import postfix-3.3.1-8.el8
This commit is contained in:
commit
dd9bb7be41
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/pflogsumm-1.1.5.tar.gz
|
||||||
|
SOURCES/postfix-3.3.1.tar.gz
|
2
.postfix.metadata
Normal file
2
.postfix.metadata
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
|
||||||
|
1b56e682298abf947be4921a5c0d50ba8012eee1 SOURCES/postfix-3.3.1.tar.gz
|
440
SOURCES/README-Postfix-SASL-RedHat.txt
Normal file
440
SOURCES/README-Postfix-SASL-RedHat.txt
Normal file
@ -0,0 +1,440 @@
|
|||||||
|
Quick Start to Authenticate with SASL and PAM:
|
||||||
|
----------------------------------------------
|
||||||
|
|
||||||
|
If you don't need the details and are an experienced system
|
||||||
|
administrator you can just do this, otherwise read on.
|
||||||
|
|
||||||
|
1) Edit /etc/postfix/main.cf and set this:
|
||||||
|
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
smtpd_sasl_security_options = noanonymous
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
|
||||||
|
smtpd_recipient_restrictions =
|
||||||
|
permit_sasl_authenticated,
|
||||||
|
permit_mynetworks,
|
||||||
|
reject_unauth_destination
|
||||||
|
|
||||||
|
2) Turn on saslauthd:
|
||||||
|
|
||||||
|
/sbin/chkconfig --level 345 saslauthd on
|
||||||
|
/sbin/service saslauthd start
|
||||||
|
|
||||||
|
3) Edit /etc/sysconfig/saslauthd and set this:
|
||||||
|
|
||||||
|
MECH=pam
|
||||||
|
|
||||||
|
4) Restart Postfix:
|
||||||
|
|
||||||
|
/sbin/service postfix restart
|
||||||
|
|
||||||
|
A crash course in using SASL with Postfix:
|
||||||
|
------------------------------------------
|
||||||
|
|
||||||
|
Red Hat's Postfix RPMs include support for both SASL and TLS. SASL, the
|
||||||
|
Simple Authentication and Security Layer, allows Postfix to implement RFC
|
||||||
|
2554, which defines an extension to ESMTP, SMTP AUTH, which compliant
|
||||||
|
ESMTP clients can use to authenticate themselves to ESMTP servers.
|
||||||
|
Typically, this is used to allow roaming users to relay mail through a
|
||||||
|
server safely without configuring the SMTP server to be an open relay.
|
||||||
|
Inclusion of TLS support allows Postfix to implement RFC 2487, which
|
||||||
|
defines an extension to ESMTP, SMTP STARTTLS, which compliant ESMTP
|
||||||
|
clients and servers can use to encrypt the SMTP session. This is a
|
||||||
|
security enhancement -- normally SMTP is transmitted as cleartext over the
|
||||||
|
wire, making it vulnerable to both passive sniffing and active alteration
|
||||||
|
via monkey-in-the-middle attacks. In addition, STARTTLS can also be
|
||||||
|
used by either or both server and client to verify the identity of the
|
||||||
|
other end, making it useful for the same sorts of purposes as SMTP AUTH.
|
||||||
|
The two can even be combined. Typically, this is done by first starting
|
||||||
|
TLS, to encrypt the SMTP session, and then issuing the SMTP AUTH command,
|
||||||
|
to authenticate the client; this combination ensures that the username
|
||||||
|
and password transferred as part of the SMTP AUTH are protected by the
|
||||||
|
TLS encrypted session.
|
||||||
|
|
||||||
|
SMTP AUTH is implemented using SASL, an abstraction layer which can
|
||||||
|
authenticate against a variety of sources. On Red Hat, SASL can use
|
||||||
|
the /etc/shadow file, or it can use PAM libraries, or it can use its own
|
||||||
|
password database (/etc/sasldb), or it can do various more exotic things.
|
||||||
|
|
||||||
|
Authentication raises a number of security concerns for obvious
|
||||||
|
reasons. As a consequence authentication services on Red Hat systems
|
||||||
|
are restricted to processes running with root privileges. However for
|
||||||
|
security reasons it is also essential that a mail server such as
|
||||||
|
Postfix run without root privileges so that mail operations cannot
|
||||||
|
compromise the host system. This means that Postfix cannot directly
|
||||||
|
use authentication services because it does not execute with root
|
||||||
|
privileges. The answer to this this problem is to introduce an
|
||||||
|
intermediary process that runs with root privileges which Postfix can
|
||||||
|
communicate with and will perform authentication on behalf of
|
||||||
|
Postfix. The SASL package includes an authentication daemon called
|
||||||
|
saslauthd which provided this service, think of it as an
|
||||||
|
authentication proxy.
|
||||||
|
|
||||||
|
Using Saslauthd:
|
||||||
|
----------------
|
||||||
|
|
||||||
|
To use saslauthd there are several things you must assure are
|
||||||
|
configured.
|
||||||
|
|
||||||
|
Selecting an Authentication Method:
|
||||||
|
-----------------------------------
|
||||||
|
|
||||||
|
Recall that it is saslauthd which is authenticating, not
|
||||||
|
Postfix. To start with you must tell Postfix to use saslauthd, in
|
||||||
|
main.cf edit this configuration parameter:
|
||||||
|
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
|
||||||
|
It is also recommended that you disable anonymous logins otherwise
|
||||||
|
you've left your system open, so also add this configuration
|
||||||
|
parameter.
