644:p1
|
||||
$config_directory/install.cf:f:root:-:644:o
|
||||
-$config_directory/main.cf.default:f:root:-:644:1
|
||||
$config_directory/main.cf:f:root:-:644:p
|
||||
$config_directory/master.cf:f:root:-:644:p
|
||||
$config_directory/pcre_table:f:root:-:644:o
|
||||
@@ -165,8 +159,8 @@ $config_directory/postfix-script:f:root:-:755:o
|
||||
$config_directory/postfix-script-sgid:f:root:-:755:o
|
||||
$config_directory/postfix-script-nosgid:f:root:-:755:o
|
||||
$config_directory/post-install:f:root:-:755:o
|
||||
-$manpage_directory/man1/mailq.1:f:root:-:644
|
||||
-$manpage_directory/man1/newaliases.1:f:root:-:644
|
||||
+$manpage_directory/man1/mailq.postfix.1:f:root:-:644
|
||||
+$manpage_directory/man1/newaliases.postfix.1:f:root:-:644
|
||||
$manpage_directory/man1/postalias.1:f:root:-:644
|
||||
$manpage_directory/man1/postcat.1:f:root:-:644
|
||||
$manpage_directory/man1/postconf.1:f:root:-:644
|
||||
@@ -180,9 +174,9 @@ $manpage_directory/man1/postmap.1:f:root:-:644
|
||||
$manpage_directory/man1/postmulti.1:f:root:-:644
|
||||
$manpage_directory/man1/postqueue.1:f:root:-:644
|
||||
$manpage_directory/man1/postsuper.1:f:root:-:644
|
||||
-$manpage_directory/man1/sendmail.1:f:root:-:644
|
||||
+$manpage_directory/man1/sendmail.postfix.1:f:root:-:644
|
||||
$manpage_directory/man5/access.5:f:root:-:644
|
||||
-$manpage_directory/man5/aliases.5:f:root:-:644
|
||||
+$manpage_directory/man5/aliases.postfix.5:f:root:-:644
|
||||
$manpage_directory/man5/body_checks.5:f:root:-:644
|
||||
$manpage_directory/man5/bounce.5:f:root:-:644
|
||||
$manpage_directory/man5/canonical.5:f:root:-:644
|
||||
@@ -230,7 +224,7 @@ $manpage_directory/man8/qmqpd.8:f:root:-:644
|
||||
$manpage_directory/man8/scache.8:f:root:-:644
|
||||
$manpage_directory/man8/showq.8:f:root:-:644
|
||||
$manpage_directory/man8/smtp.8:f:root:-:644
|
||||
-$manpage_directory/man8/smtpd.8:f:root:-:644
|
||||
+$manpage_directory/man8/smtpd.postfix.8:f:root:-:644
|
||||
$manpage_directory/man8/spawn.8:f:root:-:644
|
||||
$manpage_directory/man8/tlsproxy.8:f:root:-:644
|
||||
$manpage_directory/man8/tlsmgr.8:f:root:-:644
|
@ -0,0 +1,35 @@
|
||||
--- a/examples/chroot-setup/LINUX2 2006-01-01 15:53:58.000000000 -0800
|
||||
+++ b/examples/chroot-setup/LINUX2 2016-11-27 00:45:52.145301784 -0800
|
||||
@@ -45,14 +45,14 @@
|
||||
# 20060101 /lib64 support by Keith Owens.
|
||||
#
|
||||
|
||||
-CP="cp -p"
|
||||
+CP="cp -p -Z"
|
||||
|
||||
cond_copy() {
|
||||
# find files as per pattern in $1
|
||||
# if any, copy to directory $2
|
||||
dir=`dirname "$1"`
|
||||
pat=`basename "$1"`
|
||||
- lr=`find "$dir" -maxdepth 1 -name "$pat"`
|
||||
+ lr=`find "$dir/" -maxdepth 1 -name "$pat"`
|
||||
if test ! -d "$2" ; then exit 1 ; fi
|
||||
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi
|
||||
}
|
||||
@@ -63,8 +63,8 @@
|
||||
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}
|
||||
cd ${POSTFIX_DIR}
|
||||
|
||||
-mkdir -p etc lib usr/lib/zoneinfo
|
||||
-test -d /lib64 && mkdir -p lib64
|
||||
+mkdir -p -Z etc lib usr/lib/zoneinfo
|
||||
+test -d /lib64 && mkdir -p -Z lib64
|
||||
|
||||
# find localtime (SuSE 5.3 does not have /etc/localtime)
|
||||
lt=/etc/localtime
|
||||
@@ -88,4 +88,3 @@
|
||||
cond_copy '/lib64/libdb.so*' lib64
|
||||
fi
|
||||
|
||||
-postfix reload
|
@ -0,0 +1,145 @@
|
||||
diff --git a/conf/main.cf b/conf/main.cf
|
||||
index 2ee7996..336bd7b 100644
|
||||
--- a/conf/main.cf
|
||||
+++ b/conf/main.cf
