diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b24670a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/pflogsumm-1.1.3.tar.gz +SOURCES/postfix-2.10.1.tar.gz diff --git a/.postfix.metadata b/.postfix.metadata new file mode 100644 index 0000000..81ba5b2 --- /dev/null +++ b/.postfix.metadata @@ -0,0 +1,2 @@ +86bdb3b880896e9a4991dd3ea77c4981a5c65dcb SOURCES/pflogsumm-1.1.3.tar.gz +3e236cf95a7439750e92d9ef5cd510c00e603eb2 SOURCES/postfix-2.10.1.tar.gz diff --git a/SOURCES/README-Postfix-SASL-RedHat.txt b/SOURCES/README-Postfix-SASL-RedHat.txt new file mode 100644 index 0000000..5fa994c --- /dev/null +++ b/SOURCES/README-Postfix-SASL-RedHat.txt @@ -0,0 +1,440 @@ +Quick Start to Authenticate with SASL and PAM: +---------------------------------------------- + +If you don't need the details and are an experienced system +administrator you can just do this, otherwise read on. + +1) Edit /etc/postfix/main.cf and set this: + +smtpd_sasl_auth_enable = yes +smtpd_sasl_security_options = noanonymous +broken_sasl_auth_clients = yes + +smtpd_recipient_restrictions = + permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination + +2) Turn on saslauthd: + + /sbin/chkconfig --level 345 saslauthd on + /sbin/service saslauthd start + +3) Edit /etc/sysconfig/saslauthd and set this: + + MECH=pam + +4) Restart Postfix: + + /sbin/service postfix restart + +A crash course in using SASL with Postfix: +------------------------------------------ + +Red Hat's Postfix RPMs include support for both SASL and TLS. SASL, the +Simple Authentication and Security Layer, allows Postfix to implement RFC +2554, which defines an extension to ESMTP, SMTP AUTH, which compliant +ESMTP clients can use to authenticate themselves to ESMTP servers. +Typically, this is used to allow roaming users to relay mail through a +server safely without configuring the SMTP server to be an open relay. +Inclusion of TLS support allows Postfix to implement RFC 2487, which +defines an extension to ESMTP, SMTP STARTTLS, which compliant ESMTP +clients and servers can use to encrypt the SMTP session. This is a +security enhancement -- normally SMTP is transmitted as cleartext over the +wire, making it vulnerable to both passive sniffing and active alteration +via monkey-in-the-middle attacks. In addition, STARTTLS can also be +used by either or both server and client to verify the identity of the +other end, making it useful for the same sorts of purposes as SMTP AUTH. +The two can even be combined. Typically, this is done by first starting +TLS, to encrypt the SMTP session, and then issuing the SMTP AUTH command, +to authenticate the client; this combination ensures that the username +and password transferred as part of the SMTP AUTH are protected by the +TLS encrypted session. + +SMTP AUTH is implemented using SASL, an abstraction layer which can +authenticate against a variety of sources. On Red Hat, SASL can use +the /etc/shadow file, or it can use PAM libraries, or it can use its own +password database (/etc/sasldb), or it can do various more exotic things. + +Authentication raises a number of security concerns for obvious +reasons. As a consequence authentication services on Red Hat systems +are restricted to processes running with root privileges. However for +security reasons it is also essential that a mail server such as +Postfix run without root privileges so that mail operations cannot +compromise the host system. This means that Postfix cannot directly +use authentication services because it does not execute with root +privileges. The answer to this this problem is to introduce an +intermediary process that runs with root privileges which Postfix can +communicate with and will perform authentication on behalf of +Postfix. The SASL package includes an authentication daemon called +saslauthd which provided this service, think of it as an +authentication proxy. + +Using Saslauthd: +---------------- + +To use saslauthd there are several things you must assure are +configured. + +Selecting an Authentication Method: +----------------------------------- + +Recall that it is saslauthd which is authenticating, not +Postfix. To start with you must tell Postfix to use saslauthd, in +main.cf edit this configuration parameter: + + smtpd_sasl_auth_enable = yes + +It is also recommended that you disable anonymous logins otherwise +you've left your system open, so also add this configuration +parameter. + + smtpd_sasl_security_options = noanonymous + +Now you must tell saslauthd which authentication method to use. To +determine the authentication methods currently supported by saslauthd +invoke saslauthd with the -v parameter, it will print its version and +its list of methods and then exit, for example: + + /usr/sbin/saslauthd -v + saslauthd 2.1.10 + authentication mechanisms: getpwent kerberos5 pam rimap shadow + +When saslauthd starts up it reads its configuration options from the +file /etc/sysconfig/saslauthd. Currently there are two parameters +which can be set in this file, MECH and FLAGS. MECH is the +authentication mechanism and FLAGS is any command line flags you may +wish to pass to saslauthd. To tell saslauthd to use a specific +mechanism edit /etc/sysconfig/saslauthd and set the MECH parameter, +for example to use PAM it would look like this: + + MECH=pam + +Of course you may use any of the other authentication mechanisms that +saslauthd reported it supports. PAM is an excellent choice as PAM +supports many of the same authentication methods that saslauthd does, +but by using PAM you will have centralized all of your authentication +configuration under PAM which is one of PAM's greatest assets. + +How Postfix Interacts with SASL to Name its Authentication Services: +-------------------------------------------------------------------- + +It can be very helpful to understand how Postfix communicates with +SASL to name its authentication services. Knowing this will let you +identify the configuration files the various components will access. + +When Postfix invokes SASL it must give SASL an application name that +SASL will use among other things to locate a configuration file for +the application. The application name Postfix identifies itself as is +"smtpd". SASL will append ".conf" to the application name and look for +a config file in its library and config directories. Thus SASL will +read Postfix's configuration from + + /etc/sasl2/smtpd.conf + +This file names the authentication method SASL will use for Postfix +(actually for smtpd, other MTA's such as sendmail may use the same +file). Because we want to use the saslauthd authentication proxy +daemon the contents of this file is: + + pwcheck_method: saslauthd + +This tells SASL when being invoked to authentication for Postfix that +it should use saslauthd. Saslauthd's mechanism is set in +/etc/sysconfig/saslauthd (see below). + +When Postfix calls on SASL to authenticate it passes to SASL a service +name. This service name is used in authentication method specific +way. The service name Postfix passes to SASL is "smtp" (note this is +not the same as the application name which is "smtpd"). To understand +this better consider the case of using PAM authentication. When SASL, +or in our case saslauthd, invokes PAM it passes the service name of +"smtp" to PAM which means that when PAM wants to read configuration +information for this client it will find it under the name of "smtp". + +Turning on the Authentication Daemon: +------------------------------------- + +Red Hat security policy is not to automatically enable services +belonging to a package when the package is installed. The system +administrator must explicitly enable the service. To enable saslauthd +do the following: + +1) Tell the init process to launch saslauthd when entering various run + levels. Assuming you want saslauthd to run at run levels 3,4,5 + invoke chkconfig. + + /sbin/chkconfig --level 345 saslauthd on + +2) You will probably want to start saslauthd now without having to + reboot, to do this: + + /sbin/service saslauthd start + +Trouble Shooting Authentication: +-------------------------------- + +The best way to debug authentication problems is to examine log +messages from the authentication components. However, normally these +log messages are suppressed. There are two principle reasons the +messages are suppressed. The first is that they are typically logged +at the DEBUG logging priority level which is the lowest priority and +the syslog configuration typically logs only higher priority +messages. The second reason is that for security reasons authentication +logging is considered a risk. Authentication logging has been divided +into two different facilities, auth and authpriv. authpriv is private +and is typically shunted off to a different log file with higher +protection. You will want to be able to see both auth and authpriv +messages at all priorities. To do this as root edit /etc/syslog.conf +file, find the following line + +authpriv.* /var/log/secure + +edit the line to: + +authpriv.*;auth.