pool/postfix
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
slfo-1.2 ... slfo-main

Author SHA256 Message Date
Peter Varkoly
bbf4e50521 New version 2025-12-21 21:57:20 +01:00
13 changed files with 492 additions and 810 deletions
Expand all files Collapse all files

BIN
postfix-3.10.2.tar.gz LFS
View File

Binary file not shown.

7
postfix-3.10.2.tar.gz.asc
View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iFcDBQBoB7V0DAtZDoDKFacRCtBTAP4tSllCanz2DDPS17OywzKRFJVuAiwQFvcD
PJjWrKThfwD/XFWunMe3Qk79l3upuATtSAtemqlAechhDjkjsRQJKPY=
=n2hW
-----END PGP SIGNATURE-----

BIN
postfix-3.10.7.tar.gz LFS Normal file
View File

Binary file not shown.

7
postfix-3.10.7.tar.gz.asc Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iFcDBQBpM0kEDAtZDoDKFacRCpXhAP9LqN+e+DquBEfUO5L4F/yDBHQZ/DWM4BqV
cihSYdgvEAD/a4xi/SWHJKlRzfOkgcMQaGgqLI0YP5RYgsIyLiwrD6Y=
=ZTYZ
-----END PGP SIGNATURE-----

BIN
postfix-SUSE.tar.gz LFS
View File

Binary file not shown.

171
postfix-bdb-main.cf.patch
View File

@@ -1,171 +0,0 @@
--- conf/main.cf.orig 2025-05-21 13:20:29.531943251 +0200
+++ conf/main.cf 2025-05-21 13:30:34.282414688 +0200
@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+smtpd_banner = $myhostname ESMTP
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
@@ -682,4 +683,160 @@ sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
+
+############################################################
+#
+# before changing values manually consider editing
+# /etc/sysconfig/postfix
+# and run
+# config.postfix
+#
+# if you miss a feature of config.postfix then just send a
+# mail to chris@computersalat.de
+# patches for new feature(s) are also welcome :)
+#
+############################################################
+
+biff = no
+content_filter =
+delay_warning_time = 0h
+disable_dns_lookups = no
+disable_mime_output_conversion = no
+disable_vrfy_command = yes
+inet_interfaces = all
inet_protocols = ipv4
+masquerade_classes = envelope_sender, header_sender, header_recipient
+masquerade_domains =
+masquerade_exceptions =
+mydestination = $myhostname, localhost.$mydomain, localhost
+mynetworks_style = subnet
+relayhost =
+
+alias_maps =
+canonical_maps =
+relocated_maps =
+sender_canonical_maps =
+transport_maps =
+mail_spool_directory = /var/mail
+message_strip_characters =
+defer_transports =
+mailbox_command =
+mailbox_transport =
+mailbox_size_limit = 0
+message_size_limit = 0
+strict_8bitmime = no
+strict_rfc821_envelopes = no
+smtpd_delay_reject = yes
+smtpd_helo_required = no
+
+smtpd_client_restrictions =
+
+smtpd_helo_restrictions =
+
+smtpd_sender_restrictions =
+
+smtpd_recipient_restrictions =
+
+
+######################################################################
+# SMTP Smuggling (CVE-2023-51764)
+# no: allows SMTP smuggling
+# yes / normalize :
+# but allow local clients with non-standard SMTP implementations
+# such as netcat, fax machines, or load balancer health checks.
+# reject:
+# rejects a command or message that contains a bare newline
+######################################################################
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+#smtpd_forbid_bare_newline_reject_code = 521
+
+############################################################
+# SASL stuff
+############################################################
+smtp_sasl_auth_enable = no
+smtp_sasl_security_options =
+smtp_sasl_password_maps =
+smtpd_sasl_auth_enable = no
+# cyrus : smtpd_sasl_type = cyrus
+# smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot
+# smtpd_sasl_path = private/auth
+smtpd_sasl_type = cyrus
+smtpd_sasl_path = smtpd
+############################################################
+# TLS stuff
+############################################################
+#tls_append_default_CA = no
+relay_clientcerts =
+#tls_random_source = dev:/dev/urandom
+
+#smtp_tls_loglevel = 0
+smtp_tls_security_level =
+smtp_tls_CAfile =
+smtp_tls_CApath =
+smtp_tls_cert_file =
+smtp_tls_key_file =
+#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+#smtp_tls_session_cache_timeout = 3600s
+smtp_tls_session_cache_database =
+
+#smtpd_tls_loglevel = 0
+smtpd_tls_security_level =
+smtpd_tls_CAfile =
+smtpd_tls_CApath =
+smtpd_tls_cert_file =
+smtpd_tls_key_file =
+smtpd_tls_ask_ccert = no
+smtpd_tls_exclude_ciphers = RC4
+smtpd_tls_received_header = no
+############################################################
+# OpenDKIM
+############################################################
+#smtpd_milters = unix:/run/opendkim/opendkim.sock
+#non_smtpd_milters = $smtpd_milters
+#milter_default_action = accept
+#milter_protocol = 2
+############################################################
+# Start MySQL from postfixwiki.org
+############################################################
+relay_domains = $mydestination, hash:/etc/postfix/relay
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+#virtual_alias_domains =
+#virtual_alias_maps = hash:/etc/postfix/virtual
+#virtual_uid_maps = static:303
+#virtual_gid_maps = static:303
+#virtual_minimum_uid = 303
+#virtual_mailbox_base = /srv/maildirs
+#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
+#virtual_mailbox_limit = 0
+#virtual_mailbox_limit_inbox = no
+#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
+## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/lmtp-dovecot'
+#virtual_transport = virtual
+## Additional for quota support
+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
+#virtual_mailbox_limit_override = yes
+### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
+#virtual_maildir_filter = yes
+#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter
+#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
+#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg
+#virtual_overquota_bounce = yes
+#virtual_trash_count = yes
+#virtual_trash_name = ".Trash"
+############################################################
+# End MySQL from postfixwiki.org
+############################################################
+# Rewrite reject codes
+############################################################
+#unknown_address_reject_code = 550
+#unknown_client_reject_code = 550
+#unknown_hostname_reject_code = 550
+#unverified_recipient_reject_code = 550
+#unverified_sender_reject_code = 550
+#soft_bounce = yes
+############################################################
+#debug_peer_list = example.com
+#debug_peer_level = 3
+