|
||||||
|
|
||||||
|
smtpd_sasl_security_options = noanonymous
|
||||||
|
|
||||||
|
Now you must tell saslauthd which authentication method to use. To
|
||||||
|
determine the authentication methods currently supported by saslauthd
|
||||||
|
invoke saslauthd with the -v parameter, it will print its version and
|
||||||
|
its list of methods and then exit, for example:
|
||||||
|
|
||||||
|
/usr/sbin/saslauthd -v
|
||||||
|
saslauthd 2.1.10
|
||||||
|
authentication mechanisms: getpwent kerberos5 pam rimap shadow
|
||||||
|
|
||||||
|
When saslauthd starts up it reads its configuration options from the
|
||||||
|
file /etc/sysconfig/saslauthd. Currently there are two parameters
|
||||||
|
which can be set in this file, MECH and FLAGS. MECH is the
|
||||||
|
authentication mechanism and FLAGS is any command line flags you may
|
||||||
|
wish to pass to saslauthd. To tell saslauthd to use a specific
|
||||||
|
mechanism edit /etc/sysconfig/saslauthd and set the MECH parameter,
|
||||||
|
for example to use PAM it would look like this:
|
||||||
|
|
||||||
|
MECH=pam
|
||||||
|
|
||||||
|
Of course you may use any of the other authentication mechanisms that
|
||||||
|
saslauthd reported it supports. PAM is an excellent choice as PAM
|
||||||
|
supports many of the same authentication methods that saslauthd does,
|
||||||
|
but by using PAM you will have centralized all of your authentication
|
||||||
|
configuration under PAM which is one of PAM's greatest assets.
|
||||||
|
|
||||||
|
How Postfix Interacts with SASL to Name its Authentication Services:
|
||||||
|
--------------------------------------------------------------------
|
||||||
|
|
||||||
|
It can be very helpful to understand how Postfix communicates with
|
||||||
|
SASL to name its authentication services. Knowing this will let you
|
||||||
|
identify the configuration files the various components will access.
|
||||||
|
|
||||||
|
When Postfix invokes SASL it must give SASL an application name that
|
||||||
|
SASL will use among other things to locate a configuration file for
|
||||||
|
the application. The application name Postfix identifies itself as is
|
||||||
|
"smtpd". SASL will append ".conf" to the application name and look for
|
||||||
|
a config file in its library and config directories. Thus SASL will
|
||||||
|
read Postfix's configuration from
|
||||||
|
|
||||||
|
/etc/sasl2/smtpd.conf
|
||||||
|
|
||||||
|
This file names the authentication method SASL will use for Postfix
|
||||||
|
(actually for smtpd, other MTA's such as sendmail may use the same
|
||||||
|
file). Because we want to use the saslauthd authentication proxy
|
||||||
|
daemon the contents of this file is:
|
||||||
|
|
||||||
|
pwcheck_method: saslauthd
|
||||||
|
|
||||||
|
This tells SASL when being invoked to authentication for Postfix that
|
||||||
|
it should use saslauthd. Saslauthd's mechanism is set in
|
||||||
|
/etc/sysconfig/saslauthd (see below).
|
||||||
|
|
||||||
|
When Postfix calls on SASL to authenticate it passes to SASL a service
|
||||||
|
name. This service name is used in authentication method specific
|
||||||
|
way. The service name Postfix passes to SASL is "smtp" (note this is
|
||||||
|
not the same as the application name which is "smtpd"). To understand
|
||||||
|
this better consider the case of using PAM authentication. When SASL,
|
||||||
|
or in our case saslauthd, invokes PAM it passes the service name of
|
||||||
|
"smtp" to PAM which means that when PAM wants to read configuration
|
||||||
|
information for this client it will find it under the name of "smtp".
|
||||||
|
|
||||||
|
Turning on the Authentication Daemon:
|
||||||
|
-------------------------------------
|
||||||
|
|
||||||
|
Red Hat security policy is not to automatically enable services
|
||||||
|
belonging to a package when the package is installed. The system
|
||||||
|
administrator must explicitly enable the service. To enable saslauthd
|
||||||
|
do the following:
|
||||||
|
|
||||||
|
1) Tell the init process to launch saslauthd when entering various run
|
||||||
|
levels. Assuming you want saslauthd to run at run levels 3,4,5
|
||||||
|
invoke chkconfig.
|
||||||
|
|
||||||
|
/sbin/chkconfig --level 345 saslauthd on
|
||||||
|
|
||||||
|
2) You will probably want to start saslauthd now without having to
|
||||||
|
reboot, to do this:
|
||||||
|
|
||||||
|
/sbin/service saslauthd start
|
||||||
|
|
||||||
|
Trouble Shooting Authentication:
|
||||||
|
--------------------------------
|
||||||
|
|
||||||
|
The best way to debug authentication problems is to examine log
|
||||||
|
messages from the authentication components. However, normally these
|
||||||
|
log messages are suppressed. There are two principle reasons the
|
||||||
|
messages are suppressed. The first is that they are typically logged
|
||||||
|
at the DEBUG logging priority level which is the lowest priority and
|
||||||
|
the syslog configuration typically logs only higher priority
|
||||||
|
messages. The second reason is that for security reasons authentication
|
||||||
|
logging is considered a risk. Authentication logging has been divided
|
||||||
|
into two different facilities, auth and authpriv. authpriv is private
|
||||||
|
and is typically shunted off to a different log file with higher
|
||||||
|
protection. You will want to be able to see both auth and authpriv
|
||||||
|
messages at all priorities. To do this as root edit /etc/syslog.conf
|
||||||
|
file, find the following line
|
||||||
|
|
||||||
|
authpriv.* /var/log/secure
|
||||||
|
|
||||||
|
edit the line to:
|
||||||
|
|
||||||
|
authpriv.*;auth.* /var/log/secure
|
||||||
|
|
||||||
|
Then restart syslogd so the syslog configuration changes will be
|
||||||
|
picked up:
|
||||||
|
|
||||||
|
/sbin/service syslog restart
|
||||||
|
|
||||||
|
Now all authentication messages at all priorities will log to
|
||||||
|
/var/log/secure.