* /var/log/secure + +Then restart syslogd so the syslog configuration changes will be +picked up: + + /sbin/service syslog restart + +Now all authentication messages at all priorities will log to +/var/log/secure. + +Using PAM to Authenticate: +-------------------------- + +Edit /etc/sysconfig/saslauthd and set MECH to PAM like this: + + MECH=pam + +When PAM is invoked via SASL it is passed a service name of +"smtp". This means that PAM will read its configuration parameters for +Postfix from the file: /etc/pam.d/smtp. By default this file is set to +refer to the global system PAM authentication policy, thus by default +you'll get whatever PAM authentication your system is configured for +and virtually all applications use. Configuring PAM authentication is +beyond the scope of this document, please refer to the PAM +documentation if you which to modify PAM. + +Trouble Shooting PAM Authentication: +------------------------------------ + +1) One possible reason PAM may fail to authenticate even if the user +is known to the system is if PAM fails to find the service +configuration file in /etc/pam.d. Service configuration files are not +required by PAM, if it does not find a service configuration file it +will default to "other". Since PAM does not consider the absence of a +service configuration file a problem it does not log anything nor does +it return an error to the calling application. In other words it is +completely silent about the fact it did not find a service +configuration file. On Red Hat system the default implementation of +"other" for PAM is to deny access. This means on Red Hat systems the +absence of a PAM service configuration file will mean PAM will +silently fail authentication. The PAM service configuration file for +postfix is /etc/pam.d/smtp and is intalled by the Red Hat Postfix rpm +and put under control of "alternatives" with name mta. Alternatives +allows one to select between the sendmail and postfix MTA's and +manages symbolic links for files the two MTA's share. /etc/pam.d/smtp +is one such file, if you have not selected Postfix as your prefered +MTA the link to this file will not be present. To select Postfix as +your MTA do this: "/usr/sbin/alternatives --config mta" and follow the +prompt to select postfix. + +2) Is SASL appending a realm or domain to a username? PAM + authentication requires a bare username and password, other + authentication methods require the username to be qualified with a + realm. Typically the username will be rewritten as user@realm + (e.g. user@foo.com) PAM does not understand a username with + "@realm" appended to it and will fail the authentication with the + message that the user is unknown. If the log files shows saslauthd + usernames with "@realm" appended to it then the + smtpd_sasl_local_domain configuration parameter is likely set in + /etc/postfix/main.cf file, make sure its either not set or set it + to an empty string. Restart postfix and test authtentication again, + the log file should show only a bare username. + + + +Using saslpasswd to Authenticate: +--------------------------------- + +SASL can maintain its own password database independent of the host +system's authentication setup, it is called saslpasswd. You may wish +to use saslpasswd if you want to isolate who can smtp authenticate +from general system users. However, it does add another password +database that a system administrator must maintain. + +To authenticate against sasldb, you'll first have to create accounts. +These accounts are entirely separate from system accounts, and are used +only by connecting SMTP clients to authenticate themselves. Use the +saslpassword command: + +saslpasswd -u `postconf -h myhostname` -c user + +to create an account named user which can log into realm. For the +realm, make absolutely certain that you use the same value as is set for +myhostname in /etc/postfix/main.cf. If you don't, it likely won't work. + +Also, be aware that saslpasswd is somewhat buggy. The first time you +run it, it may generate an error message while initializing the sasldb. +If it does, just add that user a second time. + +You'll need to set permissions on the SASL password database so that +the Postfix daemons can read it: + + chgrp postfix /etc/sasldb + chmod g+r /etc/sasldb + +Now, you'll need to modify /etc/postfix/main.cf to tell it to +support SASL. The complete options you might want to use are in the +sample-auth.cf file in the Postfix documentation directory. An option +you will definitely need is: + +# enable SASL support +smtpd_sasl_auth_enable = yes + +You might also need to set the SASL authentication realm to whatever +realm you used when you created your sasldb; by default, this is set to +$myhostname, but you instead might need something like: + +# set SASL realm to domain instead +smtpd_sasl_local_domain = $mydomain + +Other Postfix Authentication Parameters: +---------------------------------------- + +If you want to allow your already configured users to still use your SMTP +server, and to allow users authenticated via SMTP AUTH to use your server +as well, then modify your existing smtpd_recipient_restrictions line to; + +# also allow authenticated (RFC 2554) users +smtpd_recipient_restrictions = permit_sasl_authenticated ... + +If you want to restrict use of your server to just authenticated clients +(Note: this is a bad idea for public mail servers), then instead use: + +# restrict server access to authenticated (RFC 2554) clients +smtpd_delay_reject = yes +smtpd_client_restrictions = permit_sasl_authenticated ... + +SASL supports several password types which have differing security +properties. Different SMTP clients may support some or all of these +password types. When the client issues an EHLO command, the server +tells it which types it supports: + +$ telnet station6 25 +Trying 10.100.0.6... +Connected to station6.example.com. +Escape character is '^]'. +220 station6.example.com ESMTP Postfix +ehlo station7 +250-station6.example.com +250-PIPELINING +250-SIZE 10240000 +250-VRFY +250-ETRN +250-STARTTLS +250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 +250-XVERP +250 8BITMIME + +Here, the server supports PLAIN, LOGIN, DIGEST-MD5, and CRAM-MD5 password +methods. + +The client then chooses the first of these listed methods which it also +supports, and issues an SMTP AUTH request. + +For security, PLAIN and LOGIN methods are typically disabled. These two +methods use trivially decryptable encryption, making the username and +password issued by the client vulnerable to interception via a sniffer +in between the server and client. Unfortunately, they can't always +be disabled. Some popular SMTP clients, including MS Outlook 5.x, +only support PLAIN authentication, for example. + +To limit the login methods offered by the server: + +# disable unsafe password methods +smtpd_sasl_security_options = noplaintext noanonymous + +Available options are: + +noplaintext, which disables LOGIN and PLAIN +noanonymous, which disables disables ANON +nodictionary, which disables methods vulnerable to dictionary attacks +noactive, which disables methods vulnerable to active attacks + +The last two are rarely used, since almost all supported methods are +vulnerable to those attacks ;-). + +Also be aware that some broken clients mis-implement the SMTP AUTH +protocol, and send commands using incorrect syntax (AUTH=foo instead of +the correct AUTH foo). MS Outlook 4.x clients have this bug, among +a legion of others.... If you need to support these clients, use: + +# support braindead MS products +broken_sasl_auth_clients = yes + +To help prevent spoofing, you can also create a map file of SASL login +names which are allowed to use specific envelope sender (MAIL FROM) +addresses. If you choose to do this, you also have to tell Postfix to +reject addresses which don't match login names: + +# prevent spoofing by authenticated users +reject_sender_login_mismatch +smtpd_sender_login_maps=type:/path/to/file + +Configuration of SASL clients is much simpler. Postfix itself can be +made a SASL client; this is typically useful when roaming users run Linux +on their laptop and need to relay mail back through the organization's +main server. + +To enable Postfix to act as an SMTP AUTH client, simply add to +/etc/postfix/main.cf: + +# support authentication (RFC 2557) when relaying through a server +smtp_sasl_auth_enable = yes + +and tell Postfix where to find the usernames and passwords it should +use to authenticate: + +# location of passwords for authentication client +smtp_sasl_password_maps = type:/path/to/file + +The file itself should have the format: + +destination username:password + +where destination is the name of the server, and username:password are +the username and password which should be presented to that server to +authenticate when connecting to it as a client. + +Optionally, the authentication methods to be used can be specified for +the Postfix client, just as they can be for the Postfix server: + +# disable plaintext and anonymous +smtp_sasl_security_options = noplaintext noanonymous + +Many popular end-user MUAs can also be configured as SMTP AUTH clients. +Clients capable of this supplied with Red Hat include pine, Netscape, +and Mozilla. + +Other Sources of Documentation: +------------------------------- + +/usr/share/doc/postfix-/README_FILES/SASL_README + +Local configuration examples: + +/usr/share/doc/postfix-*/samples + +Postfix Howtos, Guides and Tips by Ralf Hildebrandt and Patrick +Koetter can be found at: http://postfix.state-of-mind.de + +------------------------------------------------------------------------------ + +Please send any comments / corrections to Chris Ricker +. This material can be freely modified and +redistributed. Additional material provided by John Dennis + and Dax Kelson . diff --git a/SOURCES/pflogsumm-1.1.3-datecalc.patch b/SOURCES/pflogsumm-1.1.3-datecalc.patch new file mode 100644 index 0000000..28ccb2f --- /dev/null +++ b/SOURCES/pflogsumm-1.1.3-datecalc.patch @@ -0,0 +1,14 @@ +diff -up pflogsumm-1.1.3/pflogsumm.pl.datecalc pflogsumm-1.1.3/pflogsumm.pl +--- pflogsumm-1.1.3/pflogsumm.pl.datecalc 2010-03-20 21:00:42.000000000 +0100 ++++ pflogsumm-1.1.3/pflogsumm.pl 2010-06-10 15:57:27.000000000 +0200 +@@ -400,8 +400,8 @@ Copyright (C) 1998-2010 by James S. Seym + use strict; + use locale; + use Getopt::Long; +-eval { require Date::Calc }; +-my $hasDateCalc = $@ ? 0 : 1; ++require Date::Calc; ++my $hasDateCalc = 1; + + my $mailqCmd = "mailq"; + my $release = "1.1.3"; diff --git a/SOURCES/postfix-2.10.0-config.patch b/SOURCES/postfix-2.10.0-config.patch new file mode 100644 index 0000000..f411a6a --- /dev/null +++ b/SOURCES/postfix-2.10.0-config.patch @@ -0,0 +1,107 @@ +diff --git a/conf/main.cf b/conf/main.cf +index 8d301aa..57e865f 100644 +--- a/conf/main.cf ++++ b/conf/main.cf +@@ -113,6 +113,10 @@ mail_owner = postfix + #inet_interfaces = all + #inet_interfaces = $myhostname + #inet_interfaces = $myhostname, localhost ++inet_interfaces = localhost ++ ++# Enable IPv4, and IPv6 if supported ++inet_protocols = all + + # The proxy_interfaces parameter specifies the network interface + # addresses that this mail system receives mail on by way of a +@@ -157,7 +161,7 @@ mail_owner = postfix + # + # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". + # +-#mydestination = $myhostname, localhost.