201
postfix-bdb.changes
View File

@@ -1,3 +1,204 @@
-------------------------------------------------------------------
Sun Dec 21 20:53:29 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- (jsc#PED-14859) Fix packages for Immutable Mode - postfix
-------------------------------------------------------------------
Sun Dec 14 18:45:30 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- Put /etc/permissions.d/postfix.paranoid into the postfix-SUSE.tar.gz
-------------------------------------------------------------------
Thu Dec 11 13:08:02 UTC 2025 - Stefan Botter <obs@botter.cc>
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
-------------------------------------------------------------------
Wed Dec 10 20:00:47 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.7
* This patch addresses build errors on recent Linux distributions.
With the patch, Postfix builds will run the compiler with a
backwards compatibility option that is supported by Gcc and Clang.
For other compilers, an error message provides hints.
-------------------------------------------------------------------
Wed Dec 10 14:35:46 UTC 2025 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Add /var/spool/mail to the permissions.d drop-in. This directory used to be
whitelisted globally in the permissions package but an update for the exim
mail server changed that (bsc#1254597 bsc#1240755).
- Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534.
-------------------------------------------------------------------
Fri Dec 5 09:37:39 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- postfix is unable to send mail by default (bsc#1253775)
o Clean up the package
* Get rid of config.postfix script to avoid unintentional changes
of the configuration. The sysconfig files mail and postfix
were removed also.
* Deliver the original main.cf and master.cf
* Remove a lot of deprecated stuff from the package.
* Remove the ExecStartPre scripts to maintain the postmaps
and the chroot environment.
* A new ExecStartPre script manages the default alias map which
is part of the default configuration of postfix.
/sbin/postalias /etc/aliases
* Do not use the permissions framework. A new ExecStartPre script
takes care of the right permissions: /usr/sbin/postfix set-permissions
* Remove mkpostfixcert
o Remove patches:
* postfix-master.cf.patch
* postfix-main.cf.patch
* postfix-bdb-main.cf.patch
-------------------------------------------------------------------
Wed Nov 26 19:27:24 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.6
* Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
* New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
* Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
* Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
* Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
-------------------------------------------------------------------
Mon Nov 10 19:31:34 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.5
* Workaround for an interface mis-match between the Postfix SMTP
client and MTA-STS policy plugins.
* The existing behavior is to connect to any MX host listed
in DNS, and to match the server certificate against any STS
policy MX host pattern.
* The corrected behavior is to connect to an MX host only if
its name matches any STS policy MX host pattern, and to
match the server certificate against the MX hostname.
The corrected behavior must be enabled in two places: in Postfix
with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default:
"yes") and in an MTA-STS plugin by enabling TLSRPT support, so
that the plugin forwards STS policy attributes to Postfix. This
works even if Postfix TLSRPT support is disabled at build time
or at runtime.
* TLSRPT Workaround: when a TLSRPT policy-type value is
"no-policy-found", pretend that the TLSRPT policy domain value
is equal to the recipient domain. This ignores that different
policy types (TLSA, STS) use different policy domains. But this
is what Microsoft does, and therefore, what other tools expect.
* Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP
client's connection reuse logic did not distinguish between
sessions that require SMTPUTF8 support, and sessions that do
not. The solution is 1) to store sessions with different SMTPUTF8
requirements under distinct connection cache storage keys, and
2) to not cache a connection when SMTPUTF8 is required but the
server does not support that feature.
* Bugfix (defect introduced: Postfix 3.0, date 20140731): the
smtpd 'disconnect' command statistics did not count commands
with "bad syntax" and "bad UTF-8 syntax" errors.
* Bugfix: the August 2025 patch broke DBM library support which
is still needed on Solaris; and the same change could result
in warnings with "database X is older than source file Y".
* Postfix 3.11 forward compatibility: to avoid ugly warnings when
Postfix 3.11 is rolled back to an older version, allow a
preliminary 'size' record in maildrop queue files created with
Postfix 3.11 or later.
* Bugfix (defect introduced: Postfix 3.8, date 20220128):
non-reproducible build, because the 'postconf -e' output order
for new main.cf entries was no longer deterministic. Problem
reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
* To make builds predictable, add missing meta_directory and
shlib_directory settings to the stock main.cf file. Problem
diagnosed by Eray Aslan.
* Bugfix (defect introduced: Postfix 3.9, date 20230517):
posttls-finger(1) logged an incorrectly-formatted port number.
Viktor Dukhovni.
- rebase postfix-bdb-main.cf.patch
- adapt rpmlint
o dir-or-file-outside-snapshot
-------------------------------------------------------------------
Tue Aug 19 17:45:58 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.4
* Fixes for postscreen(8):
- Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen.
- Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting.
* Fixes for tlsproxy(8):
- Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps).
- Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request.
* Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
* Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
* Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
* Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern.
-------------------------------------------------------------------
Sun Aug 3 20:30:23 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.3
* Bugfix (defect introduced: Postfix-3.10, date 20250117): include
the current TLS security level in the SMTP connection cache
lookup key for lookups by next-hop destination, to avoid reusing
the same SMTP connection when sending messages with and without
a "TLS-Required: no" header. Likewise, include the current TLS
security level in the TLS session lookup key, to avoid reusing
the same TLS session info when sending messages with and without
a "TLS-Required: no" header.
* Bugfix (defect introduced: Postfix-3.10, date 20250117): the
Postfix SMTP client attempted to look up TLSA records even with
"TLS-Required: no". This could result in unnecessary failures.
-------------------------------------------------------------------
Mon Jun 2 10:41:43 UTC 2025 - Peter Varkoly <varkoly@suse.com>