|
||||||
|
|
||||||
|
Using PAM to Authenticate:
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
Edit /etc/sysconfig/saslauthd and set MECH to PAM like this:
|
||||||
|
|
||||||
|
MECH=pam
|
||||||
|
|
||||||
|
When PAM is invoked via SASL it is passed a service name of
|
||||||
|
"smtp". This means that PAM will read its configuration parameters for
|
||||||
|
Postfix from the file: /etc/pam.d/smtp. By default this file is set to
|
||||||
|
refer to the global system PAM authentication policy, thus by default
|
||||||
|
you'll get whatever PAM authentication your system is configured for
|
||||||
|
and virtually all applications use. Configuring PAM authentication is
|
||||||
|
beyond the scope of this document, please refer to the PAM
|
||||||
|
documentation if you which to modify PAM.
|
||||||
|
|
||||||
|
Trouble Shooting PAM Authentication:
|
||||||
|
------------------------------------
|
||||||
|
|
||||||
|
1) One possible reason PAM may fail to authenticate even if the user
|
||||||
|
is known to the system is if PAM fails to find the service
|
||||||
|
configuration file in /etc/pam.d. Service configuration files are not
|
||||||
|
required by PAM, if it does not find a service configuration file it
|
||||||
|
will default to "other". Since PAM does not consider the absence of a
|
||||||
|
service configuration file a problem it does not log anything nor does
|
||||||
|
it return an error to the calling application. In other words it is
|
||||||
|
completely silent about the fact it did not find a service
|
||||||
|
configuration file. On Red Hat system the default implementation of
|
||||||
|
"other" for PAM is to deny access. This means on Red Hat systems the
|
||||||
|
absence of a PAM service configuration file will mean PAM will
|
||||||
|
silently fail authentication. The PAM service configuration file for
|
||||||
|
postfix is /etc/pam.d/smtp and is intalled by the Red Hat Postfix rpm
|
||||||
|
and put under control of "alternatives" with name mta. Alternatives
|
||||||
|
allows one to select between the sendmail and postfix MTA's and
|
||||||
|
manages symbolic links for files the two MTA's share. /etc/pam.d/smtp
|
||||||
|
is one such file, if you have not selected Postfix as your prefered
|
||||||
|
MTA the link to this file will not be present. To select Postfix as
|
||||||
|
your MTA do this: "/usr/sbin/alternatives --config mta" and follow the
|
||||||
|
prompt to select postfix.
|
||||||
|
|
||||||
|
2) Is SASL appending a realm or domain to a username? PAM
|
||||||
|
authentication requires a bare username and password, other
|
||||||
|
authentication methods require the username to be qualified with a
|
||||||
|
realm. Typically the username will be rewritten as user@realm
|
||||||
|
(e.g. user@foo.com) PAM does not understand a username with
|
||||||
|
"@realm" appended to it and will fail the authentication with the
|
||||||
|
message that the user is unknown. If the log files shows saslauthd
|
||||||
|
usernames with "@realm" appended to it then the
|
||||||
|
smtpd_sasl_local_domain configuration parameter is likely set in
|
||||||
|
/etc/postfix/main.cf file, make sure its either not set or set it
|
||||||
|
to an empty string. Restart postfix and test authtentication again,
|
||||||
|
the log file should show only a bare username.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Using saslpasswd to Authenticate:
|
||||||
|
---------------------------------
|
||||||
|
|
||||||
|
SASL can maintain its own password database independent of the host
|
||||||
|
system's authentication setup, it is called saslpasswd. You may wish
|
||||||
|
to use saslpasswd if you want to isolate who can smtp authenticate
|
||||||
|
from general system users. However, it does add another password
|
||||||
|
database that a system administrator must maintain.
|
||||||
|
|
||||||
|
To authenticate against sasldb, you'll first have to create accounts.
|
||||||
|
These accounts are entirely separate from system accounts, and are used
|
||||||
|
only by connecting SMTP clients to authenticate themselves. Use the
|
||||||
|
saslpassword command:
|
||||||
|
|
||||||
|
saslpasswd -u `postconf -h myhostname` -c user
|
||||||
|
|
||||||
|
to create an account named user which can log into realm. For the
|
||||||
|
realm, make absolutely certain that you use the same value as is set for
|
||||||
|
myhostname in /etc/postfix/main.cf. If you don't, it likely won't work.
|
||||||
|
|
||||||
|
Also, be aware that saslpasswd is somewhat buggy. The first time you
|
||||||
|
run it, it may generate an error message while initializing the sasldb.
|
||||||
|
If it does, just add that user a second time.
|
||||||
|
|
||||||
|
You'll need to set permissions on the SASL password database so that
|
||||||
|
the Postfix daemons can read it:
|
||||||
|
|
||||||
|
chgrp postfix /etc/sasldb
|
||||||
|
chmod g+r /etc/sasldb
|
||||||
|
|
||||||
|
Now, you'll need to modify /etc/postfix/main.cf to tell it to
|
||||||
|
support SASL. The complete options you might want to use are in the
|
||||||
|
sample-auth.cf file in the Postfix documentation directory. An option
|
||||||
|
you will definitely need is:
|
||||||
|
|
||||||
|
# enable SASL support
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
|
||||||
|
You might also need to set the SASL authentication realm to whatever
|
||||||
|
realm you used when you created your sasldb; by default, this is set to
|
||||||
|
$myhostname, but you instead might need something like:
|
||||||
|
|
||||||
|
# set SASL realm to domain instead
|
||||||
|
smtpd_sasl_local_domain = $mydomain
|
||||||
|
|
||||||
|
Other Postfix Authentication Parameters:
|
||||||
|
----------------------------------------
|
||||||
|
|
||||||
|
If you want to allow your already configured users to still use your SMTP
|
||||||
|
server, and to allow users authenticated via SMTP AUTH to use your server
|
||||||
|
as well, then modify your existing smtpd_recipient_restrictions line to;
|
||||||
|
|
||||||
|
# also allow authenticated (RFC 2554) users
|
||||||
|
smtpd_recipient_restrictions = permit_sasl_authenticated ...