$mydomain, localhost ++mydestination = $myhostname, localhost.$mydomain, localhost + #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain + #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, + # mail.$mydomain, www.$mydomain, ftp.$mydomain +@@ -379,7 +383,7 @@ unknown_local_recipient_reject_code = 550 + # "postfix reload" to eliminate the delay. + # + #alias_maps = dbm:/etc/aliases +-#alias_maps = hash:/etc/aliases ++alias_maps = hash:/etc/aliases + #alias_maps = hash:/etc/aliases, nis:mail.aliases + #alias_maps = netinfo:/aliases + +@@ -390,7 +394,7 @@ unknown_local_recipient_reject_code = 550 + # + #alias_database = dbm:/etc/aliases + #alias_database = dbm:/etc/mail/aliases +-#alias_database = hash:/etc/aliases ++alias_database = hash:/etc/aliases + #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + + # ADDRESS EXTENSIONS (e.g., user+foo) +@@ -460,7 +464,27 @@ unknown_local_recipient_reject_code = 550 + # + # Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" + # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +-#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp ++#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp ++ ++# If using the cyrus-imapd IMAP server deliver local mail to the IMAP ++# server using LMTP (Local Mail Transport Protocol), this is prefered ++# over the older cyrus deliver program by setting the ++# mailbox_transport as below: ++# ++# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp ++# ++# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via ++# these settings. ++# ++# local_destination_recipient_limit = 300 ++# local_destination_concurrency_limit = 5 ++# ++# Of course you should adjust these settings as appropriate for the ++# capacity of the hardware you are using. The recipient limit setting ++# can be used to take advantage of the single instance message store ++# capability of Cyrus. The concurrency limit can be used to control ++# how many simultaneous LMTP sessions will be permitted to the Cyrus ++# message store. + # + # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and + # subsequent line in master.cf. +@@ -480,8 +504,7 @@ unknown_local_recipient_reject_code = 550 + # the main.cf file, otherwise the SMTP server will reject mail for + # non-UNIX accounts with "User unknown in local recipient table". + # +-#fallback_transport = lmtp:unix:/file/name +-#fallback_transport = cyrus ++#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp + #fallback_transport = + + # The luser_relay parameter specifies an optional destination address +@@ -654,4 +677,3 @@ sample_directory = + # readme_directory: The location of the Postfix README files. + # + readme_directory = +-inet_protocols = ipv4 +diff --git a/conf/master.cf b/conf/master.cf +index acc67d7..bc15d38 100644 +--- a/conf/master.cf ++++ b/conf/master.cf +@@ -92,14 +92,14 @@ scache unix - - n - 1 scache + # Also specify in main.cf: cyrus_destination_recipient_limit=1 + # + #cyrus unix - n n - - pipe +-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} ++# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} + # + # ==================================================================== + # + # Old example of delivery via Cyrus. + # + #old-cyrus unix - n n - - pipe +-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} ++# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} + # + # ==================================================================== + # diff --git a/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch b/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch new file mode 100644 index 0000000..f668303 --- /dev/null +++ b/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch @@ -0,0 +1,240 @@ +diff --git a/conf/canonical b/conf/canonical +index 720db18..26937ce 100644 +--- a/conf/canonical ++++ b/conf/canonical +@@ -82,9 +82,14 @@ + # + # TABLE SEARCH ORDER + # With lookups from indexed files such as DB or DBM, or from +-# networked tables such as NIS, LDAP or SQL, patterns are +-# tried in the order as listed below: +-# ++# networked tables such as NIS, LDAP or SQL, each ++# user@domain query produces a sequence of query patterns as ++# described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. ++# + # user@domain address + # Replace user@domain by address. This form has the + # highest precedence. +diff --git a/conf/generic b/conf/generic +index d5ab42a..f66c2f4 100644 +--- a/conf/generic ++++ b/conf/generic +@@ -72,9 +72,14 @@ + # + # TABLE SEARCH ORDER + # With lookups from indexed files such as DB or DBM, or from +-# networked tables such as NIS, LDAP or SQL, patterns are +-# tried in the order as listed below: +-# ++# networked tables such as NIS, LDAP or SQL, each ++# user@domain query produces a sequence of query patterns as ++# described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. ++# + # user@domain address + # Replace user@domain by address. This form has the + # highest precedence. +diff --git a/conf/virtual b/conf/virtual +index 3be6ab9..1843622 100644 +--- a/conf/virtual ++++ b/conf/virtual +@@ -81,9 +81,14 @@ + # + # TABLE SEARCH ORDER + # With lookups from indexed files such as DB or DBM, or from +-# networked tables such as NIS, LDAP or SQL, patterns are +-# tried in the order as listed below: +-# ++# networked tables such as NIS, LDAP or SQL, each ++# user@domain query produces a sequence of query patterns as ++# described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. ++# + # user@domain address, address, ... + # Redirect mail for user@domain to address. This + # form has the highest precedence. +diff --git a/html/canonical.5.html b/html/canonical.5.html +index c97f910..1ef4aac 100644 +--- a/html/canonical.5.html ++++ b/html/canonical.5.html +@@ -87,9 +87,12 @@ CANONICAL(5) CANONICAL(5) + cal line. + + TABLE SEARCH ORDER +- With lookups from indexed files such as DB or DBM, or from +- networked tables such as NIS, LDAP or SQL, patterns are +- tried in the order as listed below: ++ With lookups from indexed files such as DB or DBM, or from networked ++ tables such as NIS, LDAP or SQL, each user@domain query produces a ++ sequence of query patterns as described below. ++ ++ Each query pattern is sent to each specified lookup table before trying ++ the next query pattern, until a match is found. + + user@domain address + Replace user@domain by address. This form has the +diff --git a/html/generic.5.html b/html/generic.5.html +index debee93..3294832 100644 +--- a/html/generic.5.html ++++ b/html/generic.5.html +@@ -77,9 +77,12 @@ GENERIC(5) GENERIC(5) + cal line. + + TABLE SEARCH ORDER +- With lookups from indexed files such as DB or DBM, or from +- networked tables such as NIS, LDAP or SQL, patterns are +- tried in the order as listed below: ++ With lookups from indexed files such as DB or DBM, or from networked ++ tables such as NIS, LDAP or SQL, each user@domain query produces a ++ sequence of query patterns as described below. ++ ++ Each query pattern is sent to each specified lookup table before trying ++ the next query pattern, until a match is found. + + user@domain address + Replace user@domain by address. This form has the +diff --git a/html/virtual.5.html b/html/virtual.5.html +index c92826c..7fa6329 100644 +--- a/html/virtual.5.html ++++ b/html/virtual.5.html +@@ -86,9 +86,12 @@ VIRTUAL(5) VIRTUAL(5) + cal line. + + TABLE SEARCH ORDER +- With lookups from indexed files such as DB or DBM, or from +- networked tables such as NIS, LDAP or SQL, patterns are +- tried in the order as listed below: ++ With lookups from indexed files such as DB or DBM, or from networked ++ tables such as NIS, LDAP or SQL, each user@domain query produces a ++ sequence of query patterns as described below. ++ ++ Each query pattern is sent to each specified lookup table before trying ++ the next query pattern, until a match is found. + + user@domain address, address, ... + Redirect mail for user@domain to address. This +diff --git a/man/man5/canonical.5 b/man/man5/canonical.5 +index 1bf8d53..267495f 100644 +--- a/man/man5/canonical.5 ++++ b/man/man5/canonical.5 +@@ -88,8 +88,12 @@ starts with whitespace continues a logical line. + .ad + .fi + With lookups from indexed files such as DB or DBM, or from networked +-tables such as NIS, LDAP or SQL, patterns are tried in the order as +-listed below: ++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++query produces a sequence of query patterns as described below. ++ ++Each query pattern is sent to each specified lookup table ++before trying the next query pattern, until a match is ++found. + .IP "\fIuser\fR@\fIdomain address\fR" + Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form + has the highest precedence. +diff --git a/man/man5/generic.5 b/man/man5/generic.5 +index 13b9dd0..1153f58 100644 +--- a/man/man5/generic.5 ++++ b/man/man5/generic.5 +@@ -80,8 +80,12 @@ starts with whitespace continues a logical line. + .ad + .fi + With lookups from indexed files such as DB or DBM, or from networked +-tables such as NIS, LDAP or SQL, patterns are tried in the order as +-listed below: ++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++query produces a sequence of query patterns as described below. ++ ++Each query pattern is sent to each specified lookup table ++before trying the next query pattern, until a match is ++found. + .IP "\fIuser\fR@\fIdomain address\fR" + Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form + has the highest precedence. +diff --git a/man/man5/virtual.5 b/man/man5/virtual.5 +index da139f8..241bf10 100644 +--- a/man/man5/virtual.5 ++++ b/man/man5/virtual.5 +@@ -86,8 +86,12 @@ starts with whitespace continues a logical line. + .ad + .fi + With lookups from indexed files such as DB or DBM, or from networked +-tables such as NIS, LDAP or SQL, patterns are tried in the order as +-listed below: ++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++query produces a sequence of query patterns as described below. ++ ++Each query pattern is sent to each specified lookup table ++before trying the next query pattern, until a match is ++found. + .IP "\fIuser\fR@\fIdomain address, address, ...