136
postfix-bdb.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package postfix-bdb
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -41,12 +41,7 @@
%define vmdir /srv/maildirs
%endif
%define mail_group mail
%define conf_backup_dir %{_localstatedir}/adm/backup/postfix
%define unitdir %{_prefix}/lib/systemd
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} )
%bcond_without lmdb
%else
@@ -59,7 +54,7 @@
%endif
%bcond_without ldap
Name: postfix-bdb
Version: 3.10.2
Version: 3.10.7
Release: 0
Summary: A fast, secure, and flexible mailer
License: EPL-2.0 OR IPL-1.0
@@ -78,8 +73,6 @@ Source13: postfix-vmail-user.conf
Patch1: postfix-no-md5.patch
Patch2: pointer_to_literals.patch
Patch3: ipv6_disabled.patch
Patch4: postfix-bdb-main.cf.patch
Patch5: postfix-master.cf.patch
Patch6: postfix-linux45.patch
Patch7: postfix-ssl-release-buffers.patch
Patch8: postfix-vda-v14-3.0.3.patch
@@ -108,8 +101,7 @@ BuildRequires: zlib-devel
BuildRequires: pkgconfig(systemd)
Requires: iproute2
Requires(post): permissions
Requires(pre): %fillup_prereq
Requires(pre): permissions
Conflicts: exim
Conflicts: postfix
Conflicts: sendmail
@@ -133,14 +125,9 @@ Requires(pre): shadow
Requires: /usr/bin/cmp
# /usr/lib/postfix/bin//post-install: line 667: ed: command not found
Requires(pre): /usr/bin/ed
Requires(preun):/usr/bin/ed
Requires(preun): /usr/bin/ed
Requires(post): /usr/bin/ed
Requires(postun):/usr/bin/ed
# /usr/sbin/config.postfix needs perl
Requires(pre): perl
Requires(preun):perl
Requires(post): perl
Requires(postun):perl
Requires(postun): /usr/bin/ed
%description
Postfix aims to be an alternative to the widely-used sendmail program with bdb support
@@ -172,10 +159,6 @@ unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLI
export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC"
%if 0%{?suse_version} >= 1600
export CCARGS="${CCARGS} -std=gnu17"
%endif
%ifarch s390 s390x ppc
export CCARGS="${CCARGS} -fsigned-char"
%endif
@@ -266,6 +249,8 @@ cp lib/libpostfix-* %{buildroot}/%{_libdir}
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir}
sh postfix-install -non-interactive \
install_root=%{buildroot} \
shlib_directory=%{_prefix}/lib/postfix \
meta_directory=%{_prefix}/lib/postfix \
config_directory=%{pf_config_directory} \
daemon_directory=%{pf_daemon_directory} \
command_directory=%{pf_command_directory} \
@@ -282,10 +267,8 @@ for i in qmqp-source smtp-sink smtp-source; do
install -m 755 bin/$i %{buildroot}%{_sbindir}/$i
done
mkdir -p %{buildroot}/sbin/conf.d
mkdir -p %{buildroot}%{_sysconfdir}/permissions.d
mkdir -p %{buildroot}/%{_libdir}/sasl2
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/%{conf_backup_dir}
mkdir -p %{buildroot}/%{pf_sample_directory}
mkdir -p %{buildroot}/%{pf_html_directory}
mkdir -p %{buildroot}%{_includedir}/postfix
@@ -296,46 +279,12 @@ mkdir -p %{buildroot}%{_includedir}/postfix
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
install -m 644 postfix-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp
%endif
mkdir -p %{buildroot}%{_fillupdir}
sed -e 's;@lib@;%{_lib};g' postfix-SUSE/sysconfig.postfix > %{buildroot}%{_fillupdir}/sysconfig.postfix
install -m 644 postfix-SUSE/sysconfig.mail-postfix %{buildroot}%{_fillupdir}/sysconfig.mail-postfix
sed -e 's;@lib@;%{_lib};g' \
-e 's;@conf_backup_dir@;%{conf_backup_dir};' \
-e 's;@daemon_directory@;%{pf_daemon_directory};' \
-e 's;@readme_directory@;%{pf_readme_directory};' \
-e 's;@html_directory@;%{pf_html_directory};' \
-e 's;@sendmail_path@;%{pf_sendmail_path};' \
-e 's;@setgid_group@;%{pf_setgid_group};' \
-e 's;@manpage_directory@;%{_mandir};' \
-e 's;@newaliases_path@;%{pf_newaliases_path};' \
-e 's;@sample_directory@;%{pf_sample_directory};' \
-e 's;@mailq_path@;%{pf_mailq_path};' postfix-SUSE/config.postfix > %{buildroot}%{_sbindir}/config.postfix
chmod 755 %{buildroot}%{_sbindir}/config.postfix
install -m 644 postfix-SUSE/dynamicmaps.cf %{buildroot}%{_sysconfdir}/postfix/dynamicmaps.cf
install -m 644 postfix-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/postfix/ldap_aliases.cf
install -m 644 postfix-SUSE/helo_access %{buildroot}%{_sysconfdir}/postfix/helo_access
install -m 644 postfix-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/postfix
install -m 644 postfix-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/postfix/sender_canonical
install -m 644 postfix-SUSE/relay %{buildroot}%{_sysconfdir}/postfix/relay
install -m 644 postfix-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/postfix/relay_ccerts
install -m 600 postfix-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/postfix/sasl_passwd
mkdir -p %{buildroot}%{_sysconfdir}/sasl2
mkdir -p %{buildroot}%{_sysconfdir}/permissions.d
install -pm 0644 postfix-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/postfix
install -pm 0644 postfix-SUSE/permissions.paranoid %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid
install -m 600 postfix-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf
install -m 644 postfix-SUSE/openssl_postfix.conf.in %{buildroot}%{_sysconfdir}/postfix/openssl_postfix.conf.in
install -m 755 postfix-SUSE/mkpostfixcert %{buildroot}%{_sbindir}/mkpostfixcert
{
cat<<EOF
#
# -----------------------------------------------------------------------
# NOTE: Many parameters have already been added to the end of this file
# by config.postfix. So take care that you don't uncomment
# and set a parameter without checking whether it has been added
# to the end of this file.
# -----------------------------------------------------------------------
#
EOF
cat conf/main.cf
} > %{buildroot}%{_sysconfdir}/postfix/main.cf
%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/postfix \
-e "manpage_directory = %{_mandir}" \
"setgid_group = %{pf_setgid_group}" \
@@ -351,10 +300,6 @@ cat conf/main.cf
"disable_vrfy_command = yes" \
'smtpd_banner = $myhostname ESMTP'
#Set Permissions
install -m 644 postfix-SUSE/postfix-files %{buildroot}%{pf_shlib_directory}/postfix-files
# create paranoid permissions file
printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid
printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid
install -m 644 include/*.h %{buildroot}%{_includedir}/postfix/
# some rpmlint stuff
# remove unneeded examples/chroot-setup
@@ -373,11 +318,8 @@ rm -f %{buildroot}%{_sysconfdir}/postfix/*.orig
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{pf_shlib_directory}/systemd
install -m 0644 postfix-SUSE/postfix.service %{buildroot}%{_unitdir}/postfix.service
install -m 0755 postfix-SUSE/config_postfix.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_postfix
install -m 0755 postfix-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot
install -m 0755 postfix-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps
install -m 0755 postfix-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr
install -m 0755 postfix-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp
%if 0%{?suse_version} < 1599
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcpostfix
%endif
@@ -400,7 +342,6 @@ install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/
%endif
#Clean up for postfix-bdb
rm -rf %{buildroot}/etc/postfix/ldap_aliases.cf
rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-ldap.so-3.5.8-2.11.1.x86_64.debug
rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-mysql.so-3.5.8-2.11.1.x86_64.debug
rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-pgsql.so-3.5.8-2.11.1.x86_64.debug
@@ -443,35 +384,18 @@ fi
# ---------------------------------------------------------------------------
%post
# We never have to run suseconfig for postfix after installation
# We only start postfix own upgrade-configuration by update
if [ ${1:-0} -gt 1 ]; then
touch %{_localstatedir}/adm/postfix.configured
echo "Executing upgrade-configuration."
%{_sbindir}/postfix set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || :
if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then
%{_sbindir}/postconf daemon_directory=%{pf_daemon_directory}
fi
fi
%service_add_post postfix.service
/sbin/ldconfig
%set_permissions %{_sbindir}/postdrop
%set_permissions %{_sbindir}/postlog
%set_permissions %{_sbindir}/postqueue
%set_permissions %{_sysconfdir}/postfix/sasl_passwd
%set_permissions %{_sbindir}/sendmail
%{fillup_only postfix}
%{fillup_only -an mail}
/sbin/ldconfig
%set_permissions /var/spool/mail/
%verifyscript
%verify_permissions -e %{_sbindir}/postdrop
%verify_permissions -e %{_sbindir}/postlog
%verify_permissions -e %{_sbindir}/postqueue
%verify_permissions -e %{_sysconfdir}/postfix/sasl_passwd
%verify_permissions -e %{_sbindir}/sendmail
%verify_permissions %{_sbindir}/postdrop
%verify_permissions %{_sbindir}/postlog
%verify_permissions %{_sbindir}/postqueue
%verify_permissions -e /var/spool/mail/
%postun
%service_del_postun postfix.service
@@ -487,28 +411,13 @@ fi
%else
%config %{_sysconfdir}/pam.d/*
%endif
%{_fillupdir}/sysconfig.postfix
%{_fillupdir}/sysconfig.mail-postfix
%dir %{_sysconfdir}/postfix
%config %{_sysconfdir}/postfix/main.cf.default
%config(noreplace) %{_sysconfdir}/postfix/[^mysql]*[^mysql]
%config(noreplace) %{_sysconfdir}/postfix/access
%config(noreplace) %{_sysconfdir}/postfix/aliases
%config(noreplace) %{_sysconfdir}/postfix/canonical
%config(noreplace) %{_sysconfdir}/postfix/header_checks
%config(noreplace) %{_sysconfdir}/postfix/helo_access
%config(noreplace) %{_sysconfdir}/postfix/main.cf
%config(noreplace) %{_sysconfdir}/postfix/master.cf
%exclude %{_sysconfdir}/postfix/*mysql*
%config(noreplace) %{_sysconfdir}/postfix/*
%attr(0750,root,root) %config %{_sysconfdir}/postfix/post-install
%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-tls-script
%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-wrapper
%attr(0750,root,root) %config %{_sysconfdir}/postfix/postmulti-script
%config(noreplace) %{_sysconfdir}/postfix/postfix-files
%config(noreplace) %{_sysconfdir}/postfix/relay
%config(noreplace) %{_sysconfdir}/postfix/relay_ccerts
%config(noreplace) %{_sysconfdir}/postfix/sasl_passwd
%config(noreplace) %{_sysconfdir}/postfix/sender_canonical
%config(noreplace) %{_sysconfdir}/postfix/virtual
%dir %{_sysconfdir}/sasl2
%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf
@@ -525,11 +434,11 @@ fi
%dir %{pf_shlib_directory}/systemd
%attr(0755,root,root) %{pf_shlib_directory}/systemd/*
%{_unitdir}/postfix.service
%{_bindir}/*
%{_bindir}/mailq
%{_bindir}/newaliases
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postlog
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue
%attr(0755,root,root) %{_sbindir}/config.postfix
%attr(0755,root,root) %{_sbindir}/sendmail
%attr(0755,root,root) %{_sbindir}/postalias
%attr(0755,root,root) %{_sbindir}/postcat
@@ -545,9 +454,7 @@ fi
%attr(0755,root,root) %{_sbindir}/qmqp-source
%attr(0755,root,root) %{_sbindir}/smtp-sink
%attr(0755,root,root) %{_sbindir}/smtp-source
%attr(0755,root,root) %{_sbindir}/mkpostfixcert
%attr(0755,root,root) %{_sbindir}/check_mail_queue
%attr(0755,root,root) %{_sbindir}/config.postfix
%if 0%{?suse_version} < 1599
%{_sbindir}/rcpostfix
%endif
@@ -564,7 +471,6 @@ fi
%{pf_shlib_directory}/main.cf.proto
%{pf_shlib_directory}/master.cf.proto
%{conf_backup_dir}
%dir %attr(0700,postfix,root) %{pf_data_directory}
%exclude %{_mandir}/man5/ldap_table.5*
%exclude %{_mandir}/man5/lmdb_table.5*

