Dirk Mueller
e9b4a7071e
- update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch OBS-URL: https://build.opensuse.org/request/show/1080180 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
130 lines
6.1 KiB
Diff
130 lines
6.1 KiB
Diff
Index: conf/master.cf
|
|
===================================================================
|
|
--- conf/master.cf.orig
|
|
+++ conf/master.cf
|
|
@@ -10,6 +10,11 @@
|
|
# (yes) (yes) (no) (never) (100)
|
|
# ==========================================================================
|
|
smtp inet n - n - - smtpd
|
|
+#amavis unix - - n - 4 smtp
|
|
+# -o smtp_data_done_timeout=1200
|
|
+# -o smtp_send_xforward_command=yes
|
|
+# -o disable_dns_lookups=yes
|
|
+# -o max_use=20
|
|
#smtp inet n - n - 1 postscreen
|
|
#smtpd pass - - n - - smtpd
|
|
#dnsblog unix - - n - 0 dnsblog
|
|
@@ -17,40 +22,42 @@ smtp inet n - n
|
|
# Choose one: enable submission for loopback clients only, or for any client.
|
|
#127.0.0.1:submission inet n - n - - smtpd
|
|
#submission inet n - n - - smtpd
|
|
-# -o syslog_name=postfix/submission
|
|
-# -o smtpd_tls_security_level=encrypt
|
|
-# -o smtpd_sasl_auth_enable=yes
|
|
-# -o smtpd_tls_auth_only=yes
|
|
-# -o local_header_rewrite_clients=static:all
|
|
-# -o smtpd_reject_unlisted_recipient=no
|
|
+# -o syslog_name=postfix/submission
|
|
+# -o smtpd_tls_security_level=encrypt
|
|
+# -o content_filter=smtp:[127.0.0.1]:10024
|
|
+# -o smtpd_sasl_auth_enable=yes
|
|
+# -o smtpd_tls_auth_only=yes
|
|
+# -o local_header_rewrite_clients=static:all
|
|
+# -o smtpd_reject_unlisted_recipient=no
|
|
# Instead of specifying complex smtpd_<xxx>_restrictions here,
|
|
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
|
|
# here, and specify mua_<xxx>_restrictions in main.cf (where
|
|
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
|
|
-# -o smtpd_client_restrictions=
|
|
-# -o smtpd_helo_restrictions=
|
|
-# -o smtpd_sender_restrictions=
|
|
-# -o smtpd_relay_restrictions=
|
|
-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
|
-# -o milter_macro_daemon_name=ORIGINATING
|
|
+# -o smtpd_client_restrictions=$mua_client_restrictions
|
|
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
|
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
|
+# -o smtpd_recipient_restrictions=
|
|
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
|
+# -o milter_macro_daemon_name=ORIGINATING
|
|
# Choose one: enable submissions for loopback clients only, or for any client.
|
|
#127.0.0.1:submissions inet n - n - - smtpd
|
|
#submissions inet n - n - - smtpd
|
|
-# -o syslog_name=postfix/submissions
|
|
-# -o smtpd_tls_wrappermode=yes
|
|
-# -o smtpd_sasl_auth_enable=yes
|
|
-# -o local_header_rewrite_clients=static:all
|
|
-# -o smtpd_reject_unlisted_recipient=no
|
|
+# -o syslog_name=postfix/submissions
|
|
+# -o smtpd_tls_wrappermode=yes
|
|
+# -o content_filter=smtp:[127.0.0.1]:10024
|
|
+# -o smtpd_sasl_auth_enable=yes
|
|
+# -o local_header_rewrite_clients=static:all
|
|
+# -o smtpd_reject_unlisted_recipient=no
|
|
# Instead of specifying complex smtpd_<xxx>_restrictions here,
|
|
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
|
|
# here, and specify mua_<xxx>_restrictions in main.cf (where
|
|
# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
|
|
-# -o smtpd_client_restrictions=
|
|
-# -o smtpd_helo_restrictions=
|
|
-# -o smtpd_sender_restrictions=
|
|
-# -o smtpd_relay_restrictions=
|
|
-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
|
-# -o milter_macro_daemon_name=ORIGINATING
|
|
+# -o smtpd_client_restrictions=$mua_client_restrictions
|
|
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
|
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
|
+# -o smtpd_recipient_restrictions=
|
|
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
|
+# -o milter_macro_daemon_name=ORIGINATING
|
|
#628 inet n - n - - qmqpd
|
|
pickup unix n - n 60 1 pickup
|
|
cleanup unix n - n - 0 cleanup
|
|
@@ -79,6 +86,26 @@ lmtp unix - - n
|
|
anvil unix - - n - 1 anvil
|
|
scache unix - - n - 1 scache
|
|
postlog unix-dgram n - n - 1 postlogd
|
|
+#localhost:10025 inet n - n - - smtpd
|
|
+# -o content_filter=
|
|
+# -o smtpd_delay_reject=no
|
|
+# -o smtpd_client_restrictions=permit_mynetworks,reject
|
|
+# -o smtpd_helo_restrictions=
|
|
+# -o smtpd_sender_restrictions=
|
|
+# -o smtpd_recipient_restrictions=permit_mynetworks,reject
|
|
+# -o smtpd_data_restrictions=reject_unauth_pipelining
|
|
+# -o smtpd_end_of_data_restrictions=
|
|
+# -o smtpd_restriction_classes=
|
|
+# -o mynetworks=127.0.0.0/8
|
|
+# -o smtpd_error_sleep_time=0
|
|
+# -o smtpd_soft_error_limit=1001
|
|
+# -o smtpd_hard_error_limit=1000
|
|
+# -o smtpd_client_connection_count_limit=0
|
|
+# -o smtpd_client_connection_rate_limit=0
|
|
+# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
|
|
+# -o local_header_rewrite_clients=
|
|
+# -o local_recipient_maps=
|
|
+# -o relay_recipient_maps=
|
|
#
|
|
# ====================================================================
|
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
|
@@ -112,7 +139,7 @@ postlog unix-dgram n - n
|
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
|
#
|
|
#cyrus unix - n n - - pipe
|
|
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
|
+# flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
|
#
|
|
# ====================================================================
|
|
#
|
|
@@ -145,3 +172,10 @@ postlog unix-dgram n - n
|
|
#mailman unix - n n - - pipe
|
|
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
|
# ${nexthop} ${user}
|
|
+#
|
|
+#procmail unix - n n - - pipe
|
|
+# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
|
|
+#
|
|
+#dovecot unix - n n - - pipe
|
|
+# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
|
|
+#
|