|
||||
@@ -136,6 +136,10 @@ mail_owner = postfix
|
||||
#inet_interfaces = all
|
||||
#inet_interfaces = $myhostname
|
||||
#inet_interfaces = $myhostname, localhost
|
||||
+inet_interfaces = localhost
|
||||
+
|
||||
+# Enable IPv4, and IPv6 if supported
|
||||
+inet_protocols = all
|
||||
|
||||
# The proxy_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on by way of a
|
||||
@@ -180,7 +184,7 @@ mail_owner = postfix
|
||||
#
|
||||
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||
#
|
||||
-#mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
+mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||
@@ -407,7 +411,7 @@ unknown_local_recipient_reject_code = 550
|
||||
# "postfix reload" to eliminate the delay.
|
||||
#
|
||||
#alias_maps = dbm:/etc/aliases
|
||||
-#alias_maps = hash:/etc/aliases
|
||||
+alias_maps = hash:/etc/aliases
|
||||
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||
#alias_maps = netinfo:/aliases
|
||||
|
||||
@@ -418,7 +422,7 @@ unknown_local_recipient_reject_code = 550
|
||||
#
|
||||
#alias_database = dbm:/etc/aliases
|
||||
#alias_database = dbm:/etc/mail/aliases
|
||||
-#alias_database = hash:/etc/aliases
|
||||
+alias_database = hash:/etc/aliases
|
||||
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||
|
||||
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||
@@ -488,7 +492,27 @@ unknown_local_recipient_reject_code = 550
|
||||
#
|
||||
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
|
||||
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
|
||||
-#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
|
||||
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
+
|
||||
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
|
||||
+# server using LMTP (Local Mail Transport Protocol), this is prefered
|
||||
+# over the older cyrus deliver program by setting the
|
||||
+# mailbox_transport as below:
|
||||
+#
|
||||
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
+#
|
||||
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
|
||||
+# these settings.
|
||||
+#
|
||||
+# local_destination_recipient_limit = 300
|
||||
+# local_destination_concurrency_limit = 5
|
||||
+#
|
||||
+# Of course you should adjust these settings as appropriate for the
|
||||
+# capacity of the hardware you are using. The recipient limit setting
|
||||
+# can be used to take advantage of the single instance message store
|
||||
+# capability of Cyrus. The concurrency limit can be used to control
|
||||
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
|
||||
+# message store.
|
||||
#
|
||||
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
|
||||
# subsequent line in master.cf.
|
||||
@@ -508,8 +532,7 @@ unknown_local_recipient_reject_code = 550
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
-#fallback_transport = lmtp:unix:/file/name
|
||||
-#fallback_transport = cyrus
|
||||
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
#fallback_transport =
|
||||
|
||||
# The luser_relay parameter specifies an optional destination address
|
||||
@@ -682,4 +705,41 @@ sample_directory =
|
||||
# readme_directory: The location of the Postfix README files.
|
||||
#
|
||||
readme_directory =
|
||||
-inet_protocols = ipv4
|
||||
+
|
||||
+# TLS CONFIGURATION
|
||||
+#
|
||||
+# Basic Postfix TLS configuration by default with self-signed certificate
|
||||
+# for inbound SMTP and also opportunistic TLS for outbound SMTP.