211
postfix-main.cf.patch
View File

@@ -1,211 +0,0 @@
--- conf/main.cf.orig 2025-05-21 13:20:29.531943251 +0200
+++ conf/main.cf 2025-05-21 13:22:12.037043281 +0200
@@ -285,7 +285,7 @@ unknown_local_recipient_reject_code = 55
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
-#mynetworks = hash:/etc/postfix/network_table
+#mynetworks = lmdb:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
@@ -352,7 +352,7 @@ unknown_local_recipient_reject_code = 55
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
-#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
@@ -407,8 +407,8 @@ unknown_local_recipient_reject_code = 55
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
-#alias_maps = hash:/etc/aliases
-#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = lmdb:/etc/aliases
+#alias_maps = lmdb:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
@@ -418,8 +418,8 @@ unknown_local_recipient_reject_code = 55
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
-#alias_database = hash:/etc/aliases
-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+#alias_database = lmdb:/etc/aliases
+#alias_database = lmdb:/etc/aliases, lmdb:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+smtpd_banner = $myhostname ESMTP
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
@@ -682,4 +683,160 @@ sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
+
+############################################################
+#
+# before changing values manually consider editing
+# /etc/sysconfig/postfix
+# and run
+# config.postfix
+#
+# if you miss a feature of config.postfix then just send a
+# mail to chris@computersalat.de
+# patches for new feature(s) are also welcome :)
+#
+############################################################
+
+biff = no
+content_filter =
+delay_warning_time = 0h
+smtp_dns_support_level = enabled
+disable_mime_output_conversion = no
+disable_vrfy_command = yes
+inet_interfaces = all
inet_protocols = ipv4
+masquerade_classes = envelope_sender, header_sender, header_recipient
+masquerade_domains =
+masquerade_exceptions =
+mydestination = $myhostname, localhost.$mydomain, localhost
+mynetworks_style = subnet
+relayhost =
+
+alias_maps =
+canonical_maps =
+relocated_maps =
+sender_canonical_maps =
+transport_maps =
+mail_spool_directory = /var/mail
+message_strip_characters =
+defer_transports =
+mailbox_command =
+mailbox_transport =
+mailbox_size_limit = 0
+message_size_limit = 0
+strict_8bitmime = no
+strict_rfc821_envelopes = no
+smtpd_delay_reject = yes
+smtpd_helo_required = no
+
+smtpd_client_restrictions =
+
+smtpd_helo_restrictions =
+
+smtpd_sender_restrictions =
+
+smtpd_recipient_restrictions =
+
+
+######################################################################
+# SMTP Smuggling (CVE-2023-51764)
+# no: allows SMTP smuggling
+# yes / normalize :
+# but allow local clients with non-standard SMTP implementations
+# such as netcat, fax machines, or load balancer health checks.
+# reject:
+# rejects a command or message that contains a bare newline
+######################################################################
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+#smtpd_forbid_bare_newline_reject_code = 521
+
+############################################################
+# SASL stuff
+############################################################
+smtp_sasl_auth_enable = no
+smtp_sasl_security_options =
+smtp_sasl_password_maps =
+smtpd_sasl_auth_enable = no
+# cyrus : smtpd_sasl_type = cyrus
+# smtpd_sasl_path = smtpd
+# dovecot : smtpd_sasl_type = dovecot
+# smtpd_sasl_path = private/auth
+smtpd_sasl_type = cyrus
+smtpd_sasl_path = smtpd
+############################################################
+# TLS stuff
+############################################################
+#tls_append_default_CA = no
+relay_clientcerts =
+#tls_random_source = dev:/dev/urandom
+
+#smtp_tls_loglevel = 0
+smtp_tls_security_level =
+smtp_tls_CAfile =
+smtp_tls_CApath =
+smtp_tls_cert_file =
+smtp_tls_key_file =
+#smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy
+#smtp_tls_session_cache_timeout = 3600s
+smtp_tls_session_cache_database =
+
+#smtpd_tls_loglevel = 0
+smtpd_tls_security_level =
+smtpd_tls_CAfile =
+smtpd_tls_CApath =
+smtpd_tls_cert_file =
+smtpd_tls_key_file =
+smtpd_tls_ask_ccert = no
+smtpd_tls_exclude_ciphers = RC4
+smtpd_tls_received_header = no
+############################################################
+# OpenDKIM
+############################################################
+#smtpd_milters = unix:/run/opendkim/opendkim.sock
+#non_smtpd_milters = $smtpd_milters
+#milter_default_action = accept
+#milter_protocol = 2
+############################################################
+# Start MySQL from postfixwiki.org
+############################################################
+relay_domains = $mydestination, lmdb:/etc/postfix/relay
+#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients
+#virtual_alias_domains =
+#virtual_alias_maps = lmdb:/etc/postfix/virtual
+#virtual_uid_maps = static:303
+#virtual_gid_maps = static:303
+#virtual_minimum_uid = 303
+#virtual_mailbox_base = /srv/maildirs
+#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
+#virtual_mailbox_limit = 0
+#virtual_mailbox_limit_inbox = no
+#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
+## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/lmtp-dovecot'
+#virtual_transport = virtual
+## Additional for quota support
+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
+#virtual_mailbox_limit_override = yes
+### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
+#virtual_maildir_filter = yes
+#virtual_maildir_filter_maps = lmdb:/etc/postfix/vfilter
+#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
+#virtual_maildir_limit_message_maps = lmdb:/etc/postfix/vmsg
+#virtual_overquota_bounce = yes
+#virtual_trash_count = yes
+#virtual_trash_name = ".Trash"
+############################################################
+# End MySQL from postfixwiki.org
+############################################################
+# Rewrite reject codes
+############################################################
+#unknown_address_reject_code = 550
+#unknown_client_reject_code = 550
+#unknown_hostname_reject_code = 550
+#unverified_recipient_reject_code = 550
+#unverified_sender_reject_code = 550
+#soft_bounce = yes
+############################################################
+#debug_peer_list = example.com
+#debug_peer_level = 3
+

