SHA256
1
0
forked from pool/postfix
postfix/postfix-master.cf.patch

118 lines
5.5 KiB
Diff
Raw Normal View History

Index: conf/master.cf
===================================================================
--- conf/master.cf.orig
+++ conf/master.cf
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
@@ -10,6 +10,11 @@
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
+#amavis unix - - n - 4 smtp
+# -o smtp_data_done_timeout=1200
+# -o smtp_send_xforward_command=yes
+# -o disable_dns_lookups=yes
+# -o max_use=20
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
@@ -17,30 +22,32 @@ smtp inet n - n
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n - n - - smtpd
#submission inet n - n - - smtpd
-# -o syslog_name=postfix/submission
-# -o smtpd_tls_security_level=encrypt
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_tls_auth_only=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+# -o syslog_name=postfix/submission
+# -o smtpd_tls_security_level=encrypt
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_tls_auth_only=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable smtps for loopback clients only, or for any client.
#127.0.0.1:smtps inet n - n - - smtpd
#smtps inet n - n - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o content_filter=smtp:[127.0.0.1]:10024
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_reject_unlisted_recipient=no
+# -o smtpd_client_restrictions=$mua_client_restrictions
+# -o smtpd_helo_restrictions=$mua_helo_restrictions
+# -o smtpd_sender_restrictions=$mua_sender_restrictions
+# -o smtpd_recipient_restrictions=
+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
@@ -69,6 +76,26 @@ lmtp unix - - n
anvil unix - - n - 1 anvil
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
scache unix - - n - 1 scache
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
postlog unix-dgram n - n - 1 postlogd
+#localhost:10025 inet n - n - - smtpd
+# -o content_filter=
+# -o smtpd_delay_reject=no
+# -o smtpd_client_restrictions=permit_mynetworks,reject
+# -o smtpd_helo_restrictions=
+# -o smtpd_sender_restrictions=
+# -o smtpd_recipient_restrictions=permit_mynetworks,reject
+# -o smtpd_data_restrictions=reject_unauth_pipelining
+# -o smtpd_end_of_data_restrictions=
+# -o smtpd_restriction_classes=
+# -o mynetworks=127.0.0.0/8
+# -o smtpd_error_sleep_time=0
+# -o smtpd_soft_error_limit=1001
+# -o smtpd_hard_error_limit=1000
+# -o smtpd_client_connection_count_limit=0
+# -o smtpd_client_connection_rate_limit=0
+# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
+# -o local_header_rewrite_clients=
+# -o local_recipient_maps=
+# -o relay_recipient_maps=
#
# ====================================================================
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -102,7 +129,7 @@ postlog unix-dgram n - n
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+# flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
@@ -135,3 +162,10 @@ postlog unix-dgram n - n
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
+#
+#procmail unix - n n - - pipe
+# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
+#
+#dovecot unix - n n - - pipe
+# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
+#