|
||||
+
|
||||
+# The full pathname of a file with the Postfix SMTP server RSA certificate
|
||||
+# in PEM format. Intermediate certificates should be included in general,
|
||||
+# the server certificate first, then the issuing CA(s) (bottom-up order).
|
||||
+#
|
||||
+smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
|
||||
+
|
||||
+# The full pathname of a file with the Postfix SMTP server RSA private key
|
||||
+# in PEM format. The private key must be accessible without a pass-phrase,
|
||||
+# i.e. it must not be encrypted.
|
||||
+#
|
||||
+smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
|
||||
+
|
||||
+# Announce STARTTLS support to remote SMTP clients, but do not require that
|
||||
+# clients use TLS encryption (opportunistic TLS inbound).
|
||||
+#
|
||||
+smtpd_tls_security_level = may
|
||||
+
|
||||
+# Directory with PEM format Certification Authority certificates that the
|
||||
+# Postfix SMTP client uses to verify a remote SMTP server certificate.
|
||||
+#
|
||||
+smtp_tls_CApath = /etc/pki/tls/certs
|
||||
+
|
||||
+# The full pathname of a file containing CA certificates of root CAs
|
||||
+# trusted to sign either remote SMTP server certificates or intermediate CA
|
||||
+# certificates.
|
||||
+#
|
||||
+smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
||||
+
|
||||
+# Use TLS if this is supported by the remote SMTP server, otherwise use
|
||||
+# plaintext (opportunistic TLS outbound).
|
||||
+#
|
||||
+smtp_tls_security_level = may
|
||||
diff --git a/conf/master.cf b/conf/master.cf
|
||||
index fd282dd..8d969c6 100644
|
||||
--- a/conf/master.cf
|
||||
+++ b/conf/master.cf
|
||||
@@ -112,14 +112,14 @@ postlog unix-dgram n - n - 1 postlogd
|
||||
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||
#
|
||||
#cyrus unix - n n - - pipe
|
||||
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
+# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Old example of delivery via Cyrus.
|
||||
#
|
||||
#old-cyrus unix - n n - - pipe
|
||||
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||||
+# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
@ -0,0 +1,37 @@
|
||||
diff --git a/src/util/fsspace.c b/src/util/fsspace.c
|
||||
index 50a4aa7..beef3db 100644
|
||||
--- a/src/util/fsspace.c
|
||||
+++ b/src/util/fsspace.c
|
||||
@@ -91,8 +91,15 @@ void fsspace(const char *path, struct fsspace * sp)
|
||||
|
||||
if (statvfs(path, &fsbuf) < 0)
|
||||
msg_fatal("statvfs %s: %m", path);
|
||||
- sp->block_size = fsbuf.f_frsize;
|
||||
- sp->block_free = fsbuf.f_bavail;
|
||||
+ if (fsbuf.f_frsize > 0)
|
||||
+ sp->block_size = fsbuf.f_frsize;
|
||||
+ else
|
||||
+ sp->block_size = fsbuf.f_bsize;
|
||||
+ /* 4G of FS blocks is surely enough space to put a mail in */
|
||||
+ sp->block_free = 0;
|
||||
+ sp->block_free = ~sp->block_free;
|
||||
+ if (fsbuf.f_bavail < sp->block_free)
|
||||
+ sp->block_free = fsbuf.f_bavail;
|
||||
#endif
|
||||
if (msg_verbose)
|
||||
msg_info("%s: %s: block size %lu, blocks free %lu",
|
||||
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
|
||||
index 1fb449d..bcaac27 100644
|
||||
--- a/src/util/sys_defs.h
|
||||
+++ b/src/util/sys_defs.h
|
||||
@@ -783,8 +783,8 @@ extern int initgroups(const char *, int);
|
||||
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
|
||||
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
|
||||
#define FIONREAD_IN_TERMIOS_H
|
||||
-#define USE_STATFS
|
||||
-#define STATFS_IN_SYS_VFS_H
|
||||
+#define USE_STATVFS
|
||||
+#define STATVFS_IN_SYS_STATVFS_H
|
||||
#define PREPEND_PLUS_TO_OPTSTRING
|
||||
#define HAS_POSIX_REGEXP
|
||||
#define HAS_DLOPEN
|
@ -0,0 +1,12 @@
|
||||
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
|
||||
index b9a4699..29e6ec1 100644
|
||||
--- a/src/posttls-finger/posttls-finger.c
|
||||
+++ b/src/posttls-finger/posttls-finger.c
|
||||
@@ -405,7 +405,6 @@
|
||||
|
||||
#ifdef USE_TLS
|
||||
#include <tls_proxy.h>
|
||||
-#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
/*
|
@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ -x /etc/postfix/chroot-update ] && exec /etc/postfix/chroot-update
|
||||
exit 0
|
@ -0,0 +1,169 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# postfix Postfix Mail Transfer Agent