|
||||||
|
|
||||||
|
If you want to restrict use of your server to just authenticated clients
|
||||||
|
(Note: this is a bad idea for public mail servers), then instead use:
|
||||||
|
|
||||||
|
# restrict server access to authenticated (RFC 2554) clients
|
||||||
|
smtpd_delay_reject = yes
|
||||||
|
smtpd_client_restrictions = permit_sasl_authenticated ...
|
||||||
|
|
||||||
|
SASL supports several password types which have differing security
|
||||||
|
properties. Different SMTP clients may support some or all of these
|
||||||
|
password types. When the client issues an EHLO command, the server
|
||||||
|
tells it which types it supports:
|
||||||
|
|
||||||
|
$ telnet station6 25
|
||||||
|
Trying 10.100.0.6...
|
||||||
|
Connected to station6.example.com.
|
||||||
|
Escape character is '^]'.
|
||||||
|
220 station6.example.com ESMTP Postfix
|
||||||
|
ehlo station7
|
||||||
|
250-station6.example.com
|
||||||
|
250-PIPELINING
|
||||||
|
250-SIZE 10240000
|
||||||
|
250-VRFY
|
||||||
|
250-ETRN
|
||||||
|
250-STARTTLS
|
||||||
|
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
|
||||||
|
250-XVERP
|
||||||
|
250 8BITMIME
|
||||||
|
|
||||||
|
Here, the server supports PLAIN, LOGIN, DIGEST-MD5, and CRAM-MD5 password
|
||||||
|
methods.
|
||||||
|
|
||||||
|
The client then chooses the first of these listed methods which it also
|
||||||
|
supports, and issues an SMTP AUTH request.
|
||||||
|
|
||||||
|
For security, PLAIN and LOGIN methods are typically disabled. These two
|
||||||
|
methods use trivially decryptable encryption, making the username and
|
||||||
|
password issued by the client vulnerable to interception via a sniffer
|
||||||
|
in between the server and client. Unfortunately, they can't always
|
||||||
|
be disabled. Some popular SMTP clients, including MS Outlook 5.x,
|
||||||
|
only support PLAIN authentication, for example.
|
||||||
|
|
||||||
|
To limit the login methods offered by the server:
|
||||||
|
|
||||||
|
# disable unsafe password methods
|
||||||
|
smtpd_sasl_security_options = noplaintext noanonymous
|
||||||
|
|
||||||
|
Available options are:
|
||||||
|
|
||||||
|
noplaintext, which disables LOGIN and PLAIN
|
||||||
|
noanonymous, which disables disables ANON
|
||||||
|
nodictionary, which disables methods vulnerable to dictionary attacks
|
||||||
|
noactive, which disables methods vulnerable to active attacks
|
||||||
|
|
||||||
|
The last two are rarely used, since almost all supported methods are
|
||||||
|
vulnerable to those attacks ;-).
|
||||||
|
|
||||||
|
Also be aware that some broken clients mis-implement the SMTP AUTH
|
||||||
|
protocol, and send commands using incorrect syntax (AUTH=foo instead of
|
||||||
|
the correct AUTH foo). MS Outlook 4.x clients have this bug, among
|
||||||
|
a legion of others.... If you need to support these clients, use:
|
||||||
|
|
||||||
|
# support braindead MS products
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
|
||||||
|
To help prevent spoofing, you can also create a map file of SASL login
|
||||||
|
names which are allowed to use specific envelope sender (MAIL FROM)
|
||||||
|
addresses. If you choose to do this, you also have to tell Postfix to
|
||||||
|
reject addresses which don't match login names:
|
||||||
|
|
||||||
|
# prevent spoofing by authenticated users
|
||||||
|
reject_sender_login_mismatch
|
||||||
|
smtpd_sender_login_maps=type:/path/to/file
|
||||||
|
|
||||||
|
Configuration of SASL clients is much simpler. Postfix itself can be
|
||||||
|
made a SASL client; this is typically useful when roaming users run Linux
|
||||||
|
on their laptop and need to relay mail back through the organization's
|
||||||
|
main server.
|
||||||
|
|
||||||
|
To enable Postfix to act as an SMTP AUTH client, simply add to
|
||||||
|
/etc/postfix/main.cf:
|
||||||
|
|
||||||
|
# support authentication (RFC 2557) when relaying through a server
|
||||||
|
smtp_sasl_auth_enable = yes
|
||||||
|
|
||||||
|
and tell Postfix where to find the usernames and passwords it should
|
||||||
|
use to authenticate:
|
||||||
|
|
||||||
|
# location of passwords for authentication client
|
||||||
|
smtp_sasl_password_maps = type:/path/to/file
|
||||||
|
|
||||||
|
The file itself should have the format:
|
||||||
|
|
||||||
|
destination username:password
|
||||||
|
|
||||||
|
where destination is the name of the server, and username:password are
|
||||||
|
the username and password which should be presented to that server to
|
||||||
|
authenticate when connecting to it as a client.