\fR" + Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR. + This form has the highest precedence. +diff --git a/proto/canonical b/proto/canonical +index cdda918..6255ba2 100644 +--- a/proto/canonical ++++ b/proto/canonical +@@ -76,8 +76,12 @@ + # .ad + # .fi + # With lookups from indexed files such as DB or DBM, or from networked +-# tables such as NIS, LDAP or SQL, patterns are tried in the order as +-# listed below: ++# tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++# query produces a sequence of query patterns as described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. + # .IP "\fIuser\fR@\fIdomain address\fR" + # Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form + # has the highest precedence. +diff --git a/proto/generic b/proto/generic +index b2e730a..25db840 100644 +--- a/proto/generic ++++ b/proto/generic +@@ -68,8 +68,12 @@ + # .ad + # .fi + # With lookups from indexed files such as DB or DBM, or from networked +-# tables such as NIS, LDAP or SQL, patterns are tried in the order as +-# listed below: ++# tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++# query produces a sequence of query patterns as described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. + # .IP "\fIuser\fR@\fIdomain address\fR" + # Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form + # has the highest precedence. +diff --git a/proto/virtual b/proto/virtual +index 8a2d28f..1fc30aa 100644 +--- a/proto/virtual ++++ b/proto/virtual +@@ -74,8 +74,12 @@ + # .ad + # .fi + # With lookups from indexed files such as DB or DBM, or from networked +-# tables such as NIS, LDAP or SQL, patterns are tried in the order as +-# listed below: ++# tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR ++# query produces a sequence of query patterns as described below. ++# ++# Each query pattern is sent to each specified lookup table ++# before trying the next query pattern, until a match is ++# found. + # .IP "\fIuser\fR@\fIdomain address, address, ...\fR" + # Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR. + # This form has the highest precedence. diff --git a/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch b/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch new file mode 100644 index 0000000..0605594 --- /dev/null +++ b/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch @@ -0,0 +1,33 @@ +diff --git a/src/smtpd/smtpd_haproxy.c b/src/smtpd/smtpd_haproxy.c +index 599e3ed..a4c527c 100644 +--- a/src/smtpd/smtpd_haproxy.c ++++ b/src/smtpd/smtpd_haproxy.c +@@ -96,6 +96,14 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state) + VSTRING *escape_buf; + + /* ++ * While reading HAProxy handshake information, don't buffer input beyond ++ * the end-of-line. That would break the TLS wrappermode handshake. ++ */ ++ vstream_control(state->client, ++ VSTREAM_CTL_BUFSIZE, 1, ++ VSTREAM_CTL_END); ++ ++ /* + * Note: the haproxy_srvr_parse() routine performs address protocol + * checks, address and port syntax checks, and converts IPv4-in-IPv6 + * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted +@@ -142,6 +150,13 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state) + * Avoid surprises in the Dovecot authentication server. + */ + state->dest_addr = mystrdup(smtp_server_addr.buf); ++ ++ /* ++ * Enable normal buffering. ++ */ ++ vstream_control(state->client, ++ VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE, ++ VSTREAM_CTL_END); + return (0); + } + } diff --git a/SOURCES/postfix-2.10.1-kernel-4-fix.patch b/SOURCES/postfix-2.10.1-kernel-4-fix.patch new file mode 100644 index 0000000..2c620ab --- /dev/null +++ b/SOURCES/postfix-2.10.1-kernel-4-fix.patch @@ -0,0 +1,13 @@ +diff --git a/makedefs b/makedefs +index 93b5949..b83a908 100644 +--- a/makedefs ++++ b/makedefs +@@ -347,7 +347,7 @@ EOF + fi;; + esac + ;; +- Linux.3*) SYSTYPE=LINUX3 ++ Linux.[34]*) SYSTYPE=LINUX3 + case "$CCARGS" in + *-DNO_DB*) ;; + *) if [ -f /usr/include/db.h ] diff --git a/SOURCES/postfix-2.10.1-timestamps.patch b/SOURCES/postfix-2.10.1-timestamps.patch new file mode 100644 index 0000000..5974d35 --- /dev/null +++ b/SOURCES/postfix-2.10.1-timestamps.patch @@ -0,0 +1,40 @@ +diff --git a/postfix-install b/postfix-install +index 6b2a261..3edd2c6 100644 +--- a/postfix-install ++++ b/postfix-install +@@ -40,6 +40,10 @@ + # is installed from a pre-built package or from source code. + # + # Arguments ++# .IP -keep-build-mtime ++# When installing files preserve new file's mtime timestamps. ++# Otherwise, mtimes will be set to the time that postfix-install ++# is run. + # .IP -non-interactive + # Do not ask the user for parameter settings. Installation parameters + # are specified via one of the non-interactive methods described +@@ -179,6 +183,7 @@ BACKUP_IFS="$IFS" + LC_ALL=C; export LC_ALL + + USAGE="Usage: $0 [name=value] [option] ++ -keep-build-mtime Preserve build-time file mtime timestamps. + -non-interactive Do not ask for installation parameters. + -package Build a ready-to-install package. + name=value Specify an installation parameter". +@@ -193,6 +198,8 @@ do + *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; + -non-int*) non_interactive=1;; + -package) need_install_root=install_root;; ++-keep-build-mtime) ++ keep_build_mtime=1;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; + esac + shift +@@ -245,6 +252,7 @@ compare_or_replace() { + echo Updating $dst... + rm -f $tempdir/junk || exit 1 + cp $src $tempdir/junk || exit 1 ++ test -z "$keep_build_mtime" || touch -r $src $tempdir/junk || exit 1 + mv -f $tempdir/junk $dst || exit 1 + test -z "$owner" || chown $owner $dst || exit 1 + test -z "$group" || chgrp $group $dst || exit 1 diff --git a/SOURCES/postfix-2.6.1-files.patch b/SOURCES/postfix-2.6.1-files.patch new file mode 100644 index 0000000..27827c4 --- /dev/null +++ b/SOURCES/postfix-2.6.1-files.patch @@ -0,0 +1,47 @@ +diff -up postfix-2.6.1/conf/postfix-files.files postfix-2.6.1/conf/postfix-files +--- postfix-2.6.1/conf/postfix-files.files 2009-02-14 03:08:16.000000000 +0100 ++++ postfix-2.6.1/conf/postfix-files 2009-05-26 11:29:57.000000000 +0200 +@@ -111,20 +111,14 @@ $command_directory/postqueue:f:root:$set + $sendmail_path:f:root:-:755 + $newaliases_path:l:$sendmail_path + $mailq_path:l:$sendmail_path +-$config_directory/LICENSE:f:root:-:644:1 +-$config_directory/TLS_LICENSE:f:root:-:644:1 + $config_directory/access:f:root:-:644:p1 +-$config_directory/aliases:f:root:-:644:p1 +-$config_directory/bounce.cf.default:f:root:-:644:1 + $config_directory/canonical:f:root:-:644:p1 + $config_directory/cidr_table:f:root:-:644:o + $config_directory/generic:f:root:-:644:p1 + $config_directory/generics:f:root:-:644:o + $config_directory/header_checks:f:root:-:644:p1 + $config_directory/install.cf:f:root:-:644:o +-$config_directory/main.cf.default:f:root:-:644:1 + $config_directory/main.cf:f:root:-:644:p +-$config_directory/makedefs.out:f:root:-:644:1 + $config_directory/master.cf:f:root:-:644:p + $config_directory/pcre_table:f:root:-:644:o + $config_directory/postfix-files:f:root:-:644:o +@@ -137,8 +131,8 @@ $config_directory/postfix-script:f:root: + $config_directory/postfix-script-sgid:f:root:-:755:o + $config_directory/postfix-script-nosgid:f:root:-:755:o + $config_directory/post-install:f:root:-:755:o +-$manpage_directory/man1/mailq.1:f:root:-:644 +-$manpage_directory/man1/newaliases.1:f:root:-:644 ++$manpage_directory/man1/mailq.postfix.1:f:root:-:644 ++$manpage_directory/man1/newaliases.postfix.1:f:root:-:644 + $manpage_directory/man1/postalias.1:f:root:-:644 + $manpage_directory/man1/postcat.1:f:root:-:644 + $manpage_directory/man1/postconf.1:f:root:-:644 +@@ -151,9 +145,9 @@ $manpage_directory/man1/postmap.1:f:root + $manpage_directory/man1/postmulti.1:f:root:-:644 + $manpage_directory/man1/postqueue.1:f:root:-:644 + $manpage_directory/man1/postsuper.1:f:root:-:644 +-$manpage_directory/man1/sendmail.1:f:root:-:644 ++$manpage_directory/man1/sendmail.postfix.1:f:root:-:644 + $manpage_directory/man5/access.5:f:root:-:644 +-$manpage_directory/man5/aliases.5:f:root:-:644 ++$manpage_directory/man5/aliases.postfix.5:f:root:-:644 + $manpage_directory/man5/body_checks.5:f:root:-:644 + $manpage_directory/man5/bounce.5:f:root:-:644 + $manpage_directory/man5/canonical.5:f:root:-:644 diff --git a/SOURCES/postfix-alternatives.patch b/SOURCES/postfix-alternatives.patch new file mode 100644 index 0000000..5de525c --- /dev/null +++ b/SOURCES/postfix-alternatives.patch @@ -0,0 +1,22 @@ +Changing the postfix-files config file won't work right on upgrades because +it's a noreplace configuration (the new version with the right paths in it is +installed as postfix-files.rpmnew), so we just munge the post-install script. +--- postfix-1.1.3/conf/post-install Thu Feb 28 16:15:08 2002 ++++ postfix-1.1.3/conf/post-install Thu Feb 28 16:14:54 2002 +@@ -429,6 +429,16 @@ + case $path in + no|no/*) continue;; + esac ++ # Munge paths for alternatives. ++ case $path in ++ /usr/bin/mailq) path=$path.postfix ;; ++ /usr/bin/newaliases) path=$path.postfix ;; ++ /usr/bin/rmail) path=$path.postfix ;; ++ /usr/sbin/sendmail) path=$path.postfix ;; ++ /usr/share/man/man1/mailq.1.gz) path=/usr/share/man/man1/mailq.postfix.1.gz ;; ++ /usr/share/man/man1/newaliases.1.gz) path=/usr/share/man/man1/newaliases.postfix.1.gz ;; ++ /usr/share/man/man5/aliases.5.gz) path=/usr/share/man/man5/aliases.postfix.5.gz ;; ++ esac + # Pick up the flags. + case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac + case $flags in *c*) create_flag=1;; *) create_flag=;; esac diff --git a/SOURCES/postfix-chroot-update b/SOURCES/postfix-chroot-update new file mode 100644 index 0000000..9fa0b08 --- /dev/null +++ b/SOURCES/postfix-chroot-update @@ -0,0 +1,4 @@ +#!/bin/bash + +[ -x /etc/postfix/chroot-update ] && exec /etc/postfix/chroot-update +exit 0 diff --git a/SOURCES/postfix-etc-init.d-postfix b/SOURCES/postfix-etc-init.d-postfix new file mode 100644 index 0000000..c609b0a --- /dev/null +++ b/SOURCES/postfix-etc-init.d-postfix @@ -0,0 +1,164 @@ +#!