|
||||
#
|
||||
# chkconfig: - 80 30
|
||||
# description: Postfix is a Mail Transport Agent, which is the program \
|
||||
# that moves mail from one machine to another.
|
||||
# processname: master
|
||||
# pidfile: /var/spool/postfix/pid/master.pid
|
||||
# config: /etc/postfix/main.cf
|
||||
# config: /etc/postfix/master.cf
|
||||
#
|
||||
# Based on startup script from Simon J Mudd <sjmudd@pobox.com>
|
||||
# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <jam@jamux.com>
|
||||
# 23/11/00: Changes & suggestions by Ajay Ramaswamy <ajayr@bigfoot.com>
|
||||
# 20/01/01: Changes to fall in line with RedHat 7.0 style
|
||||
# 23/02/01: Fix a few untidy problems with help from Daniel Roesen.
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: postfix $mail-transfer-agent
|
||||
# Required-Start: $local_fs $network $remote_fs
|
||||
# Required-Stop: $local_fs $network $remote_fs
|
||||
# Short-Description: start and stop postfix
|
||||
# Description: Postfix is a Mail Transport Agent, which is the program that
|
||||
# moves mail from one machine to another.
|
||||
### END INIT INFO
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# Source networking configuration.
|
||||
. /etc/sysconfig/network
|
||||
|
||||
RETVAL=0
|
||||
prog="postfix"
|
||||
lockfile=/var/lock/subsys/$prog
|
||||
pidfile=/var/spool/postfix/pid/master.pid
|
||||
|
||||
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
|
||||
|
||||
# Script to update chroot environment
|
||||
CHROOT_UPDATE=/etc/postfix/chroot-update
|
||||
|
||||
status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1
|
||||
running=$?
|
||||
|
||||
conf_check() {
|
||||
[ -x /usr/sbin/postfix ] || exit 5
|
||||
[ -d /etc/postfix ] || exit 6
|
||||
[ -d /var/spool/postfix ] || exit 5
|
||||
}
|
||||
|
||||
make_aliasesdb() {
|
||||
local MAP=""
|
||||
local ALIASESDB="$(/usr/sbin/postconf -h alias_database)"
|
||||
[ "$ALIASESDB" = "hash:/etc/aliases" ] && MAP="db"
|
||||
[ "$ALIASESDB" = "lmdb:/etc/aliases" ] && MAP="lmdb"
|
||||
|
||||
if [ "$MAP" = "db" -o "$MAP" = "lmdb" ]
|
||||
then
|
||||
# /etc/aliases.db|lmdb may be used by other MTA, make sure nothing
|
||||
# has touched it since our last newaliases call
|
||||
[ /etc/aliases -nt /etc/aliases.$MAP ] ||
|
||||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.$MAP ] ||
|
||||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.$MAP ] || return
|
||||
/usr/bin/newaliases
|
||||
touch -r /etc/aliases.$MAP "$ALIASESDB_STAMP"
|
||||
else
|
||||
/usr/bin/newaliases
|
||||
fi
|
||||
}
|
||||
|
||||
start() {
|
||||
[ "$EUID" != "0" ] && exit 4
|
||||
# Check that networking is up.
|
||||
[ ${NETWORKING} = "no" ] && exit 1
|
||||
conf_check
|
||||
# Start daemons.
|
||||
echo -n $"Starting postfix: "
|
||||
make_aliasesdb >/dev/null 2>&1
|
||||
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
|
||||
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && touch $lockfile
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
[ "$EUID" != "0" ] && exit 4
|
||||
conf_check
|
||||
# Stop daemons.
|
||||
echo -n $"Shutting down postfix: "
|
||||
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
reload() {
|
||||
conf_check
|
||||
echo -n $"Reloading postfix: "
|
||||
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
|
||||
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
|
||||
RETVAL=$?