|
||||||
|
|
||||||
|
Optionally, the authentication methods to be used can be specified for
|
||||||
|
the Postfix client, just as they can be for the Postfix server:
|
||||||
|
|
||||||
|
# disable plaintext and anonymous
|
||||||
|
smtp_sasl_security_options = noplaintext noanonymous
|
||||||
|
|
||||||
|
Many popular end-user MUAs can also be configured as SMTP AUTH clients.
|
||||||
|
Clients capable of this supplied with Red Hat include pine, Netscape,
|
||||||
|
and Mozilla.
|
||||||
|
|
||||||
|
Other Sources of Documentation:
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
/usr/share/doc/postfix-<version>/README_FILES/SASL_README
|
||||||
|
|
||||||
|
Local configuration examples:
|
||||||
|
|
||||||
|
/usr/share/doc/postfix-*/samples
|
||||||
|
|
||||||
|
Postfix Howtos, Guides and Tips by Ralf Hildebrandt and Patrick
|
||||||
|
Koetter can be found at: http://postfix.state-of-mind.de
|
||||||
|
|
||||||
|
------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Please send any comments / corrections to Chris Ricker
|
||||||
|
<kaboom@gatech.edu>. This material can be freely modified and
|
||||||
|
redistributed. Additional material provided by John Dennis
|
||||||
|
<jdennis@redhat.com> and Dax Kelson <dax@gurulabs.com>.
|
15
SOURCES/pflogsumm-1.1.5-datecalc.patch
Normal file
15
SOURCES/pflogsumm-1.1.5-datecalc.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git pflogsumm-1.1.5/pflogsumm.pl pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
index 31de5bd..36384dd 100755
|
||||||
|
--- pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
+++ pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
@@ -398,8 +398,8 @@ Copyright (C) 1998-2010 by James S. Seymour, Release 1.1.5
|
||||||
|
use strict;
|
||||||
|
use locale;
|
||||||
|
use Getopt::Long;
|
||||||
|
-eval { require Date::Calc };
|
||||||
|
-my $hasDateCalc = $@ ? 0 : 1;
|
||||||
|
+require Date::Calc;
|
||||||
|
+my $hasDateCalc = 1;
|
||||||
|
|
||||||
|
my $mailqCmd = "mailq";
|
||||||
|
my $release = "1.1.5";
|
13
SOURCES/pflogsumm-1.1.5-ipv6-warnings-fix.patch
Normal file
13
SOURCES/pflogsumm-1.1.5-ipv6-warnings-fix.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git pflogsumm-1.1.5/pflogsumm.pl pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
index 36384dd..eb527d0 100755
|
||||||
|
--- pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
+++ pflogsumm-1.1.5/pflogsumm.pl
|
||||||
|
@@ -1536,7 +1536,7 @@ sub gimme_domain {
|
||||||
|
# split domain/ipaddr into separates
|
||||||
|
# newer versions of Postfix have them "dom.ain[i.p.add.ress]"
|
||||||
|
# older versions of Postfix have them "dom.ain/i.p.add.ress"
|
||||||
|
- unless((($domain, $ipAddr) = /^([^\[]+)\[((?:\d{1,3}\.){3}\d{1,3})\]/) == 2 ||
|
||||||
|
+ unless((($domain, $ipAddr) = /^([^\[]+)\[((?:\d{1,3}\.){3}\d{1,3}|[0-9a-f:]+)\]/) == 2 ||
|
||||||
|
(($domain, $ipAddr) = /^([^\/]+)\/([0-9a-f.:]+)/i) == 2) {
|
||||||
|
# more exhaustive method
|
||||||
|
($domain, $ipAddr) = /^([^\[\(\/]+)[\[\(\/]([^\]\)]+)[\]\)]?:?\s*$/;
|
22
SOURCES/postfix-3.1.0-alternatives.patch
Normal file
22
SOURCES/postfix-3.1.0-alternatives.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
diff --git a/conf/post-install b/conf/post-install
|
||||||
|
index 904cefa..5f1039b 100644
|
||||||
|
--- a/conf/post-install
|
||||||
|
+++ b/conf/post-install
|
||||||
|
@@ -532,6 +532,17 @@ test -n "$create" && {
|
||||||
|
case $path in
|
||||||
|
no|no/*) continue;;
|
||||||
|
esac
|
||||||
|
+ # Munge paths for alternatives.
|
||||||
|
+ case $path in
|
||||||
|
+ /usr/bin/mailq) path=$path.postfix ;;
|
||||||
|
+ /usr/bin/newaliases) path=$path.postfix ;;
|
||||||
|
+ /usr/bin/rmail) path=$path.postfix ;;
|
||||||
|
+ /usr/sbin/sendmail) path=$path.postfix ;;
|
||||||
|
+ /usr/share/man/man1/mailq.1.gz) path=/usr/share/man/man1/mailq.postfix.1.gz ;;
|
||||||
|
+ /usr/share/man/man1/newaliases.1.gz) path=/usr/share/man/man1/newaliases.postfix.1.gz ;;
|
||||||
|
+ /usr/share/man/man5/aliases.5.gz) path=/usr/share/man/man5/aliases.postfix.5.gz ;;
|
||||||
|
+ /usr/share/man/man8/smtpd.8.gz) path=/usr/share/man/man8/smtpd.postfix.8.gz ;;