/bin/bash +# +# postfix Postfix Mail Transfer Agent +# +# chkconfig: - 80 30 +# description: Postfix is a Mail Transport Agent, which is the program \ +# that moves mail from one machine to another. +# processname: master +# pidfile: /var/spool/postfix/pid/master.pid +# config: /etc/postfix/main.cf +# config: /etc/postfix/master.cf +# +# Based on startup script from Simon J Mudd +# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin +# 23/11/00: Changes & suggestions by Ajay Ramaswamy +# 20/01/01: Changes to fall in line with RedHat 7.0 style +# 23/02/01: Fix a few untidy problems with help from Daniel Roesen. + +### BEGIN INIT INFO +# Provides: postfix $mail-transfer-agent +# Required-Start: $local_fs $network $remote_fs +# Required-Stop: $local_fs $network $remote_fs +# Short-Description: start and stop postfix +# Description: Postfix is a Mail Transport Agent, which is the program that +# moves mail from one machine to another. +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +RETVAL=0 +prog="postfix" +lockfile=/var/lock/subsys/$prog +pidfile=/var/spool/postfix/pid/master.pid + +ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp + +# Script to update chroot environment +CHROOT_UPDATE=/etc/postfix/chroot-update + +status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1 +running=$? + +conf_check() { + [ -x /usr/sbin/postfix ] || exit 5 + [ -d /etc/postfix ] || exit 6 + [ -d /var/spool/postfix ] || exit 5 +} + +make_aliasesdb() { + if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ] + then + # /etc/aliases.db may be used by other MTA, make sure nothing + # has touched it since our last newaliases call + [ /etc/aliases -nt /etc/aliases.db ] || + [ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] || + [ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return + /usr/bin/newaliases + touch -r /etc/aliases.db "$ALIASESDB_STAMP" + else + /usr/bin/newaliases + fi +} + +start() { + [ "$EUID" != "0" ] && exit 4 + # Check that networking is up. + [ ${NETWORKING} = "no" ] && exit 1 + conf_check + # Start daemons. + echo -n $"Starting postfix: " + make_aliasesdb >/dev/null 2>&1 + [ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE + /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start" + RETVAL=$? + [ $RETVAL -eq 0 ] && touch $lockfile + echo + return $RETVAL +} + +stop() { + [ "$EUID" != "0" ] && exit 4 + conf_check + # Stop daemons. + echo -n $"Shutting down postfix: " + /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop" + RETVAL=$? + [ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile + echo + return $RETVAL +} + +reload() { + conf_check + echo -n $"Reloading postfix: " + [ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE + /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload" + RETVAL=$? + echo + return $RETVAL +} + +abort() { + conf_check + /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort" + return $? +} + +flush() { + conf_check + /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush" + return $? +} + +check() { + conf_check + /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check" + return $? +} + +# See how we were called. +case "$1" in + start) + [ $running -eq 0 ] && exit 0 + start + ;; + stop) + [ $running -eq 0 ] || exit 0 + stop + ;; + restart|force-reload) + stop + start + ;; + reload) + [ $running -eq 0 ] || exit 7 + reload + ;; + abort) + abort + ;; + flush) + flush + ;; + check) + check + ;; + status) + status -p $pidfile -l $(basename $lockfile) master + ;; + condrestart) + [ $running -eq 0 ] || exit 0 + stop + start + ;; + *) + echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}" + exit 2 +esac + +exit $? diff --git a/SOURCES/postfix-large-fs.patch b/SOURCES/postfix-large-fs.patch new file mode 100644 index 0000000..0721c02 --- /dev/null +++ b/SOURCES/postfix-large-fs.patch @@ -0,0 +1,35 @@ +diff -up postfix-2.5.5/src/util/sys_defs.h.large-fs postfix-2.5.5/src/util/sys_defs.h +--- postfix-2.5.5/src/util/sys_defs.h.large-fs 2008-01-15 01:51:44.000000000 +0100 ++++ postfix-2.5.5/src/util/sys_defs.h 2008-10-21 17:55:29.000000000 +0200 +@@ -709,8 +709,8 @@ extern int initgroups(const char *, int) + #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) + #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" + #define FIONREAD_IN_TERMIOS_H +-#define USE_STATFS +-#define STATFS_IN_SYS_VFS_H ++#define USE_STATVFS ++#define STATVFS_IN_SYS_STATVFS_H + #define PREPEND_PLUS_TO_OPTSTRING + #define HAS_POSIX_REGEXP + #define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail" +diff -up postfix-2.5.5/src/util/fsspace.c.large-fs postfix-2.5.5/src/util/fsspace.c +--- postfix-2.5.5/src/util/fsspace.c.large-fs 2006-06-15 20:07:16.000000000 +0200 ++++ postfix-2.5.5/src/util/fsspace.c 2008-10-21 17:56:29.000000000 +0200 +@@ -91,8 +91,15 @@ void fsspace(const char *path, struct + + if (statvfs(path, &fsbuf) < 0) + msg_fatal("statvfs %s: %m", path); +- sp->block_size = fsbuf.f_frsize; +- sp->block_free = fsbuf.f_bavail; ++ if (fsbuf.f_frsize > 0) ++ sp->block_size = fsbuf.f_frsize; ++ else ++ sp->block_size = fsbuf.f_bsize; ++ /* 4G of FS blocks is surely enough space to put a mail in */ ++ sp->block_free = 0; ++ sp->block_free = ~sp->block_free; ++ if (fsbuf.f_bavail < sp->block_free) ++ sp->block_free = fsbuf.f_bavail; + #endif + if (msg_verbose) + msg_info("%s: %s: block size %lu, blocks free %lu", diff --git a/SOURCES/postfix-pam.conf b/SOURCES/postfix-pam.conf new file mode 100644 index 0000000..73e5348 --- /dev/null +++ b/SOURCES/postfix-pam.conf @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/SOURCES/postfix-sasl.conf b/SOURCES/postfix-sasl.conf new file mode 100644 index 0000000..18d7308 --- /dev/null +++ b/SOURCES/postfix-sasl.conf @@ -0,0 +1,2 @@ +pwcheck_method: saslauthd +mech_list: plain login diff --git a/SOURCES/postfix.aliasesdb b/SOURCES/postfix.aliasesdb new file mode 100644 index 0000000..8c0156e --- /dev/null +++ b/SOURCES/postfix.aliasesdb @@ -0,0 +1,20 @@ +#!/bin/bash + +ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp + +make_aliasesdb() { + if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ] + then + # /etc/aliases.db may be used by other MTA, make sure nothing + # has touched it since our last newaliases call + [ /etc/aliases -nt /etc/aliases.db ] || + [ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] || + [ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return 0 + /usr/bin/newaliases + touch -r /etc/aliases.db "$ALIASESDB_STAMP" + else + /usr/bin/newaliases + fi +} + +make_aliasesdb diff --git a/SOURCES/postfix.service b/SOURCES/postfix.service new file mode 100644 index 0000000..23df077 --- /dev/null +++ b/SOURCES/postfix.service @@ -0,0 +1,17 @@ +[Unit] +Description=Postfix Mail Transport Agent +After=syslog.target network.target +Conflicts=sendmail.service exim.service + +[Service] +Type=forking +PIDFile=/var/spool/postfix/pid/master.pid +EnvironmentFile=-/etc/sysconfig/network +ExecStartPre=-/usr/libexec/postfix/aliasesdb +ExecStartPre=-/usr/libexec/postfix/chroot-update +ExecStart=/usr/sbin/postfix start +ExecReload=/usr/sbin/postfix reload +ExecStop=/usr/sbin/postfix stop + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/postfix.spec b/SPECS/postfix.spec new file mode 100644 index 0000000..25f78df --- /dev/null +++ b/SPECS/postfix.spec @@ -0,0 +1,1225 @@ +%bcond_without mysql +%bcond_with pgsql +%bcond_without ldap +%bcond_without pcre +%bcond_without sasl +%bcond_without tls +%bcond_without ipv6 +%bcond_without pflogsumm + +%global sysv2systemdnvr 2.8.12-2 + +# Build with -O3 on ppc64 (rhbz#1051074) +%global _performance_build 1 + +# hardened build if not overrided +%{!?_hardened_build:%global _hardened_build 1} + +# Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own +# use. Let me know if the second gid collides with another package. +# Be careful: Redhat's 'mail' user & group isn't unique! +%define postfix_uid 89 +%define postfix_user postfix +%define postfix_gid 89 +%define postfix_group postfix +%define maildrop_group postdrop +%define maildrop_gid 90 + +%define postfix_config_dir %{_sysconfdir}/postfix +%define postfix_daemon_dir %{_libexecdir}/postfix +%define postfix_command_dir %{_sbindir} +%define postfix_queue_dir %{_var}/spool/postfix +%define postfix_data_dir %{_var}/lib/postfix +%define postfix_doc_dir %{_docdir}/%{name}-%{version} +%define postfix_sample_dir %{postfix_doc_dir}/samples +%define postfix_readme_dir %{postfix_doc_dir}/README_FILES + +%if %{?_hardened_build:%{_hardened_build}}%{!?_hardened_build:0} +%global harden -pie -Wl,-z,relro,-z,now +%endif + +Name: postfix +Summary: Postfix Mail Transport Agent +Version: 2.10.1 +Release: 9%{?dist} +Epoch: 2 +Group: System Environment/Daemons +URL: http://www.postfix.org +License: IBM and GPLv2+ +Requires(post): systemd systemd-sysv +Requires(post): %{_sbindir}/alternatives +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +Requires(preun): %{_sbindir}/alternatives +Requires(preun): systemd +Requires(postun): systemd +Provides: MTA smtpd smtpdaemon server(smtp) + +Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz +Source1: postfix-etc-init.d-postfix +Source2: postfix.service +Source3: README-Postfix-SASL-RedHat.txt +Source4: postfix.aliasesdb +Source5: postfix-chroot-update + +# Sources 50-99 are upstream [patch] contributions + +%define pflogsumm_ver 1.1.3 + +%if %{with pflogsumm} +# Postfix Log Entry Summarizer: http://jimsun.linxnet.com/postfix_contrib.html +Source53: http://jimsun.linxnet.com/downloads/pflogsumm-%{pflogsumm_ver}.tar.gz +%endif + +# Sources >= 100 are config files + +Source100: postfix-sasl.conf +Source101: postfix-pam.conf + +# Patches + +Patch1: postfix-2.10.0-config.patch +Patch2: postfix-2.6.1-files.patch +Patch3: postfix-alternatives.patch +Patch8: postfix-large-fs.patch +Patch9: pflogsumm-1.1.3-datecalc.patch +Patch10: postfix-2.10.1-haproxy-tls-fix.patch +Patch11: postfix-2.10.1-canonical-maps-doc-fix.patch +Patch12: postfix-2.10.1-kernel-4-fix.patch +Patch13: postfix-2.10.1-timestamps.patch + +# Optional patches - set the appropriate environment variables to include +# them when building the package/spec file + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +# Determine the different packages required for building postfix +BuildRequires: libdb-devel, pkgconfig, zlib-devel +BuildRequires: systemd-units + +%{?with_ldap:BuildRequires: openldap-devel} +%{?with_sasl:BuildRequires: cyrus-sasl-devel} +%{?with_pcre:BuildRequires: pcre-devel} +%{?with_mysql:BuildRequires: mysql-devel} +%{?with_pgsql:BuildRequires: postgresql-devel} +%{?with_tls:BuildRequires: openssl-devel} + +%description +Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), +TLS + +%package sysvinit +Summary: SysV initscript for postfix +Group: System Environment/Daemons +BuildArch: noarch +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires(preun): chkconfig +Requires(post): chkconfig + +%description sysvinit +This package contains the SysV initscript. + +%package perl-scripts +Summary: Postfix utilities written in perl +Group: Applications/System +Requires: %{name} = %{epoch}:%{version}-%{release} +# perl-scripts introduced in 2:2.5.5-2 +Obsoletes: postfix < 2:2.5.5-2 +%if %{with pflogsumm} +Provides: postfix-pflogsumm = %{epoch}:%{version}-%{release} +Obsoletes: postfix-pflogsumm < 2:2.5.5-2 +%endif +%description perl-scripts +This package contains perl scripts pflogsumm and qshape. + +Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is +designed to provide an over-view of Postfix activity. Pflogsumm +generates summaries and, in some cases, detailed reports of mail +server traffic volumes, rejected and bounced email, and server +warnings, errors and panics. + +qshape prints Postfix queue domain and age distribution. + +%prep +%setup -q +# Apply obligatory patches +%patch1 -p1 -b .config +%patch2 -p1 -b .files +%patch3 -p1 -b .alternatives +%patch8 -p1 -b .large-fs + +%if %{with pflogsumm} +gzip -dc %{SOURCE53} | tar xf - +pushd pflogsumm-%{pflogsumm_ver} +%patch9 -p1 -b .datecalc +popd +%endif + +%patch10 -p1 -b .haproxy-tls-fix +%patch11 -p1 -b .canonical-maps-doc-fix +%patch12 -p1 -b .kernel-4-fix +%patch13 -p1 -b .timestamps + +for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do + iconv -f iso8859-1 -t utf8 -o ${f}{_,} && + touch -r ${f}{,_} && mv -f ${f}{_,} +done + +%build +CCARGS=-fPIC +AUXLIBS= + +%ifarch s390 s390x ppc +CCARGS="${CCARGS} -fsigned-char" +%endif + +%if %{with ldap} + CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 %{?with_sasl:-DUSE_LDAP_SASL}" + AUXLIBS="${AUXLIBS} -lldap -llber" +%endif +%if %{with pcre} + # -I option required for pcre 3.4 (and later?) + CCARGS="${CCARGS} -DHAS_PCRE -I%{_includedir}/pcre" + AUXLIBS="${AUXLIBS} -lpcre" +%endif +%if %{with mysql} + CCARGS="${CCARGS} -DHAS_MYSQL -I%{_includedir}/mysql" + AUXLIBS="${AUXLIBS} -L%{_libdir}/mysql -lmysqlclient -lm" +%endif +%if %{with pgsql} + CCARGS="${CCARGS} -DHAS_PGSQL -I%{_includedir}/pgsql" + AUXLIBS="${AUXLIBS} -lpq" +%endif +%if %{with sasl} + CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" + AUXLIBS="${AUXLIBS} -L%{_libdir}/sasl2 -lsasl2" + %global sasl_config_dir %{_sysconfdir}/sasl2 +%endif +%if %{with tls} + if pkg-config openssl ; then + CCARGS="${CCARGS} -DUSE_TLS `pkg-config --cflags openssl`" + AUXLIBS="${AUXLIBS} `pkg-config --libs openssl`" + else + CCARGS="${CCARGS} -DUSE_TLS -I/usr/include/openssl" + AUXLIBS="${AUXLIBS} -lssl -lcrypto" + fi +%endif +%if ! %{with ipv6} + CCARGS="${CCARGS} -DNO_IPV6" +%endif + +CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\"" +CCARGS="${CCARGS} $(getconf LFS_CFLAGS)" + +AUXLIBS="${AUXLIBS} %{?harden:%{harden}}" + +make -f Makefile.init makefiles CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" \ + DEBUG="" OPT="$RPM_OPT_FLAGS -fno-strict-aliasing -Wno-comment" + +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT + +# install postfix into $RPM_BUILD_ROOT + +# Move stuff around so we don't conflict with sendmail +for i in man1/mailq.1 man1/newaliases.1 man1/sendmail.1 man5/aliases.5; do + dest=$(echo $i | sed 's|\.[1-9]$|.postfix\0|') + mv man/$i man/$dest + sed -i "s|^\.so $i|\.so $dest|" man/man?/*.[1-9] +done + +sh postfix-install -non-interactive \ + install_root=$RPM_BUILD_ROOT \ + config_directory=%{postfix_config_dir} \ + daemon_directory=%{postfix_daemon_dir} \ + command_directory=%{postfix_command_dir} \ + queue_directory=%{postfix_queue_dir} \ + data_directory=%{postfix_data_dir} \ + sendmail_path=%{postfix_command_dir}/sendmail.postfix \ + newaliases_path=%{_bindir}/newaliases.postfix \ + mailq_path=%{_bindir}/mailq.postfix \ + mail_owner=%{postfix_user} \ + setgid_group=%{maildrop_group} \ + manpage_directory=%{_mandir} \ + sample_directory=%{postfix_sample_dir} \ + readme_directory=%{postfix_readme_dir} -keep-build-mtime || exit 1 + +# This installs into the /etc/rc.d/init.d directory +mkdir -p $RPM_BUILD_ROOT%{_initrddir} +install -c %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/postfix + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m 644 %{SOURCE2} %{buildroot}%{_unitdir} +install -m 755 %{SOURCE4} %{buildroot}%{postfix_daemon_dir}/aliasesdb +install -m 755 %{SOURCE5} %{buildroot}%{postfix_daemon_dir}/chroot-update + +install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.postfix + +for i in active bounce corrupt defer deferred flush incoming private saved maildrop public pid saved trace; do + mkdir -p $RPM_BUILD_ROOT%{postfix_queue_dir}/$i +done + +# install performance benchmark tools by hand +for i in smtp-sink smtp-source ; do + install -c -m 755 bin/$i $RPM_BUILD_ROOT%{postfix_command_dir}/ + install -c -m 755 man/man1/$i.1 $RPM_BUILD_ROOT%{_mandir}/man1/ +done + +## RPM compresses man pages automatically. +## - Edit postfix-files to reflect this, so post-install won't get confused +## when called during package installation. +sed -i -r "s#(/man[158]/.*.[158]):f#\1.gz:f#" $RPM_BUILD_ROOT%{postfix_daemon_dir}/postfix-files + +cat $RPM_BUILD_ROOT%{postfix_daemon_dir}/postfix-files +%if %{with sasl} +# Install the smtpd.conf file for SASL support. +mkdir -p $RPM_BUILD_ROOT%{sasl_config_dir} +install -m 644 %{SOURCE100} $RPM_BUILD_ROOT%{sasl_config_dir}/smtpd.conf +%endif + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d +install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix + +# prepare documentation +mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir} +cp -p %{SOURCE3} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir} + +mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup} +cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples +cp -p examples/chroot-setup/LINUX2 $RPM_BUILD_ROOT%{postfix_doc_dir}/examples/chroot-setup + +cp conf/{main,bounce}.cf.default $RPM_BUILD_ROOT%{postfix_doc_dir} +sed -i 's#%{postfix_config_dir}\(/bounce\.cf\.default\)#%{postfix_doc_dir}\1#' $RPM_BUILD_ROOT%{_mandir}/man5/bounce.5 +rm -f $RPM_BUILD_ROOT%{postfix_config_dir}/{TLS_,}LICENSE + +find $RPM_BUILD_ROOT%{postfix_doc_dir} -type f | xargs chmod 644 +find $RPM_BUILD_ROOT%{postfix_doc_dir} -type d | xargs chmod 755 + +%if %{with pflogsumm} +install -c -m 644 pflogsumm-%{pflogsumm_ver}/pflogsumm-faq.txt $RPM_BUILD_ROOT%{postfix_doc_dir}/pflogsumm-faq.txt +install -c -m 644 pflogsumm-%{pflogsumm_ver}/pflogsumm.1 $RPM_BUILD_ROOT%{_mandir}/man1/pflogsumm.1 +install -c pflogsumm-%{pflogsumm_ver}/pflogsumm.pl $RPM_BUILD_ROOT%{postfix_command_dir}/pflogsumm +%endif + +# install qshape +mantools/srctoman - auxiliary/qshape/qshape.pl > qshape.1 +install -c qshape.1 $RPM_BUILD_ROOT%{_mandir}/man1/qshape.1 +install -c auxiliary/qshape/qshape.pl $RPM_BUILD_ROOT%{postfix_command_dir}/qshape + +# remove alias file +rm -f $RPM_BUILD_ROOT%{postfix_config_dir}/aliases + +# create /usr/lib/sendmail +mkdir -p $RPM_BUILD_ROOT/usr/lib +pushd $RPM_BUILD_ROOT/usr/lib +ln -sf ../sbin/sendmail.postfix . +popd + +mkdir -p $RPM_BUILD_ROOT%{_var}/lib/misc +touch $RPM_BUILD_ROOT%{_var}/lib/misc/postfix.aliasesdb-stamp + +# prepare alternatives ghosts +for i in %{postfix_command_dir}/sendmail %{_bindir}/{mailq,newaliases,rmail} \ + %{_sysconfdir}/pam.d/smtp /usr/lib/sendmail \ + %{_mandir}/{man1/{mailq.1,newaliases.1},man5/aliases.5,man8/sendmail.8} +do + touch $RPM_BUILD_ROOT$i +done + +%post +%systemd_post %{name}.service + +# upgrade configuration files if necessary +%{_sbindir}/postfix set-permissions upgrade-configuration \ + daemon_directory=%{postfix_daemon_dir} \ + command_directory=%{postfix_command_dir} \ + mail_owner=%{postfix_user} \ + setgid_group=%{maildrop_group} \ + manpage_directory=%{_mandir} \ + sample_directory=%{postfix_sample_dir} \ + readme_directory=%{postfix_readme_dir} &> /dev/null + +%{_sbindir}/alternatives --install %{postfix_command_dir}/sendmail mta %{postfix_command_dir}/sendmail.postfix 30 \ + --slave %{_bindir}/mailq mta-mailq %{_bindir}/mailq.postfix \ + --slave %{_bindir}/newaliases mta-newaliases %{_bindir}/newaliases.postfix \ + --slave %{_sysconfdir}/pam.d/smtp mta-pam %{_sysconfdir}/pam.d/smtp.postfix \ + --slave %{_bindir}/rmail mta-rmail %{_bindir}/rmail.postfix \ + --slave /usr/lib/sendmail mta-sendmail /usr/lib/sendmail.postfix \ + --slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man1/mailq.postfix.1.gz \ + --slave %{_mandir}/man1/newaliases.1.gz mta-newaliasesman %{_mandir}/man1/newaliases.postfix.1.gz \ + --slave %{_mandir}/man8/sendmail.8.gz mta-sendmailman %{_mandir}/man1/sendmail.postfix.1.gz \ + --slave %{_mandir}/man5/aliases.5.gz mta-aliasesman %{_mandir}/man5/aliases.postfix.5.gz \ + --initscript postfix + +%if %{with sasl} +# Move sasl config to new location +if [ -f %{_libdir}/sasl2/smtpd.conf ]; then + mv -f %{_libdir}/sasl2/smtpd.conf %{sasl_config_dir}/smtpd.conf + /sbin/restorecon %{sasl_config_dir}/smtpd.conf 2> /dev/null +fi +%endif + +exit 0 + +%pre +# Add user and groups if necessary +%{_sbindir}/groupadd -g %{maildrop_gid} -r %{maildrop_group} 2>/dev/null +%{_sbindir}/groupadd -g %{postfix_gid} -r %{postfix_group} 2>/dev/null +%{_sbindir}/groupadd -g 12 -r mail 2>/dev/null +%{_sbindir}/useradd -d %{postfix_queue_dir} -s /sbin/nologin -g %{postfix_group} -G mail -M -r -u %{postfix_uid} %{postfix_user} 2>/dev/null +exit 0 + +%preun +%systemd_preun %{name}.service + +if [ "$1" = 0 ]; then + %{_sbindir}/alternatives --remove mta %{postfix_command_dir}/sendmail.postfix +fi +exit 0 + +%postun +%systemd_postun_with_restart %{name}.service + +%post sysvinit +/sbin/chkconfig --add postfix >/dev/null 2>&1 ||: + +%preun sysvinit +if [ "$1" = 0 ]; then + %{_initrddir}/postfix stop >/dev/null 2>&1 ||: + /sbin/chkconfig --del postfix >/dev/null 2>&1 ||: +fi + +%postun sysvinit +[ "$1" -ge 1 ] && %{_initrddir}/postfix condrestart >/dev/null 2>&1 ||: + +%triggerun -- postfix < %{sysv2systemdnvr} +%{_bindir}/systemd-sysv-convert --save postfix >/dev/null 2>&1 ||: +%{_bindir}/systemd-sysv-convert --apply postfix >/dev/null 2>&1 ||: +/sbin/chkconfig --del postfix >/dev/null 2>&1 || : +/bin/systemctl try-restart postfix.service >/dev/null 2>&1 || : + +%triggerpostun -n postfix-sysvinit -- postfix < %{sysv2systemdnvr} +/sbin/chkconfig --add postfix >/dev/null 2>&1 || : + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files + +# For correct directory permissions check postfix-install script. +# It reads the file postfix-files which defines the ownership +# and permissions for all files postfix installs. + +%defattr(-, root, root, -) + +# Config files not part of upstream + +%if %{with sasl} +%config(noreplace) %{sasl_config_dir}/smtpd.conf +%endif +%config(noreplace) %{_sysconfdir}/pam.d/smtp.postfix +%{_unitdir}/postfix.service + +# Documentation + +%{postfix_doc_dir} +%if %{with pflogsumm} +%exclude %{postfix_doc_dir}/pflogsumm-faq.txt +%endif + +# Misc files + +%dir %attr(0755, root, root) %{postfix_config_dir} +%dir %attr(0755, root, root) %{postfix_daemon_dir} +%dir %attr(0755, root, root) %{postfix_queue_dir} +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/active +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/bounce +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/corrupt +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/defer +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/deferred +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/flush +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/hold +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/incoming +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/saved +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/trace +%dir %attr(0730, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/maildrop +%dir %attr(0755, root, root) %{postfix_queue_dir}/pid +%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/private +%dir %attr(0710, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/public +%dir %attr(0700, %{postfix_user}, root) %{postfix_data_dir} + +%attr(0644, root, root) %{_mandir}/man1/post*.1* +%attr(0644, root, root) %{_mandir}/man1/smtp*.1* +%attr(0644, root, root) %{_mandir}/man1/*.postfix.1* +%attr(0644, root, root) %{_mandir}/man5/access.5* +%attr(0644, root, root) %{_mandir}/man5/[b-v]*.5* +%attr(0644, root, root) %{_mandir}/man5/*.postfix.5* +%attr(0644, root, root) %{_mandir}/man8/[a-qt-v]*.8* +%attr(0644, root, root) %{_mandir}/man8/s[ch-p]*.8* + +%attr(0755, root, root) %{postfix_command_dir}/smtp-sink +%attr(0755, root, root) %{postfix_command_dir}/smtp-source + +%attr(0755, root, root) %{postfix_command_dir}/postalias +%attr(0755, root, root) %{postfix_command_dir}/postcat +%attr(0755, root, root) %{postfix_command_dir}/postconf +%attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postdrop +%attr(0755, root, root) %{postfix_command_dir}/postfix +%attr(0755, root, root) %{postfix_command_dir}/postkick +%attr(0755, root, root) %{postfix_command_dir}/postlock +%attr(0755, root, root) %{postfix_command_dir}/postlog +%attr(0755, root, root) %{postfix_command_dir}/postmap +%attr(0755, root, root) %{postfix_command_dir}/postmulti +%attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postqueue +%attr(0755, root, root) %{postfix_command_dir}/postsuper +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/access +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/canonical +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/generic +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/header_checks +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/main.cf +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/master.cf +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/relocated +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/transport +%attr(0644, root, root) %config(noreplace) %{postfix_config_dir}/virtual +%attr(0755, root, root) %{postfix_daemon_dir}/[^mp]* +%attr(0644, root, root) %{postfix_daemon_dir}/main.cf +%attr(0644, root, root) %{postfix_daemon_dir}/master.cf +%attr(0755, root, root) %{postfix_daemon_dir}/master +%attr(0755, root, root) %{postfix_daemon_dir}/pickup +%attr(0755, root, root) %{postfix_daemon_dir}/pipe +%attr(0755, root, root) %{postfix_daemon_dir}/post-install +%attr(0644, root, root) %{postfix_daemon_dir}/postfix-files +%attr(0755, root, root) %{postfix_daemon_dir}/postfix-script +%attr(0755, root, root) %{postfix_daemon_dir}/postfix-wrapper +%attr(0755, root, root) %{postfix_daemon_dir}/postmulti-script +%attr(0755, root, root) %{postfix_daemon_dir}/postscreen +%attr(0755, root, root) %{postfix_daemon_dir}/proxymap +%attr(0755, root, root) %{_bindir}/mailq.postfix +%attr(0755, root, root) %{_bindir}/newaliases.postfix +%attr(0755, root, root) %{_bindir}/rmail.postfix +%attr(0755, root, root) %{_sbindir}/sendmail.postfix +%attr(0755, root, root) /usr/lib/sendmail.postfix + +%ghost %{_sysconfdir}/pam.d/smtp + +%ghost %{_mandir}/man1/mailq.1.gz +%ghost %{_mandir}/man1/newaliases.1.gz +%ghost %{_mandir}/man5/aliases.5.gz +%ghost %{_mandir}/man8/sendmail.8.gz + +%ghost %attr(0755, root, root) %{_bindir}/mailq +%ghost %attr(0755, root, root) %{_bindir}/newaliases +%ghost %attr(0755, root, root) %{_bindir}/rmail +%ghost %attr(0755, root, root) %{_sbindir}/sendmail +%ghost %attr(0755, root, root) /usr/lib/sendmail + +%ghost %attr(0644, root, root) %{_var}/lib/misc/postfix.aliasesdb-stamp + +%files sysvinit +%defattr(-, root, root, -) +%{_initrddir}/postfix + +%files perl-scripts +%defattr(-, root, root, -) +%attr(0755, root, root) %{postfix_command_dir}/qshape +%attr(0644, root, root) %{_mandir}/man1/qshape* +%if %{with pflogsumm} +%doc %{postfix_doc_dir}/pflogsumm-faq.txt +%attr(0644, root, root) %{_mandir}/man1/pflogsumm.1.gz +%attr(0755, root, root) %{postfix_command_dir}/pflogsumm +%endif + +%changelog +* Mon Jul 29 2019 Jaroslav Škarvada - 2:2.10.1-9 +- Compiled with USE_LDAP_SASL if both "ldap" and "sasl" options are enabled + Resolves: rhbz#1733938 + +* Wed Jul 24 2019 Jaroslav Škarvada - 2:2.10.1-8 +- Preserve timestamps of files during installation + Resolves: rhbz#1307081 + +* Mon May 7 2018 Jaroslav Škarvada - 2:2.10.1-7 +- Fixed haproxy with TLS + Resolves: rhbz#1370455 +- Fixed documentation about canonical maps + Resolves: rhbz#1381871 +- Fixed build with kernel-4.* + Resolves: rhbz#1575658 + +* Fri Jan 24 2014 Daniel Mach - 2:2.10.1-6 +- Mass rebuild 2014-01-24 + +* Wed Jan 15 2014 Honza Horak - 2:2.10.1-5 +- Rebuild for mariadb-libs + Related: #1045013 + +* Mon Jan 13 2014 Jaroslav Škarvada - 2:2.10.1-4 +- Build with -O3 on ppc64 + Resolves: rhbz#1051074 + +* Fri Dec 27 2013 Daniel Mach - 2:2.10.1-3 +- Mass rebuild 2013-12-27 + +* Tue Aug 6 2013 Jaroslav Škarvada - 2:2.10.1-2 +- Fixed license + Resolves: rhbz#993586 + +* Mon Jun 24 2013 Jaroslav Škarvada - 2:2.10.1-1 +- New version + Resolves: rhbz#977273 + +* Thu May 23 2013 Jaroslav Škarvada - 2:2.10.0-2 +- Fixed systemd error message regarding chroot-update, patch provided + by John Heidemann + Resolves: rhbz#917463 + +* Thu Mar 21 2013 Jaroslav Škarvada - 2:2.10.0-1 +- New version +- Re-enabled IPv6 in the config + Resolves: rhbz#863140 + +* Tue Feb 26 2013 Jaroslav Škarvada - 2:2.10.0-0.3.rc1 +- Added systemd-sysv to requires + +* Mon Feb 25 2013 Jaroslav Škarvada - 2:2.10.0-0.2.rc1 +- Switched to systemd-rpm macros + Resolves: rhbz#850276 + +* Fri Feb 8 2013 Jaroslav Škarvada - 2:2.10.0-0.1.rc1 +- New version + +* Tue Feb 5 2013 Jaroslav Škarvada - 2:2.9.6-1 +- New version + Resolves: rhbz#907803 + +* Tue Jan 8 2013 Jaroslav Škarvada - 2:2.9.5-2 +- Rebuilt with -fno-strict-aliasing + +* Thu Dec 13 2012 Jaroslav Škarvada - 2:2.9.5-1 +- New version + Resolves: rhbz#886804 + +* Thu Sep 6 2012 Jaroslav Škarvada - 2:2.9.4-3 +- Fixed systemd error message about missing chroot-update + Resolves: rhbz#832742 + +* Fri Aug 3 2012 Jaroslav Škarvada - 2:2.9.4-2 +- Fixed sysv2systemd upgrade from f16 + +* Thu Aug 2 2012 Jaroslav Škarvada - 2:2.9.4-1 +- New version + Resolves: rhbz#845298 +- Dropped biff-cloexec patch (upstreamed) + +* Sat Jul 21 2012 Fedora Release Engineering - 2:2.9.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 03 2012 Jaroslav Škarvada - 2:2.9.3-2 +- Fixed FD leak in biff + +* Tue Jun 5 2012 Jaroslav Škarvada - 2:2.9.3-1 +- New version + Resolves: rhbz#828242 + Fixed sysv2systemd upgrade from f16 + +* Wed Apr 25 2012 Jaroslav Škarvada - 2:2.9.2-2 +- Fixed sysv2systemd upgrade from f15 / f16 + +* Wed Apr 25 2012 Jaroslav Škarvada - 2:2.9.2-1 +- New version + Resolves: rhbz#816139 + +* Fri Apr 6 2012 Jaroslav Škarvada - 2:2.9.1-2 +- Rebuilt with libdb-5.2 + +* Mon Feb 20 2012 Jaroslav Škarvada - 2:2.9.1-1 +- New version + Resolves: rhbz#794976 + +* Fri Feb 10 2012 Petr Pisar - 2:2.9.0-2 +- Rebuild against PCRE 8.30 + +* Fri Feb 3 2012 Jaroslav Škarvada - 2:2.9.0-1 +- New version + Resolves: rhbz#786792 + +* Sat Jan 14 2012 Fedora Release Engineering - 2:2.8.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 10 2011 Jaroslav Škarvada - 2:2.8.7-4 +- Added epoch to sysvinit subpackage requires + +* Tue Nov 8 2011 Jaroslav Škarvada - 2:2.8.7-3 +- Fixed sysvinit preun scriptlet + +* Tue Nov 8 2011 Jaroslav Škarvada - 2:2.8.7-2 +- Introduce systemd unit file, thanks to Jóhann B. Guðmundsson + Resolves: rhbz#718793 + +* Mon Nov 7 2011 Jaroslav Škarvada - 2:2.8.7-1 +- Update to 2.8.7 + Resolves: rhbz#751622 + +* Mon Oct 24 2011 Jaroslav Škarvada - 2:2.8.6-1 +- Update to 2.8.6 + Resolves: rhbz#748389 + +* Mon Sep 12 2011 Jaroslav Škarvada - 2:2.8.5-1 +- Update to 2.8.5 + Resolves: rhbz#735543 + +* Tue Aug 30 2011 Jaroslav Škarvada - 2:2.8.4-4 +- Enable override of hardened build settings + +* Tue Aug 30 2011 Jaroslav Škarvada - 2:2.8.4-3 +- Hardened build, rebuilt with full relro + +* Tue Aug 30 2011 Jaroslav Škarvada - 2:2.8.4-2 +- Rebuilt with libdb-5.1 + Resolves: rhbz#734084 + +* Thu Jul 07 2011 Jaroslav Škarvada - 2:2.8.4-1 +- update to 2.8.4 + +* Mon May 09 2011 Jaroslav Škarvada - 2:2.8.3-1 +- update to 2.8.3 +- fix CVE-2011-1720 + +* Wed Mar 23 2011 Dan Horák - 2:2.8.2-2 +- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient) + +* Tue Mar 22 2011 Jaroslav Škarvada - 2:2.8.2-1 +- update to 2.8.2 + +* Wed Feb 23 2011 Miroslav Lichvar 2:2.8.1-1 +- update to 2.8.1 + +* Wed Feb 09 2011 Fedora Release Engineering - 2:2.