121
postfix-master.cf.patch
View File

@@ -1,121 +0,0 @@
Index: conf/master.cf
===================================================================
--- conf/master.cf.orig
+++ conf/master.cf
@@ -10,6 +10,11 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
+#amavis unix - - n - 4 smtp
+# -o smtp_data_done_timeout=1200
+# -o smtp_send_xforward_command=yes
+# -o smtp_dns_support_level=disabled
+# -o max_use=20
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
@@ -17,34 +22,36 @@ smtp inet n - n
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_forbid_unauth_pipelining=no
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_tls_auth_only=yes
-# -o local_header_rewrite_clients=static:all
-# -o smtpd_hide_client_session=yes
-# -o smtpd_reject_unlisted_recipient=no
+# -o syslog_name=postfix/submission
+# -o smtpd_forbid_unauth_pipelining=no
+# -o smtpd_tls_security_level=encrypt
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_tls_auth_only=yes
+# -o local_header_rewrite_clients=static:all
+# -o smtpd_hide_client_session=yes
+# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-# -o smtpd_client_restrictions=
-# -o smtpd_helo_restrictions=
-# -o smtpd_sender_restrictions=
-# -o smtpd_relay_restrictions=
-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
-# -o syslog_name=postfix/submissions
-# -o smtpd_forbid_unauth_pipelining=no
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o local_header_rewrite_clients=static:all
-# -o smtpd_hide_client_session=yes
-# -o smtpd_reject_unlisted_recipient=no
+# -o syslog_name=postfix/submissions
+# -o smtpd_forbid_unauth_pipelining=no
+# -o smtpd_tls_wrappermode=yes
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o local_header_rewrite_clients=static:all
+# -o smtpd_hide_client_session=yes
+# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
@@ -83,6 +90,26 @@ lmtp unix - - n
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
+#localhost:10025 inet n - n - - smtpd
+# -o content_filter=
+# -o smtpd_delay_reject=no
+# -o smtpd_client_restrictions=permit_mynetworks,reject
+# -o smtpd_helo_restrictions=
+# -o smtpd_sender_restrictions=
+# -o smtpd_recipient_restrictions=permit_mynetworks,reject
+# -o smtpd_data_restrictions=reject_unauth_pipelining
+# -o smtpd_end_of_data_restrictions=
+# -o smtpd_restriction_classes=
+# -o mynetworks=127.0.0.0/8
+# -o smtpd_error_sleep_time=0
+# -o smtpd_soft_error_limit=1001
+# -o smtpd_hard_error_limit=1000
+# -o smtpd_client_connection_count_limit=0
+# -o smtpd_client_connection_rate_limit=0
+# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
+# -o local_header_rewrite_clients=
+# -o local_recipient_maps=
+# -o relay_recipient_maps=
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -116,7 +143,7 @@ postlog unix-dgram n - n
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+# flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
@@ -149,3 +176,10 @@ postlog unix-dgram n - n
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
+#
+#procmail unix - n n - - pipe
+# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
+#
+#dovecot unix - n n - - pipe
+# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
+#

12
postfix-rpmlintrc
View File

@@ -1,7 +1,7 @@
sddFilter("executable-sourced-script .*/sbin/conf.d/SuSEconfig.postfix")
addFilter("sourced-script-with-shebang .*/sbin/conf.d/SuSEconfig.postfix")
addFilter("devel-file-in-non-devel-package .*/usr/lib/libpostfix*.so")
addFilter("devel-file-in-non-devel-package .*/usr/lib64/libpostfix*.so")
addFilter(".*standard-dir-owned-by-package.*/var/spool/mail.*")
addFilter("dir-or-file-outside-snapshot /var/adm/backup/postfix")
addFilter("dir-or-file-outside-snapshot /var/lib/postfix")
addFilter("dir-or-file-outside-snapshot /var/mail")
addFilter("dir-or-file-outside-snapshot /var/spool/mail")
addFilter("dir-or-file-outside-snapshot /var/spool/postfix")
addFilter("non-standard-dir-in-var*")
addFilter(".*[WE]:.*filelist-forbidden-fhs23.*/var/mail.*")

202
postfix.changes
View File

@@ -1,3 +1,205 @@
-------------------------------------------------------------------
Sun Dec 21 20:52:29 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- (jsc#PED-14859) Fix packages for Immutable Mode - postfix
-------------------------------------------------------------------
Sun Dec 14 18:45:30 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- Put /etc/permissions.d/postfix.paranoid into the postfix-SUSE.tar.gz
-------------------------------------------------------------------
Thu Dec 11 13:06:30 UTC 2025 - Stefan Botter <obs@botter.cc>
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
-------------------------------------------------------------------
Wed Dec 10 20:00:47 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.7
* This patch addresses build errors on recent Linux distributions.
With the patch, Postfix builds will run the compiler with a
backwards compatibility option that is supported by Gcc and Clang.
For other compilers, an error message provides hints.
-------------------------------------------------------------------
Wed Dec 10 14:35:23 UTC 2025 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Add /var/spool/mail to the permissions.d drop-in. This directory used to be
whitelisted globally in the permissions package but an update for the exim
mail server changed that (bsc#1254597 bsc#1240755).
- Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534.
-------------------------------------------------------------------
Fri Dec 5 09:37:39 UTC 2025 - Peter Varkoly <varkoly@suse.com>
- postfix is unable to send mail by default (bsc#1253775)
o Clean up the package
* Get rid of config.postfix script to avoid unintentional changes
of the configuration. The sysconfig files mail and postfix
were removed also.
* Deliver the original main.cf and master.cf
* Remove a lot of deprecated stuff from the package.
* Remove the ExecStartPre scripts to maintain the postmaps
and the chroot environment.
* A new ExecStartPre script manages the default alias map which
is part of the default configuration of postfix.
/sbin/postalias /etc/aliases
* Do not use the permissions framework. A new ExecStartPre script
takes care of the right permissions: /usr/sbin/postfix set-permissions
* Remove mkpostfixcert
* Get rid of berkley db converting scripts
o Remove patches:
* postfix-master.cf.patch
* postfix-main.cf.patch
* postfix-bdb-main.cf.patch
-------------------------------------------------------------------
Wed Nov 26 19:27:24 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.6
* Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
* New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
* Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
* Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
* Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
-------------------------------------------------------------------
Mon Nov 10 19:31:34 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.5
* Workaround for an interface mis-match between the Postfix SMTP
client and MTA-STS policy plugins.
* The existing behavior is to connect to any MX host listed
in DNS, and to match the server certificate against any STS
policy MX host pattern.
* The corrected behavior is to connect to an MX host only if
its name matches any STS policy MX host pattern, and to
match the server certificate against the MX hostname.
The corrected behavior must be enabled in two places: in Postfix
with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default:
"yes") and in an MTA-STS plugin by enabling TLSRPT support, so
that the plugin forwards STS policy attributes to Postfix. This
works even if Postfix TLSRPT support is disabled at build time
or at runtime.
* TLSRPT Workaround: when a TLSRPT policy-type value is
"no-policy-found", pretend that the TLSRPT policy domain value
is equal to the recipient domain. This ignores that different
policy types (TLSA, STS) use different policy domains. But this
is what Microsoft does, and therefore, what other tools expect.
* Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP
client's connection reuse logic did not distinguish between
sessions that require SMTPUTF8 support, and sessions that do
not. The solution is 1) to store sessions with different SMTPUTF8
requirements under distinct connection cache storage keys, and
2) to not cache a connection when SMTPUTF8 is required but the
server does not support that feature.
* Bugfix (defect introduced: Postfix 3.0, date 20140731): the
smtpd 'disconnect' command statistics did not count commands
with "bad syntax" and "bad UTF-8 syntax" errors.
* Bugfix: the August 2025 patch broke DBM library support which
is still needed on Solaris; and the same change could result
in warnings with "database X is older than source file Y".
* Postfix 3.11 forward compatibility: to avoid ugly warnings when
Postfix 3.11 is rolled back to an older version, allow a
preliminary 'size' record in maildrop queue files created with
Postfix 3.11 or later.
* Bugfix (defect introduced: Postfix 3.8, date 20220128):
non-reproducible build, because the 'postconf -e' output order
for new main.cf entries was no longer deterministic. Problem
reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
* To make builds predictable, add missing meta_directory and
shlib_directory settings to the stock main.cf file. Problem
diagnosed by Eray Aslan.
* Bugfix (defect introduced: Postfix 3.9, date 20230517):
posttls-finger(1) logged an incorrectly-formatted port number.
Viktor Dukhovni.
- rebase postfix-main.cf.patch
- adapt rpmlint
o dir-or-file-outside-snapshot
-------------------------------------------------------------------
Tue Aug 19 17:45:58 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.4
* Fixes for postscreen(8):
- Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen.
- Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting.
* Fixes for tlsproxy(8):
- Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps).
- Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request.
* Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
* Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
* Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
* Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern.
-------------------------------------------------------------------
Sun Aug 3 20:30:23 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.10.3
* Bugfix (defect introduced: Postfix-3.10, date 20250117): include
the current TLS security level in the SMTP connection cache
lookup key for lookups by next-hop destination, to avoid reusing
the same SMTP connection when sending messages with and without
a "TLS-Required: no" header. Likewise, include the current TLS
security level in the TLS session lookup key, to avoid reusing
the same TLS session info when sending messages with and without
a "TLS-Required: no" header.
* Bugfix (defect introduced: Postfix-3.10, date 20250117): the
Postfix SMTP client attempted to look up TLSA records even with
"TLS-Required: no". This could result in unnecessary failures.
-------------------------------------------------------------------
Mon Jun 2 10:41:43 UTC 2025 - Peter Varkoly <varkoly@suse.com>