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
abort() {
|
||||
conf_check
|
||||
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
|
||||
return $?
|
||||
}
|
||||
|
||||
flush() {
|
||||
conf_check
|
||||
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
|
||||
return $?
|
||||
}
|
||||
|
||||
check() {
|
||||
conf_check
|
||||
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
|
||||
return $?
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
[ $running -eq 0 ] && exit 0
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
[ $running -eq 0 ] || exit 0
|
||||
stop
|
||||
;;
|
||||
restart|force-reload)
|
||||
stop
|
||||
start
|
||||
;;
|
||||
reload)
|
||||
[ $running -eq 0 ] || exit 7
|
||||
reload
|
||||
;;
|
||||
abort)
|
||||
abort
|
||||
;;
|
||||
flush)
|
||||
flush
|
||||
;;
|
||||
check)
|
||||
check
|
||||
;;
|
||||
status)
|
||||
status -p $pidfile -l $(basename $lockfile) master
|
||||
;;
|
||||
condrestart)
|
||||
[ $running -eq 0 ] || exit 0
|
||||
stop
|
||||
start
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $?
|
@ -0,0 +1,3 @@
|
||||
#%PAM-1.0
|
||||
auth include password-auth
|
||||
account include password-auth
|
@ -0,0 +1,2 @@
|
||||
pwcheck_method: saslauthd
|
||||
mech_list: plain login
|
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
|
||||
|
||||
make_aliasesdb() {
|
||||
local MAP=""
|
||||
local ALIASESDB="$(/usr/sbin/postconf -h alias_database)"
|
||||
[ "$ALIASESDB" = "hash:/etc/aliases" ] && MAP="db"
|
||||
[ "$ALIASESDB" = "lmdb:/etc/aliases" ] && MAP="lmdb"
|
||||
|
||||
if [ "$MAP" = "db" -o "$MAP" = "lmdb" ]
|
||||
then
|
||||
# /etc/aliases.db|lmdb may be used by other MTA, make sure nothing
|
||||
# has touched it since our last newaliases call
|
||||
[ /etc/aliases -nt /etc/aliases.$MAP ] ||
|
||||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.$MAP ] ||
|
||||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.$MAP ] || return 0
|
||||
/usr/bin/newaliases
|
||||
touch -r /etc/aliases.$MAP "$ALIASESDB_STAMP"
|
||||
else
|
||||
/usr/bin/newaliases
|
||||
fi
|
||||
}
|
||||
|
||||
make_aliasesdb
|
@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Postfix Mail Transport Agent
|
||||
After=syslog.target network.target
|
||||
Conflicts=sendmail.service exim.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/var/spool/postfix/pid/master.pid
|
||||
EnvironmentFile=-/etc/sysconfig/network
|
||||
PrivateTmp=true
|
||||
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
|
||||
ProtectSystem=true
|
||||
PrivateDevices=true
|
||||
ExecStartPre=-/usr/sbin/restorecon -R /var/spool/postfix/pid
|
||||
ExecStartPre=-/usr/libexec/postfix/aliasesdb
|
||||
ExecStartPre=-/usr/libexec/postfix/chroot-update
|
||||
ExecStart=/usr/sbin/postfix start
|
||||
ExecReload=/usr/sbin/postfix reload
|
||||
ExecStop=/usr/sbin/postfix stop
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,3 @@
|
||||
u postfix 89 - /var/spool/postfix /sbin/nologin
|
||||
g postdrop 90
|
||||
m postfix mail
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue