- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body

- Apply patch OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=83
2011-07-06 13:11:28 +00:00 · 2011-07-06 13:11:28 +00:00 · 872d0ec310
commit 872d0ec310
parent 066d28c93b
4 changed files with 8 additions and 190 deletions
--- a/postfix-SuSE.patch
+++ b/postfix-SuSE.patch
@ -1,187 +0,0 @@
-diff -ruN postfix-SuSE-orig//SuSEconfig.postfix postfix-SuSE/SuSEconfig.postfix
--- postfix-SuSE-orig//SuSEconfig.postfix	2011-05-11 10:30:56.000000000 +0200
-+++ postfix-SuSE/SuSEconfig.postfix	2011-07-01 14:34:26.000000000 +0200
-@@ -143,7 +143,6 @@
-         if [ "$CAPATH" ]
-         then
-            cpifnewer "$CAPATH/*" ./$CAPATH
-	   mkdir ./etc/ssl
- 	   rsync -avH /etc/ssl/certs ./etc/ssl
-         fi
- 	# smtpd_tls_CAfile
-@@ -162,10 +161,12 @@
- 	fi
- 	# smtpd_tls_key_file
- 	smtpd_tls_key_file=`postconf -h smtpd_tls_key_file`
-	if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ]
-	then
-	   DIR=`dirname $smtpd_tls_key_file`
-           cpifnewer $smtpd_tls_key_file ./$DIR
-+	if [ -n "$smtpd_tls_key_file" ]; then
-+	    if [ "$smtpd_tls_key_file" -a $smtpd_tls_key_file != '$smtpd_tls_cert_file' ]
-+	    then
-+		DIR=`dirname $smtpd_tls_key_file`
-+		cpifnewer $smtpd_tls_key_file ./$DIR
-+	    fi
- 	fi
- 
- 	# PAM
-@@ -263,7 +264,6 @@
- 
-     # to be on the save side
-     $PCONF -e "daemon_directory = @daemon_directory@"
-    $PCONF -e "program_directory = @daemon_directory@"
-     $PCONF -e "readme_directory = @readme_directory@"
-     $PCONF -e "html_directory = @html_directory@"
-     $PCONF -e "sample_directory = @sample_directory@"
-@@ -517,6 +517,8 @@
- 	$PCONF -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
-     else
- 	$PCONF -e "smtp_sasl_auth_enable = no"
-+	$PCONF -e "smtp_sasl_security_options = "
-+	$PCONF -e "smtp_sasl_password_maps = "
-     fi
- 
-     if test "$POSTFIX_SMTP_AUTH_SERVER" == "yes"; then
-@@ -557,19 +559,28 @@
-     fi
-     if test "$POSTFIX_SMTP_TLS_SERVER" == "yes" -o "$POSTFIX_SMTP_TLS_SERVER_LEGACY_SUPPORT" == "yes"; then
- 	$PCONF -e "smtpd_use_tls = yes"
-	$PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
-+	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
-+	    $PCONF -e "smtpd_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
-+	else
-+	    $PCONF -e "smtpd_tls_CApath = $POSTFIX_SSL_PATH/cacerts"
-+	fi
- 	$PCONF -e "smtpd_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
- 	$PCONF -e "smtpd_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
-	$PCONF -e "smtpd_tls_received_header = yes"
-	$PCONF -e "tls_daemon_random_source = dev:/dev/urandom"
-	$PCONF -e "tls_random_source = dev:/dev/urandom"
- 	$PCONF -e "relay_clientcerts = hash:/etc/postfix/relay_ccerts"
- 	$PCONF -e "smtpd_tls_ask_ccert = yes"
-+	$PCONF -e "smtpd_tls_received_header = yes"
-         touch -m -d "1 minute ago" $TMPDIR/main.cf
- 	CURRENT=$($PCONF -h smtpd_recipient_restrictions)
- 	$PCONF -e "smtpd_recipient_restrictions = permit_tls_clientcerts, $CURRENT"
-     else
- 	$PCONF -e "smtpd_use_tls = no"
-+	$PCONF -e "smtpd_tls_CAfile ="
-+	$PCONF -e "smtpd_tls_CApath ="
-+	$PCONF -e "smtpd_tls_cert_file ="
-+	$PCONF -e "smtpd_tls_key_file ="
-+	$PCONF -e "relay_clientcerts ="
-+	$PCONF -e "smtpd_tls_ask_ccert = no"
-+	$PCONF -e "smtpd_tls_received_header = no"
-     fi
- 
-     if test "$POSTFIX_SMTP_TLS_CLIENT" == "no"; then
-@@ -585,16 +596,22 @@
- 	    $PCONF -e "smtp_enforce_tls = yes"
-     fi
-     if test "$POSTFIX_SMTP_TLS_CLIENT" = "yes" -o "$POSTFIX_SMTP_TLS_CLIENT" = "must" ; then
-	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" && \
-+	if [ -n "$POSTFIX_TLS_CAFILE" -a -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE" ]; then
- 	    $PCONF -e "smtp_tls_CAfile = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CAFILE"
-+	else
-+	    $PCONF -e "smtp_tls_CApath = $POSTFIX_SSL_PATH/cacerts"
-+	fi
- 	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE" && \
- 	    $PCONF -e "smtp_tls_cert_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_CERTFILE"
- 	test -s "$POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE" && \
- 	    $PCONF -e "smtp_tls_key_file = $POSTFIX_SSL_PATH/$POSTFIX_TLS_KEYFILE"
-	$PCONF -e "smtp_tls_session_cache_timeout = 3600s"
- 	$PCONF -e "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache"
-     else
-	$PCONF -e "smtp_use_tls = no"
