postfix/postfix-master.cf.patch
Dirk Mueller e9b4a7071e Accepting request 1080180 from home:adkorte:branches:server:mail
- update to 3.8.0
  * Support to look up DNS SRV records in the Postfix SMTP/LMTP
    client, Based on code by Tomas Korbar (Red Hat). For example,
    with "use_srv_lookup = submission" and "relayhost =
    example.com:submission", the Postfix SMTP client will look up
    DNS SRV records for _submission._tcp.example.com, and will relay
    email through the hosts and ports that are specified with those
    records.
  * TLS obsolescence: Postfix now treats the "export" and "low"
    cipher grade settings as "medium". The "export" and "low" grades
    are no longer supported in OpenSSL 1.1.1, the minimum version
    required in Postfix 3.6.0 and later. Also, Postfix default
    settings now exclude deprecated or unused ciphers (SEED, IDEA,
    3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
    (DH, ECDH), and public key algorithm (DSS).
  * Attack resistance: the Postfix SMTP server can now aggregate
    smtpd_client_*_rate and smtpd_client_*_count statistics by
    network block instead of by IP address, to raise the bar against
    a memory exhaustion attack in the anvil(8) server; Postfix TLS
    support unconditionally disables TLS renegotiation in the middle
    of an SMTP connection, to avoid a CPU exhaustion attack.
  * The PostgreSQL client encoding is now configurable with the
    "encoding" Postfix configuration file attribute. The default
    is "UTF8". Previously the encoding was hard-coded as "LATIN1",
    which is not useful in the context of SMTP.
  * The postconf command now warns for #comment in or after a Postfix
    parameter value. Postfix programs do not support #comment after
    other text, and treat that as input.
- rebase/refresh patches
  * pointer_to_literals.patch
  * postfix-linux45.patch
  * postfix-master.cf.patch
  * postfix-ssl-release-buffers.patch
  * set-default-db-type.patch

OBS-URL: https://build.opensuse.org/request/show/1080180
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
2023-04-27 21:59:58 +00:00

130 lines
6.1 KiB
Diff

Index: conf/master.cf
===================================================================
--- conf/master.cf.orig
+++ conf/master.cf
@@ -10,6 +10,11 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
+#amavis unix - - n - 4 smtp
+# -o smtp_data_done_timeout=1200
+# -o smtp_send_xforward_command=yes
+# -o disable_dns_lookups=yes
+# -o max_use=20
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
@@ -17,40 +22,42 @@ smtp inet n - n
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_tls_auth_only=yes
-# -o local_header_rewrite_clients=static:all
-# -o smtpd_reject_unlisted_recipient=no
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_tls_auth_only=yes
+# -o local_header_rewrite_clients=static:all
+# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-# -o smtpd_client_restrictions=
-# -o smtpd_helo_restrictions=
-# -o smtpd_sender_restrictions=
-# -o smtpd_relay_restrictions=
-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n - n - - smtpd
#submissions inet n - n - - smtpd
-# -o syslog_name=postfix/submissions
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o local_header_rewrite_clients=static:all
-# -o smtpd_reject_unlisted_recipient=no
+# -o syslog_name=postfix/submissions
+# -o smtpd_tls_wrappermode=yes
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o local_header_rewrite_clients=static:all
+# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
# here, and specify mua_<xxx>_restrictions in main.cf (where
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-# -o smtpd_client_restrictions=
-# -o smtpd_helo_restrictions=
-# -o smtpd_sender_restrictions=
-# -o smtpd_relay_restrictions=
-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
@@ -79,6 +86,26 @@ lmtp unix - - n
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
+#localhost:10025 inet n - n - - smtpd
+# -o content_filter=
+# -o smtpd_delay_reject=no
+# -o smtpd_client_restrictions=permit_mynetworks,reject
+# -o smtpd_helo_restrictions=
+# -o smtpd_sender_restrictions=
+# -o smtpd_recipient_restrictions=permit_mynetworks,reject
+# -o smtpd_data_restrictions=reject_unauth_pipelining
+# -o smtpd_end_of_data_restrictions=
+# -o smtpd_restriction_classes=
+# -o mynetworks=127.0.0.0/8
+# -o smtpd_error_sleep_time=0
+# -o smtpd_soft_error_limit=1001
+# -o smtpd_hard_error_limit=1000
+# -o smtpd_client_connection_count_limit=0
+# -o smtpd_client_connection_rate_limit=0
+# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
+# -o local_header_rewrite_clients=
+# -o local_recipient_maps=
+# -o relay_recipient_maps=
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -112,7 +139,7 @@ postlog unix-dgram n - n
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+# flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
@@ -145,3 +172,10 @@ postlog unix-dgram n - n
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
+#
+#procmail unix - n n - - pipe
+# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
+#
+#dovecot unix - n n - - pipe
+# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
+#