224
postfix.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package postfix
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,6 +21,8 @@
%define pf_daemon_directory %{_prefix}/lib/%{name}/bin/
%define _libexecdir %{_prefix}/lib
%define pf_shlib_directory %{_prefix}/lib/%{name}
%define pf_meta_directory %{_prefix}/lib/%{name}
%define pf_systemd_directory %{_prefix}/lib/%{name}/systemd
%define pf_command_directory %{_sbindir}
%define pf_queue_directory var/spool/%{name}
%define pf_sendmail_path %{_sbindir}/sendmail
@@ -33,12 +35,7 @@
%define pf_data_directory %{_localstatedir}/lib/%{name}
%define pf_database_convert %{_rundir}/%{name}-needs-convert
%define mail_group mail
%define conf_backup_dir %{_localstatedir}/adm/backup/%{name}
%define unitdir %{_prefix}/lib/systemd
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%if 0%{?suse_version} < 1599
%bcond_without libnsl
%else
@@ -46,7 +43,7 @@
%endif
%bcond_without ldap
Name: postfix
Version: 3.10.2
Version: 3.10.7
Release: 0
Summary: A fast, secure, and flexible mailer
License: EPL-2.0 OR IPL-1.0
@@ -64,8 +61,6 @@ Source13: postfix-vmail-user.conf
Patch1: %{name}-no-md5.patch
Patch2: pointer_to_literals.patch
Patch3: ipv6_disabled.patch
Patch4: %{name}-main.cf.patch
Patch5: %{name}-master.cf.patch
Patch6: %{name}-linux45.patch
Patch7: %{name}-ssl-release-buffers.patch
Patch8: %{name}-vda-v14-3.0.3.patch
@@ -93,9 +88,8 @@ BuildRequires: zlib-devel
BuildRequires: pkgconfig(systemd)
Requires: iproute2
Requires(post): permissions
Requires(pre): %fillup_prereq
Requires(pre): group(%{mail_group})
Requires(pre): permissions
Requires(pre): user(nobody)
Conflicts: exim
Conflicts: postfix-bdb
@@ -115,14 +109,9 @@ BuildRequires: libnsl-devel
Requires: /usr/bin/cmp
# /usr/lib/postfix/bin//post-install: line 667: ed: command not found
Requires(pre): /usr/bin/ed
Requires(preun):/usr/bin/ed
Requires(preun): /usr/bin/ed
Requires(post): /usr/bin/ed
Requires(postun):/usr/bin/ed
# /usr/sbin/config.postfix needs perl
Requires(pre): perl
Requires(preun):perl
Requires(post): perl
Requires(postun):perl
Requires(postun): /usr/bin/ed
%description
Postfix aims to be an alternative to the widely-used sendmail program.
@@ -149,7 +138,6 @@ This package contains the documentation for %{name}
Summary: Postfix plugin to support MySQL maps
Group: Productivity/Networking/Email/Servers
Requires(pre): %{name} = %{version}
%sysusers_requires
%if 0%{?suse_version} < 1550
Provides: group(vmail)
%endif
@@ -191,10 +179,6 @@ unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLI
export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC"
%if 0%{?suse_version} >= 1600
export CCARGS="${CCARGS} -std=gnu17"
%endif
%ifarch s390 s390x ppc
export CCARGS="${CCARGS} -fsigned-char"
%endif
@@ -273,14 +257,12 @@ export PIE=-pie
%install
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
# create our default postfix ssl DIR (/etc/postfix/ssl)
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/ssl/certs
# link cacerts to /etc/ssl/certs
ln -s ../../ssl/certs %{buildroot}%{_sysconfdir}/%{name}/ssl/cacerts
cp lib/lib%{name}-* %{buildroot}/%{_libdir}
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir}
sh postfix-install -non-interactive \
install_root=%{buildroot} \
shlib_directory=%{_prefix}/lib/%{name} \
meta_directory=%{_prefix}/lib/%{name} \
config_directory=%{pf_config_directory} \
daemon_directory=%{pf_daemon_directory} \
command_directory=%{pf_command_directory} \
@@ -300,7 +282,6 @@ mkdir -p %{buildroot}/sbin/conf.d
mkdir -p %{buildroot}%{_sysconfdir}/permissions.d
mkdir -p %{buildroot}/%{_libdir}/sasl2
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/%{conf_backup_dir}
mkdir -p %{buildroot}/%{pf_sample_directory}
mkdir -p %{buildroot}/%{pf_html_directory}
mkdir -p %{buildroot}%{_includedir}/%{name}
@@ -314,46 +295,8 @@ mkdir -p %{buildroot}%{_includedir}/%{name}
mkdir -p %{buildroot}/%{pf_queue_directory}
mkdir -p %{buildroot}/var/spool/mail
ln -s spool/mail %{buildroot}/var/mail
mkdir -p %{buildroot}%{_fillupdir}
sed -e 's;@lib@;%{_lib};g' %{name}-SUSE/sysconfig.%{name} > %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -pm 0644 %{name}-SUSE/sysconfig.mail-%{name} %{buildroot}%{_fillupdir}/sysconfig.mail-%{name}
sed -e 's;@lib@;%{_lib};g' \
-e 's;@conf_backup_dir@;%{conf_backup_dir};' \
-e 's;@daemon_directory@;%{pf_daemon_directory};' \
-e 's;@readme_directory@;%{pf_readme_directory};' \
-e 's;@html_directory@;%{pf_html_directory};' \
-e 's;@sendmail_path@;%{pf_sendmail_path};' \
-e 's;@setgid_group@;%{pf_setgid_group};' \
-e 's;@manpage_directory@;%{_mandir};' \
-e 's;@newaliases_path@;%{pf_newaliases_path};' \
-e 's;@sample_directory@;%{pf_sample_directory};' \
-e 's;@mailq_path@;%{pf_mailq_path};' %{name}-SUSE/config.%{name} > %{buildroot}%{_sbindir}/config.%{name}
chmod 0755 %{buildroot}%{_sbindir}/config.%{name}
install -pm 0644 %{name}-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/%{name}/ldap_aliases.cf
install -pm 0644 %{name}-SUSE/helo_access %{buildroot}%{_sysconfdir}/%{name}/helo_access
install -pm 0644 %{name}-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -pm 0644 %{name}-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/%{name}/sender_canonical
install -pm 0644 %{name}-SUSE/relay %{buildroot}%{_sysconfdir}/%{name}/relay
install -pm 0644 %{name}-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/%{name}/relay_ccerts
install -pm 0644 %{name}-SUSE/relay_recipients %{buildroot}%{_sysconfdir}/%{name}/relay_recipients
install -pm 0600 %{name}-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/%{name}/sasl_passwd
mkdir -p %{buildroot}%{_sysconfdir}/sasl2
install -pm 0600 %{name}-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf
install -pm 0644 %{name}-SUSE/openssl_%{name}.conf.in %{buildroot}%{_sysconfdir}/%{name}/openssl_%{name}.conf.in
install -pm 0755 %{name}-SUSE/mk%{name}cert %{buildroot}%{_sbindir}/mk%{name}cert
{
cat<<EOF
#
# -----------------------------------------------------------------------
# NOTE: Many parameters have already been added to the end of this file
# by config.postfix. So take care that you don't uncomment
# and set a parameter without checking whether it has been added
# to the end of this file.
# -----------------------------------------------------------------------
#
EOF
cat conf/main.cf
} > %{buildroot}%{_sysconfdir}/%{name}/main.cf
%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/%{name} \
-e "manpage_directory = %{_mandir}" \
"setgid_group = %{pf_setgid_group}" \
@@ -369,6 +312,8 @@ cat conf/main.cf
"disable_vrfy_command = yes" \
'smtpd_banner = $myhostname ESMTP'
#Set Permissions
install -pm 0644 %{name}-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -pm 0644 %{name}-SUSE/permissions.paranoid %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid
sed -i -e 's/\(.*ldap.*\)/#\1/g' \
-e 's/\(.*mysql.*\)/#\1/g' \
-e 's/\(.*pgsql.*\)/#\1/g' \
@@ -376,14 +321,11 @@ sed -i -e 's/\(.*ldap.*\)/#\1/g' \
-e '/html_directory/d' \
-e '/manpage_directory/d' \
-e '/readme_directory/d' \
%{buildroot}%{pf_shlib_directory}/postfix-files
mkdir -p %{buildroot}%{pf_shlib_directory}/postfix-files.d
%{buildroot}%{pf_meta_directory}/postfix-files
mkdir -p %{buildroot}%{pf_meta_directory}/postfix-files.d
# postfix-mysql
install -pm 0644 %{name}-mysql/main.cf-mysql %{buildroot}%{_sysconfdir}/%{name}/main.cf-mysql
install -pm 0640 %{name}-mysql/*_maps.cf %{buildroot}%{_sysconfdir}/%{name}/
# create paranoid permissions file
printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid
printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid
install -pm 0644 include/*.h %{buildroot}%{_includedir}/%{name}/
# some rpmlint stuff
# remove unneeded examples/chroot-setup
@@ -400,13 +342,9 @@ mantools/srctoman - auxiliary/qshape/qshape.pl > %{buildroot}%{_mandir}/man1/qsh
# Fix build for Leap 42.3.
rm -f %{buildroot}%{_sysconfdir}/%{name}/*.orig
mkdir -p %{buildroot}%{_unitdir}/mail-transfer-agent.target.wants/
mkdir -p %{buildroot}%{pf_shlib_directory}/systemd
mkdir -p %{buildroot}%{pf_systemd_directory}
install -pm 0644 %{name}-SUSE/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -pm 0755 %{name}-SUSE/config_%{name}.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_%{name}
install -pm 0755 %{name}-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot
install -pm 0755 %{name}-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps
install -pm 0755 %{name}-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr
install -pm 0755 %{name}-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp
install -pm 0755 %{name}-SUSE/wait_qmgr.systemd %{buildroot}%{pf_systemd_directory}/wait_qmgr
%if 0%{?suse_version} < 1599
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%endif
@@ -423,13 +361,13 @@ do
done
# create dynamicmaps.cf.d entries for optional modules
sed -n -e '/^#/p' -e '/mysql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf
sed -i -e '/mysql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf
sed -n -e '/^#/p' -e '/pgsql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf
sed -i -e '/pgsql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf
sed -n -e '/^#/p' -e '/mysql/p' %{buildroot}%{pf_meta_directory}/dynamicmaps.cf > %{buildroot}%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-mysql.cf
sed -i -e '/mysql/d' %{buildroot}%{pf_meta_directory}/dynamicmaps.cf
sed -n -e '/^#/p' -e '/pgsql/p' %{buildroot}%{pf_meta_directory}/dynamicmaps.cf > %{buildroot}%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf
sed -i -e '/pgsql/d' %{buildroot}%{pf_meta_directory}/dynamicmaps.cf
%if %{with ldap}
sed -n -e '/^#/p' -e "/ldap/p" %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf
sed -i -e '/ldap/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf
sed -n -e '/^#/p' -e "/ldap/p" %{buildroot}%{pf_meta_directory}/dynamicmaps.cf > %{buildroot}%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-ldap.cf
sed -i -e '/ldap/d' %{buildroot}%{pf_meta_directory}/dynamicmaps.cf
%endif
install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/
@@ -443,67 +381,27 @@ install -m 755 bin/posttls-finger %{buildroot}%{_sbindir}/
# ---------------------------------------------------------------------------
%pre -f postfix.pre
# If existing default database type is hash, we need to convert the
# databases because hash (and btree) is no longer supported after
# the upgrade
if [ -x %{_sbindir}/postconf ]; then
DEF_DB_TYPE=$(postconf default_database_type)
case $DEF_DB_TYPE in *hash)
touch %{pf_database_convert}
esac
fi
%service_add_pre %{name}.service
%preun
%service_del_preun %{name}.service
%post
# We never have to run suseconfig for postfix after installation
# We only start postfix own upgrade-configuration by update
#
# If the default database type of the previous installation was
# hash, we also need to rebuild the databases in the new lmdb
# format
if [ ${1:-0} -gt 1 ]; then
touch %{_localstatedir}/adm/%{name}.configured
echo "Executing upgrade-configuration."
%{_sbindir}/%{name} set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || :
if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then
%{_sbindir}/postconf daemon_directory=%{pf_daemon_directory}
fi
if [ -e %{pf_database_convert} ]; then
sed -i -E "s/(btree|hash):/lmdb:/g" %{pf_config_directory}/{main.cf,master.cf}
for i in $(find %{pf_config_directory} -name "*.db"); do
postmap ${i%.db}
done
for i in $(find %{_sysconfdir}/aliases.d/ -name "*.db"); do
postalias ${i%.db}
done
if [ -e %{_sysconfdir}/aliases.db ]; then