-+	$PCONF -e "smtp_tls_CAfile ="
-+	$PCONF -e "smtp_tls_CApath ="
-+	$PCONF -e "smtp_tls_cert_file ="
-+	$PCONF -e "smtp_tls_key_file ="
-+	$PCONF -e "smtp_tls_session_cache_database ="
-     fi
- 
-     ALLMAPS="hash:/etc/aliases"
-@@ -903,14 +920,16 @@
- 	    $line = "  ".$1;
- 	}
-     # next should match
-    # #  -o smtpd_client_restrictions=
-+    # #  -o smtpd_client_restrictions=permit_mynetworks,reject
-     # and not
-    # #     -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-    } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=.*)/) {
-	if ( $use_amavis ne "yes" ) {
-	    $line = "#  ".$1;
-	} else {
-	    $line = "  ".$1;
-+    # #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-+    } elsif ( /^\#?\s\s(-o\s+smtpd_client_restrictions=)(.*)/) {
-+	if ( $2 eq "permit_mynetworks,reject") {
-+	  if ( $use_amavis ne "yes" ) {
-+	    $line = "#  ".$1.$2;
-+	  } else {
-+	    $line = "  ".$1.$2;
-+	  }
- 	}
-     } elsif ( /\#?\s\s(-o\s+smtpd_helo_restrictions=.*)/) {
- 	if ( $use_amavis ne "yes" ) {
-@@ -991,7 +1010,7 @@
- 	    $line = "  ".$1;
- 	    if( $line !~ /receive_override_options=no_unknown_recipient_checks,no_header_body_checks/ )
- 	    {
-	      $line .= "  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings";
-+	      $line = "  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings";
- 	    }
- 	}
-      } elsif ( /\#?\s\s(-o\s+local_header_rewrite_clients=.*)/) {
-diff -ruN postfix-SuSE-orig//sysconfig.postfix postfix-SuSE/sysconfig.postfix
--- postfix-SuSE-orig//sysconfig.postfix	2011-05-11 10:30:56.000000000 +0200
-+++ postfix-SuSE/sysconfig.postfix	2011-07-01 14:33:33.000000000 +0200
-@@ -198,22 +198,10 @@
- # Note: This only has effect, if POSTFIX_BASIC_SPAM_PREVENTION is set
- # to either "medium" or "hard" or "custom". If left empty, no RBL checks will take place.
- #
-# Example: POSTFIX_RBL_HOSTS="rbl1.example.com, rbl2.example.com"
-+# Example: POSTFIX_RBL_HOSTS="cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org"
- #
-#POSTFIX_RBL_HOSTS="zen.spamhaus.org, cbl.abuseat.org, dnsbl.sorbs.net, dnsbl.ahbl.org"
- POSTFIX_RBL_HOSTS=""
- 
-## Type:        yesno
-## Default:     no
-## Config:      postfix
-#
-# Set this to yes, if SuSEconfig should setup 'pop-before-smtp' checks
-#
-# Note: You should set this to yes if you have Dyn-IP Clients who want to
-# relay their mail, POP3 or IMAP user
-#
-#POSTFIX_WITH_POP_BEFORE_SMTP="no"
-
- ## Type:        string(off,medium,hard)
- ## Default:     off
- ## Config:      postfix
-@@ -287,7 +275,7 @@
- # Note: "if set to "medium" default is "hash:/etc/postfix/access, reject_unknown_sender_domain"
- #
- # Example:
-# POSTFIX_SMTPD_SENDERNT_RESTRICTIONS="reject_unauth_pipelining,
-+# POSTFIX_SMTPD_SENDER_RESTRICTIONS="reject_unauth_pipelining,
- #  check_client_access hash:/etc/postfix/pop-before-smtp,
- #  check_client_access hash:/etc/postfix/relay,
- #  check_client_access hash:/etc/postfix/access,
-@@ -414,7 +402,12 @@
- ## Default:     "cacert.pem"
- ## Config:      postfix
- #
-# name of the CA file (below POSTFIX_SSL_PATH)
-+# name of the CAfile (below POSTFIX_SSL_PATH)
-+#
-+# when having more than one CA you want to trust, then
-+# leave it empty and CApath ( POSTFIX_SSL_PATH/cacerts )
-+# is used instead. Do not forget to run c_rehash POSTFIX_SSL_PATH/cacerts
-+# after storing the certs.
- # 
- POSTFIX_TLS_CAFILE="cacert.pem"
- 
--- a/postfix-SuSE.tar.gz
+++ b/postfix-SuSE.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b2a6a65d1fe33601fecd140073059da2676114aa446b93bb9305a6e8e9b143cd
-size 22762
+oid sha256:33fc02faba118ad24c994a3d71ea526755fe9d4283fb687f06e6b54f649a642c
+size 30867
--- a/postfix.changes
+++ b/postfix.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jul  6 13:11:07 UTC 2011 - varkoly@novell.com
+
+- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body
+- Apply patch 
+
 -------------------------------------------------------------------
 Fri Jul  1 12:35:59 UTC 2011 - chris@computersalat.de

--- a/postfix.spec
+++ b/postfix.spec
@ -39,7 +39,6 @@ Patch10:        %{name}-2.8.3-main.cf.patch
 Patch11:        %{name}-2.8.3-master.cf.patch
 Patch12:        %{name}-2.8.3-post-install.patch
 Patch20:        %{name}-vda-v10-2.8.3.patch
-Patch30:        %{name}-SuSE.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %insserv_prereq %fillup_prereq
 PreReq:         /usr/bin/getent