|
||||||
|
+ esac
|
||||||
|
# Pick up the flags.
|
||||||
|
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
|
||||||
|
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
|
63
SOURCES/postfix-3.1.0-files.patch
Normal file
63
SOURCES/postfix-3.1.0-files.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
diff --git a/conf/postfix-files b/conf/postfix-files
|
||||||
|
index a433f4f..3ecdb5b 100644
|
||||||
|
--- a/conf/postfix-files
|
||||||
|
+++ b/conf/postfix-files
|
||||||
|
@@ -83,7 +83,6 @@ $shlib_directory/${LIB_PREFIX}sqlite${LIB_SUFFIX}:f:root:-:755
|
||||||
|
$meta_directory/dynamicmaps.cf.d:d:root:-:755
|
||||||
|
$meta_directory/dynamicmaps.cf:f:root:-:644
|
||||||
|
$meta_directory/main.cf.proto:f:root:-:644
|
||||||
|
-$meta_directory/makedefs.out:f:root:-:644
|
||||||
|
$meta_directory/master.cf.proto:f:root:-:644
|
||||||
|
$meta_directory/postfix-files.d:d:root:-:755
|
||||||
|
$meta_directory/postfix-files:f:root:-:644
|
||||||
|
@@ -140,18 +139,13 @@ $command_directory/postqueue:f:root:$setgid_group:2755:u
|
||||||
|
$sendmail_path:f:root:-:755
|
||||||
|
$newaliases_path:l:$sendmail_path
|
||||||
|
$mailq_path:l:$sendmail_path
|
||||||
|
-$config_directory/LICENSE:f:root:-:644:1
|
||||||
|
-$config_directory/TLS_LICENSE:f:root:-:644:1
|
||||||
|
$config_directory/access:f:root:-:644:p1
|
||||||
|
-$config_directory/aliases:f:root:-:644:p1
|
||||||
|
-$config_directory/bounce.cf.default:f:root:-:644:1
|
||||||
|
$config_directory/canonical:f:root:-:644:p1
|
||||||
|
$config_directory/cidr_table:f:root:-:644:o
|
||||||
|
$config_directory/generic:f:root:-:644:p1
|
||||||
|
$config_directory/generics:f:root:-:644:o
|
||||||
|
$config_directory/header_checks:f:root:-:644:p1
|
||||||
|
$config_directory/install.cf:f:root:-:644:o
|
||||||
|
-$config_directory/main.cf.default:f:root:-:644:1
|
||||||
|
$config_directory/main.cf:f:root:-:644:p
|
||||||
|
$config_directory/master.cf:f:root:-:644:p
|
||||||
|
$config_directory/pcre_table:f:root:-:644:o
|
||||||
|
@@ -164,8 +158,8 @@ $config_directory/postfix-script:f:root:-:755:o
|
||||||
|
$config_directory/postfix-script-sgid:f:root:-:755:o
|
||||||
|
$config_directory/postfix-script-nosgid:f:root:-:755:o
|
||||||
|
$config_directory/post-install:f:root:-:755:o
|
||||||
|
-$manpage_directory/man1/mailq.1:f:root:-:644
|
||||||
|
-$manpage_directory/man1/newaliases.1:f:root:-:644
|
||||||
|
+$manpage_directory/man1/mailq.postfix.1:f:root:-:644
|
||||||
|
+$manpage_directory/man1/newaliases.postfix.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postalias.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postcat.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postconf.1:f:root:-:644
|
||||||
|
@@ -179,9 +173,9 @@ $manpage_directory/man1/postmap.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postmulti.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postqueue.1:f:root:-:644
|
||||||
|
$manpage_directory/man1/postsuper.1:f:root:-:644
|
||||||
|
-$manpage_directory/man1/sendmail.1:f:root:-:644
|
||||||
|
+$manpage_directory/man1/sendmail.postfix.1:f:root:-:644
|
||||||
|
$manpage_directory/man5/access.5:f:root:-:644
|
||||||
|
-$manpage_directory/man5/aliases.5:f:root:-:644
|
||||||
|
+$manpage_directory/man5/aliases.postfix.5:f:root:-:644
|
||||||
|
$manpage_directory/man5/body_checks.5:f:root:-:644
|
||||||
|
$manpage_directory/man5/bounce.5:f:root:-:644
|
||||||
|
$manpage_directory/man5/canonical.5:f:root:-:644
|
||||||
|
@@ -228,7 +222,7 @@ $manpage_directory/man8/qmqpd.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/scache.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/showq.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/smtp.8:f:root:-:644
|
||||||
|
-$manpage_directory/man8/smtpd.8:f:root:-:644
|
||||||
|
+$manpage_directory/man8/smtpd.postfix.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/spawn.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/tlsproxy.8:f:root:-:644