postalias %{_sysconfdir}/aliases
fi
rm %{pf_database_convert}
fi
fi
%service_add_post %{name}.service
%set_permissions %{_sbindir}/postdrop
%set_permissions %{_sbindir}/postlog
%set_permissions %{_sbindir}/postqueue
%set_permissions %{_sysconfdir}/%{name}/sasl_passwd
%set_permissions %{_sbindir}/sendmail
%{fillup_only postfix}
%{fillup_only -an mail}
%service_add_post %{name}.service
%set_permissions /var/spool/mail/
%verifyscript
%verify_permissions %{_sbindir}/postdrop
%verify_permissions %{_sbindir}/postlog
%verify_permissions %{_sbindir}/postqueue
%verify_permissions -e /var/spool/mail/
%postun
%service_del_postun %{name}.service
%verifyscript
%verify_permissions -e %{_sbindir}/postdrop
%verify_permissions -e %{_sbindir}/postlog
%verify_permissions -e %{_sbindir}/postqueue
%verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd
%verify_permissions -e %{_sbindir}/sendmail
# ---------------------------------------------------------------------------
%pre mysql -f vmail.pre
@@ -520,50 +418,35 @@ fi
%files
%license LICENSE TLS_LICENSE
%doc RELEASE_NOTES
%exclude %{_sysconfdir}/%{name}/*mysql*
%exclude %{_sysconfdir}/%{name}/LICENSE
%exclude %{_sysconfdir}/%{name}/TLS_LICENSE
%exclude %{_mandir}/man5/ldap_table.5*
%exclude %{_mandir}/man5/mysql_table.5*
%exclude %{_mandir}/man5/pgsql_table.5*
%if 0%{?suse_version} >= 1600
%{_pam_vendordir}/smtp
%else
%config %{_sysconfdir}/pam.d/*
%endif
%{_fillupdir}/sysconfig.%{name}
%{_fillupdir}/sysconfig.mail-%{name}
%dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/main.cf.default
%config(noreplace) %{_sysconfdir}/%{name}/[^mysql]*[^mysql]
%config(noreplace) %{_sysconfdir}/%{name}/access
%config(noreplace) %{_sysconfdir}/%{name}/aliases
%config(noreplace) %{_sysconfdir}/%{name}/canonical
%config(noreplace) %{_sysconfdir}/%{name}/header_checks
%config(noreplace) %{_sysconfdir}/%{name}/helo_access
%config(noreplace) %{_sysconfdir}/%{name}/main.cf
%config(noreplace) %{_sysconfdir}/%{name}/master.cf
%config(noreplace) %{_sysconfdir}/%{name}/relay
%config(noreplace) %{_sysconfdir}/%{name}/relay_ccerts
%config(noreplace) %{_sysconfdir}/%{name}/relay_recipients
%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd
%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical
%config(noreplace) %{_sysconfdir}/%{name}/virtual
%config(noreplace) %{_sysconfdir}/%{name}/*
%ghost %attr(0644,root,root) %{_sysconfdir}/%{name}/*.lmdb
%ghost %attr(0644,root,root) %{_sysconfdir}/aliases.lmdb
%dir %{_sysconfdir}/sasl2
%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf
%exclude %{_sysconfdir}/%{name}/LICENSE
%exclude %{_sysconfdir}/%{name}/TLS_LICENSE
%config %{_sysconfdir}/permissions.d/%{name}
%config %{_sysconfdir}/permissions.d/%{name}.paranoid
%{pf_shlib_directory}/%{name}-files
# create our default postfix ssl DIR (/etc/postfix/ssl)
%dir %{_sysconfdir}/%{name}/ssl
%dir %{_sysconfdir}/%{name}/ssl/certs
%{_sysconfdir}/%{name}/ssl/cacerts
%dir %{pf_shlib_directory}/systemd
%attr(0755,root,root) %{pf_shlib_directory}/systemd/*
%{pf_meta_directory}/%{name}-files
%dir %{pf_systemd_directory}
%attr(0755,root,root) %{pf_systemd_directory}/*
%{_unitdir}/%{name}.service
%{_unitdir}/mail-transfer-agent.target.wants
%{_bindir}/mailq
%{_bindir}/newaliases
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postlog
%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue
%{_bindir}/*
%attr(0755,root,root) %{_sbindir}/sendmail
%attr(0755,root,root) %{_sbindir}/postalias
%attr(0755,root,root) %{_sbindir}/postcat
@@ -579,9 +462,7 @@ fi
%attr(0755,root,root) %{_sbindir}/qmqp-source
%attr(0755,root,root) %{_sbindir}/smtp-sink
%attr(0755,root,root) %{_sbindir}/smtp-source
%attr(0755,root,root) %{_sbindir}/mk%{name}cert
%attr(0755,root,root) %{_sbindir}/check_mail_queue
%attr(0755,root,root) %{_sbindir}/config.%{name}
%if 0%{?suse_version} < 1599
%{_sbindir}/rc%{name}
%endif
@@ -595,20 +476,16 @@ fi
%{pf_shlib_directory}/lib%{name}-master.so
%{pf_shlib_directory}/lib%{name}-tls.so
%{pf_shlib_directory}/lib%{name}-util.so
%{pf_shlib_directory}/dynamicmaps.cf
%{pf_shlib_directory}/main.cf.proto
%{pf_shlib_directory}/makedefs.out
%{pf_shlib_directory}/master.cf.proto
%{pf_meta_directory}/dynamicmaps.cf
%{pf_meta_directory}/main.cf.proto
%{pf_meta_directory}/makedefs.out
%{pf_meta_directory}/master.cf.proto
%dir %{pf_daemon_directory}
%{pf_daemon_directory}/*
%dir %{pf_shlib_directory}/dynamicmaps.cf.d
%dir %{pf_shlib_directory}/postfix-files.d
%dir %{pf_meta_directory}/dynamicmaps.cf.d
%dir %{pf_meta_directory}/postfix-files.d
%{conf_backup_dir}
%dir %attr(0700,%{name},root) %{pf_data_directory}
%exclude %{_mandir}/man5/ldap_table.5*
%exclude %{_mandir}/man5/mysql_table.5*
%exclude %{_mandir}/man5/pgsql_table.5*
%{_mandir}/man?/*%{?ext_man}
%dir %attr(0755,root,root) /%{pf_queue_directory}
%dir %attr(0755,root,root) /%{pf_queue_directory}/pid
@@ -641,20 +518,19 @@ fi
%config(noreplace) %attr(640, root, %{name}) %{_sysconfdir}/%{name}/*_maps.cf
%config(noreplace) %{_sysconfdir}/%{name}/main.cf-mysql
%{pf_shlib_directory}/%{name}-mysql.so
%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf
%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-mysql.cf
%{_mandir}/man5/mysql_table.5%{?ext_man}
%{_sysusersdir}/postfix-vmail-user.conf
%files postgresql
%{pf_shlib_directory}/%{name}-pgsql.so
%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf
%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf
%{_mandir}/man5/pgsql_table.5%{?ext_man}
%if %{with ldap}
%files ldap
%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf
%{pf_shlib_directory}/%{name}-ldap.so
%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf
%{pf_meta_directory}/dynamicmaps.cf.d/%{name}-ldap.cf
%{_mandir}/man5/ldap_table.5%{?ext_man}
%endif