|
||||||
|
$manpage_directory/man8/tlsmgr.8:f:root:-:644
|
145
SOURCES/postfix-3.2.0-config.patch
Normal file
145
SOURCES/postfix-3.2.0-config.patch
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
diff --git a/conf/main.cf b/conf/main.cf
|
||||||
|
index 7af8bde..fbe5c62 100644
|
||||||
|
--- a/conf/main.cf
|
||||||
|
+++ b/conf/main.cf
|
||||||
|
@@ -132,6 +132,10 @@ mail_owner = postfix
|
||||||
|
#inet_interfaces = all
|
||||||
|
#inet_interfaces = $myhostname
|
||||||
|
#inet_interfaces = $myhostname, localhost
|
||||||
|
+inet_interfaces = localhost
|
||||||
|
+
|
||||||
|
+# Enable IPv4, and IPv6 if supported
|
||||||
|
+inet_protocols = all
|
||||||
|
|
||||||
|
# The proxy_interfaces parameter specifies the network interface
|
||||||
|
# addresses that this mail system receives mail on by way of a
|
||||||
|
@@ -176,7 +180,7 @@ mail_owner = postfix
|
||||||
|
#
|
||||||
|
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||||
|
#
|
||||||
|
-#mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
+mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||||
|
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||||
|
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||||
|
@@ -398,7 +402,7 @@ unknown_local_recipient_reject_code = 550
|
||||||
|
# "postfix reload" to eliminate the delay.
|
||||||
|
#
|
||||||
|
#alias_maps = dbm:/etc/aliases
|
||||||
|
-#alias_maps = hash:/etc/aliases
|
||||||
|
+alias_maps = hash:/etc/aliases
|
||||||
|
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||||
|
#alias_maps = netinfo:/aliases
|
||||||
|
|
||||||
|
@@ -409,7 +413,7 @@ unknown_local_recipient_reject_code = 550
|
||||||
|
#
|
||||||
|
#alias_database = dbm:/etc/aliases
|
||||||
|
#alias_database = dbm:/etc/mail/aliases
|
||||||
|
-#alias_database = hash:/etc/aliases
|
||||||
|
+alias_database = hash:/etc/aliases
|
||||||
|
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||||
|
|
||||||
|
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||||
|
@@ -479,7 +483,27 @@ unknown_local_recipient_reject_code = 550
|
||||||
|
#
|
||||||
|
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
|
||||||
|
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
|
||||||
|
-#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
|
||||||
|
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
+
|
||||||
|
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
|
||||||
|
+# server using LMTP (Local Mail Transport Protocol), this is prefered
|
||||||
|
+# over the older cyrus deliver program by setting the
|
||||||
|
+# mailbox_transport as below:
|
||||||
|
+#
|
||||||
|
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
+#
|
||||||
|
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
|
||||||
|
+# these settings.
|
||||||
|
+#
|
||||||
|
+# local_destination_recipient_limit = 300
|
||||||
|
+# local_destination_concurrency_limit = 5
|
||||||
|
+#
|
||||||
|
+# Of course you should adjust these settings as appropriate for the
|
||||||
|
+# capacity of the hardware you are using. The recipient limit setting
|
||||||
|
+# can be used to take advantage of the single instance message store
|
||||||
|
+# capability of Cyrus. The concurrency limit can be used to control
|
||||||
|
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
|
||||||
|
+# message store.
|
||||||
|
#
|
||||||
|
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
|
||||||
|
# subsequent line in master.cf.
|
||||||
|
@@ -499,8 +523,7 @@ unknown_local_recipient_reject_code = 550
|
||||||
|
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||||
|
# non-UNIX accounts with "User unknown in local recipient table".
|
||||||
|
#
|
||||||
|
-#fallback_transport = lmtp:unix:/file/name
|
||||||
|
-#fallback_transport = cyrus
|
||||||
|
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
|
#fallback_transport =
|
||||||
|
|
||||||
|
# The luser_relay parameter specifies an optional destination address
|
||||||
|
@@ -673,4 +696,41 @@ sample_directory =
|
||||||
|
# readme_directory: The location of the Postfix README files.
|
||||||
|
#
|
||||||
|
readme_directory =
|
||||||
|
-inet_protocols = ipv4
|
||||||
|
+
|
||||||
|
+# TLS CONFIGURATION
|
||||||
|
+#
|
||||||
|
+# Basic Postfix TLS configuration by default with self-signed certificate
|
||||||
|
+# for inbound SMTP and also opportunistic TLS for outbound SMTP.
|
||||||
|
+
|
||||||
|
+# The full pathname of a file with the Postfix SMTP server RSA certificate
|
||||||
|
+# in PEM format. Intermediate certificates should be included in general,
|
||||||
|
+# the server certificate first, then the issuing CA(s) (bottom-up order).
|
||||||
|
+#
|
||||||
|
+smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
|
||||||
|
+
|
||||||
|
+# The full pathname of a file with the Postfix SMTP server RSA private key
|
||||||
|
+# in PEM format. The private key must be accessible without a pass-phrase,
|
||||||
|
+# i.e. it must not be encrypted.
|
||||||
|
+#
|
||||||
|
+smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
|
||||||
|
+
|
||||||
|
+# Announce STARTTLS support to remote SMTP clients, but do not require that
|
||||||
|
+# clients use TLS encryption (opportunistic TLS inbound).
|
||||||
|
+#
|
||||||
|
+smtpd_tls_security_level = may
|
||||||
|
+
|
||||||
|
+# Directory with PEM format Certification Authority certificates that the
|
||||||
|
+# Postfix SMTP client uses to verify a remote SMTP server certificate.
|
||||||
|
+#
|
||||||
|
+smtp_tls_CApath = /etc/pki/tls/certs
|
||||||
|
+
|
||||||
|
+# The full pathname of a file containing CA certificates of root CAs
|
||||||
|
+# trusted to sign either remote SMTP server certificates or intermediate CA
|
||||||
|
+# certificates.
|
||||||
|
+#
|
||||||
|
+smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
||||||
|
+
|
||||||
|
+# Use TLS if this is supported by the remote SMTP server, otherwise use
|
||||||
|
+# plaintext (opportunistic TLS outbound).
|
||||||
|
+#
|
||||||
|
+smtp_tls_security_level = may
|
||||||
|
diff --git a/conf/master.cf b/conf/master.cf
|
||||||
|
index b67ed59..a9633ba 100644
|
||||||
|
--- a/conf/master.cf
|
||||||
|
+++ b/conf/master.cf
|
||||||
|
@@ -96,14 +96,14 @@ scache unix - - n - 1 scache
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
+# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||||||
|
+# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
37
SOURCES/postfix-3.2.0-large-fs.patch
Normal file
37
SOURCES/postfix-3.2.0-large-fs.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
diff --git a/src/util/fsspace.c b/src/util/fsspace.c
|
||||||
|
index 50a4aa7..beef3db 100644
|
||||||
|
--- a/src/util/fsspace.c
|
||||||
|
+++ b/src/util/fsspace.c
|
||||||
|
@@ -91,8 +91,15 @@ void fsspace(const char *path, struct fsspace * sp)
|
||||||
|
|
||||||
|
if (statvfs(path, &fsbuf) < 0)
|
||||||
|
msg_fatal("statvfs %s: %m", path);
|
||||||
|
- sp->block_size = fsbuf.f_frsize;
|
||||||
|
- sp->block_free = fsbuf.f_bavail;
|
||||||
|
+ if (fsbuf.f_frsize > 0)
|
||||||
|
+ sp->block_size = fsbuf.f_frsize;
|
||||||
|
+ else
|
||||||
|
+ sp->block_size = fsbuf.f_bsize;
|
||||||
|
+ /* 4G of FS blocks is surely enough space to put a mail in */
|
||||||
|
+ sp->block_free = 0;
|
||||||
|
+ sp->block_free = ~sp->block_free;
|
||||||
|
+ if (fsbuf.f_bavail < sp->block_free)
|
||||||
|
+ sp->block_free = fsbuf.f_bavail;
|
||||||
|
#endif
|
||||||
|
if (msg_verbose)
|
||||||
|
msg_info("%s: %s: block size %lu, blocks free %lu",
|
||||||
|
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
|
||||||
|
index 3f570c4..611d9cd 100644
|
||||||
|
--- a/src/util/sys_defs.h
|
||||||
|
+++ b/src/util/sys_defs.h
|
||||||
|
@@ -768,8 +768,8 @@ extern int initgroups(const char *, int);
|
||||||
|
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
|
||||||
|
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
|
||||||
|
#define FIONREAD_IN_TERMIOS_H
|
||||||
|
-#define USE_STATFS
|
||||||
|
-#define STATFS_IN_SYS_VFS_H
|
||||||
|
+#define USE_STATVFS
|
||||||
|
+#define STATVFS_IN_SYS_STATVFS_H
|
||||||
|
#define PREPEND_PLUS_TO_OPTSTRING
|
||||||
|
#define HAS_POSIX_REGEXP
|
||||||
|
#define HAS_DLOPEN
|
13
SOURCES/postfix-3.3.1-posttls-finger-unix-fix.patch
Normal file
13
SOURCES/postfix-3.3.1-posttls-finger-unix-fix.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
|
||||||
|
index 5f559b4..86a8b01 100644
|
||||||
|
--- a/src/posttls-finger/posttls-finger.c
|
||||||
|
+++ b/src/posttls-finger/posttls-finger.c
|
||||||
|
@@ -1409,7 +1409,7 @@ static int connect_dest(STATE *state)
|
||||||
|
*/
|
||||||
|
if (state->smtp == 0) {
|
||||||
|
if (strncmp(dest, "unix:", 5) == 0) {
|
||||||
|
- connect_unix(state, dest + 5);
|
||||||
|
+ state->stream = connect_unix(state, dest + 5);
|
||||||
|
if (!state->stream)
|
||||||
|
msg_info("Failed to establish session to %s: %s",
|
||||||
|
dest, vstring_str(state->why->reason));
|
4
SOURCES/postfix-chroot-update
Normal file
4
SOURCES/postfix-chroot-update
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
[ -x /etc/postfix/chroot-update ] && exec /etc/postfix/chroot-update
|
||||||
|
exit 0
|
3
SOURCES/postfix-pam.conf
Normal file
3
SOURCES/postfix-pam.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth include password-auth
|
||||||
|
account include password-auth
|
2
SOURCES/postfix-sasl.conf
Normal file
2
SOURCES/postfix-sasl.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
pwcheck_method: saslauthd
|
||||||
|
mech_list: plain login
|
20
SOURCES/postfix.aliasesdb
Normal file
20
SOURCES/postfix.aliasesdb
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
|
||||||
|
|
||||||
|
make_aliasesdb() {
|
||||||
|
if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ]
|
||||||
|
then
|
||||||
|
# /etc/aliases.db may be used by other MTA, make sure nothing
|
||||||
|
# has touched it since our last newaliases call
|
||||||
|
[ /etc/aliases -nt /etc/aliases.db ] ||
|
||||||
|
[ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] ||
|
||||||
|
[ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return 0
|
||||||
|
/usr/bin/newaliases
|
||||||
|
touch -r /etc/aliases.db "$ALIASESDB_STAMP"
|
||||||
|
else
|
||||||
|
/usr/bin/newaliases
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
make_aliasesdb
|
21
SOURCES/postfix.service
Normal file
21
SOURCES/postfix.service
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Postfix Mail Transport Agent
|
||||||
|
After=syslog.target network.target
|
||||||
|
Conflicts=sendmail.service exim.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/var/spool/postfix/pid/master.pid
|
||||||
|
EnvironmentFile=-/etc/sysconfig/network
|
||||||
|
PrivateTmp=true
|
||||||
|
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
|
||||||
|
ProtectSystem=true
|
||||||
|
PrivateDevices=true
|
||||||
|
ExecStartPre=-/usr/libexec/postfix/aliasesdb
|
||||||
|
ExecStartPre=-/usr/libexec/postfix/chroot-update
|
||||||
|
ExecStart=/usr/sbin/postfix start
|
||||||
|
ExecReload=/usr/sbin/postfix reload
|
||||||
|
ExecStop=/usr/sbin/postfix stop
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
1629
SPECS/postfix.spec
Normal file
1629
SPECS/postfix.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user