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Feb 07 2011 Miroslav Lichvar 2:2.8.0-2 +- don't set config_directory when upgrading configuration (#675654) + +* Wed Jan 26 2011 Miroslav Lichvar 2:2.8.0-1 +- update to 2.8.0 + +* Fri Nov 26 2010 Miroslav Lichvar 2:2.7.2-1 +- update to 2.7.2 +- change LSB init header to provide $mail-transport-agent (#627411) + +* Thu Jun 10 2010 Miroslav Lichvar 2:2.7.1-1 +- update to 2.7.1 +- update pflogsumm to 1.1.3 + +* Wed Mar 17 2010 Miroslav Lichvar 2:2.7.0-2 +- follow guidelines for alternatives (#570801) +- move sasl config to /etc/sasl2 (#574434) +- drop sasl v1 support +- remove unnecessary requirements +- use bcond macros + +* Fri Feb 26 2010 Miroslav Lichvar 2:2.7.0-1 +- update to 2.7.0 + +* Fri Jan 29 2010 Miroslav Lichvar 2:2.6.5-3 +- fix init script LSB compliance (#528151) +- update pflogsumm to 1.1.2 +- require Date::Calc for pflogsumm (#536678) +- fix some rpmlint warnings + +* Wed Sep 16 2009 Tomas Mraz - 2:2.6.5-2 +- use password-auth common PAM configuration instead of system-auth + +* Tue Sep 01 2009 Miroslav Lichvar 2:2.6.5-1 +- update to 2.6.5 + +* Fri Aug 21 2009 Tomas Mraz - 2:2.6.2-3 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 2:2.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jun 18 2009 Miroslav Lichvar 2:2.6.2-1 +- update to 2.6.2 + +* Tue May 26 2009 Miroslav Lichvar 2:2.6.1-1 +- update to 2.6.1 +- move non-config files out of /etc/postfix (#490983) +- fix multilib conflict in postfix-files (#502211) +- run chroot-update script in init script (#483186) +- package examples (#251677) +- provide all alternatives files +- suppress postfix output in post script + +* Thu Feb 26 2009 Fedora Release Engineering - 2:2.5.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jan 23 2009 Miroslav Lichvar 2:2.5.6-2 +- rebuild for new mysql + +* Thu Jan 22 2009 Miroslav Lichvar 2:2.5.6-1 +- update to 2.5.6 (#479108) +- rebuild /etc/aliases.db only when necessary (#327651) +- convert doc files to UTF-8 + +* Thu Nov 20 2008 Miroslav Lichvar 2:2.5.5-2 +- enable Large file support on 32-bit archs (#428996) +- fix mailq(1) and newaliases(1) man pages (#429501) +- move pflogsumm and qshape to -perl-scripts subpackage (#467529) +- update pflogsumm to 1.1.1 +- fix large-fs patch +- drop open_define patch +- add -Wno-comment to CFLAGS + +* Wed Sep 17 2008 Thomas Woerner 2:2.5.5-1 +- new version 2.5.5 + fixes CVE-2008-2936, CVE-2008-2937 and CVE-2008-3889 (rhbz#459101) + +* Thu Aug 28 2008 Tom "spot" Callaway 2:2.5.1-4 +- fix license tag + +* Thu Aug 14 2008 Thomas Woerner 2:2.5.1-3 +- fixed postfix privilege problem with symlinks in the mail spool directory + (CVE-2008-2936) (rhbz#459101) + +* Wed Mar 12 2008 Thomas Woerner 2:2.5.1-2 +- fixed fix for enabling IPv6 support (rhbz#437024) +- added new postfix data directory (rhbz#437042) + +* Thu Feb 21 2008 Thomas Woerner 2:2.5.1-1 +- new verison 2.5.1 + +* Wed Feb 20 2008 Fedora Release Engineering - 2:2.4.6-3 +- Autorebuild for GCC 4.3 + +* Thu Dec 06 2007 Release Engineering - 2.4.6-2 +- Rebuild for deps + +* Wed Nov 28 2007 Thomas Woerner 2:2.4.6-1 +- new verison 2.4.6 +- added virtual server(smtp) provide (rhbz#380631) +- enabling IPv6 support (rhbz#197105) +- made the MYSQL and PGSQL defines overloadable as build argument + +* Wed Nov 7 2007 Thomas Woerner 2:2.4.5-3 +- fixed multilib conflict for makedefs.out: rename to makedefs.out-%%{_arch} + (rhbz#342941) +- enabled mysql support + +* Thu Oct 4 2007 Thomas Woerner 2:2.4.5-2 +- made init script lsb conform (#243286, rhbz#247025) +- added link to postfix sasl readme into Postfix-SASL-RedHat readme + +* Mon Aug 13 2007 Thomas Woerner 2:2.4.5-1 +- new version 2.4.5 +- fixed compile proplem with glibc-2.6.90+ + +* Fri Jun 15 2007 Thomas Woerner 2:2.4.3-3 +- added missing epoch in requirement of pflogsumm sub package + +* Thu Jun 14 2007 Thomas Woerner 2:2.4.3-2 +- diabled mysql support again (rhbz#185515) +- added support flag for PostgreSQL build (rhbz#180579) + Ben: Thanks for the patch +- Fixed remaining rewiew problems (rhbz#226307) + +* Tue Jun 5 2007 Thomas Woerner 2:2.4.3-1 +- allow to build without LDAP but SASL2 support (rhbz#216792) + +* Tue Jun 5 2007 Thomas Woerner 2:2.4.3-1 +- new stable version 2.4.3 +- enabled mysql support (rhbz#185515) +- dropped build requirements for gawk, ed and sed + +* Tue Jan 23 2007 Thomas Woerner 2:2.3.6-1 +- new version 2.3.6 +- limiting SASL mechanisms to plain login for sasl with saslauthd (#175259) +- dropped usage of ed in the install stage + +* Tue Nov 7 2006 Thomas Woerner 2:2.3.4-1 +- new version 2.3.4 + +* Fri Sep 1 2006 Thomas Woerner 2:2.3.3-2 +- fixed upgrade procedure (#202357) + +* Fri Sep 1 2006 Thomas Woerner 2:2.3.3-1 +- new version 2.3.3 +- fixed permissions of TLS_LICENSE file + +* Fri Aug 18 2006 Jesse Keating - 2:2.3.2-2 +- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* + (#203001) + +* Mon Jul 31 2006 Thomas Woerner 2:2.3.2-1 +- new version 2.3.2 with major upstream fixes: + - corrupted queue file after a request to modify a short message header + - panic after spurious Milter request when a client was rejected + - maked the Milter more tolerant for redundant "data cleanup" requests +- applying pflogsumm-conn-delays-dsn-patch from postfix tree to pflogsumm + +* Fri Jul 28 2006 Thomas Woerner 2:2.3.1-1 +- new version 2.3.1 +- fixes problems with TLS and Milter support + +* Tue Jul 25 2006 Thomas Woerner 2:2.3.0-2 +- fixed SASL build (#200079) + thanks to Kaj J. Niemi for the patch + +* Mon Jul 24 2006 Thomas Woerner 2:2.3.0-1 +- new version 2.3.0 +- dropped hostname-fqdn patch + +* Wed Jul 12 2006 Jesse Keating - 2:2.2.10-2.1 +- rebuild + +* Wed May 10 2006 Thomas Woerner 2:2.2.10-2 +- added RELRO security protection + +* Tue Apr 11 2006 Thomas Woerner 2:2.2.10-1 +- new version 2.2.10 +- added option LDAP_DEPRECATED to support deprecated ldap functions for now +- fixed build without pflogsumm support (#188470) + +* Fri Feb 10 2006 Jesse Keating - 2:2.2.8-1.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2:2.2.8-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 24 2006 Florian Festi 2:2.2.8-1 +- new version 2.2.8 + +* Tue Dec 13 2005 Thomas Woerner 2:2.2.7-1 +- new version 2.2.7 + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Nov 11 2005 Thomas Woerner 2:2.2.5-2.1 +- replaced postconf and postalias call in initscript with newaliases (#156358) +- fixed initscripts messages (#155774) +- fixed build problems when sasl is disabled (#164773) +- fixed pre-definition of mailbox_transport lmtp socket path (#122910) + +* Thu Nov 10 2005 Tomas Mraz 2:2.2.5-2 +- rebuilt against new openssl + +* Fri Oct 7 2005 Tomas Mraz +- use include instead of pam_stack in pam config + +* Thu Sep 8 2005 Thomas Woerner 2:2.2.5-1 +- new version 2.2.5 + +* Thu May 12 2005 Thomas Woerner 2:2.2.3-1 +- new version 2.2.3 +- compiling all binaries PIE, dropped old pie patch + +* Wed Apr 20 2005 Tomas Mraz 2:2.2.2-2 +- fix fsspace on large filesystems (>2G blocks) + +* Tue Apr 12 2005 Thomas Woerner 2:2.2.2-1 +- new version 2.2.2 + +* Fri Mar 18 2005 Thomas Woerner 2:2.2.1-1 +- new version 2.2.1 +- allow to start postfix without alias_database (#149657) + +* Fri Mar 11 2005 Thomas Woerner 2:2.2.0-1 +- new version 2.2.0 +- cleanup of spec file: removed external TLS and IPV6 patches, removed + smtp_sasl_proto patch +- dropped samples directory till there are good examples again (was TLS and + IPV6) +- v2.2.0 fixes code problems: #132798 and #137858 + +* Fri Feb 11 2005 Thomas Woerner 2:2.1.5-5.1 +- fixed open relay bug in postfix ipv6 patch: new version 1.26 (#146731) +- fixed permissions on doc directory (#147280) +- integrated fixed fqdn patch from Joseph Dunn (#139983) + +* Tue Nov 23 2004 Thomas Woerner 2:2.1.5-4.1 +- removed double quotes from postalias call, second fix for #138354 + +* Thu Nov 11 2004 Jeff Johnson 2:2.1.5-4 +- rebuild against db-4.3.21. +- remove Requires: db4, the soname linkage dependency is sufficient. + +* Thu Nov 11 2004 Thomas Woerner 2:2.1.5-3.1 +- fixed problem with multiple alias maps (#138354) + +* Tue Oct 26 2004 Thomas Woerner 2:2.1.5-3 +- fixed wrong path for cyrus-imapd (#137074) + +* Mon Oct 18 2004 Thomas Woerner 2:2.1.5-2.2 +- automated postalias call in init script +- removed postconf call from spec file: moved changes into patch + +* Fri Oct 15 2004 Thomas Woerner 2:2.1.5-2.1 +- removed aliases from postfix-files (#135840) +- fixed postalias call in init script + +* Thu Oct 14 2004 Thomas Woerner 2:2.1.5-2 +- switched over to system aliases file and database in /etc/ (#117661) +- new reuires and buildrequires for setup >= 2.5.36-1 + +* Mon Oct 4 2004 Thomas Woerner 2:2.1.5-1 +- new version 2.1.5 +- new ipv6 and tls+ipv6 patches: 1.25-pf-2.1.5 + +* Thu Aug 5 2004 Thomas Woerner 2:2.1.4-1 +- new version 2.1.4 +- new ipv6 and tls+ipv6 patches: 1.25-pf-2.1.4 +- new pfixtls-0.8.18-2.1.3-0.9.7d patch + +* Mon Jun 21 2004 Thomas Woerner 2:2.1.1-3.1 +- fixed directory permissions in %%doc (#125406) +- fixed missing spool dirs (#125460) +- fixed verify problem for aliases.db (#125461) +- fixed bogus upgrade warning (#125628) +- more spec file cleanup + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Sun Jun 06 2004 Florian La Roche +- make sure pflog files have same permissions even if in multiple + sub-rpms + +* Fri Jun 4 2004 Thomas Woerner 2:2.1.1-1 +- new version 2.1.1 +- compiling postfix PIE +- new alternatives slave for /usr/lib/sendmail + +* Wed Mar 31 2004 John Dennis 2:2.0.18-4 +- remove version from pflogsumm subpackage, it was resetting the + version used in the doc directory, fixes bug 119213 + +* Tue Mar 30 2004 Bill Nottingham 2:2.0.18-3 +- add %%defattr for pflogsumm package + +* Tue Mar 16 2004 John Dennis 2:2.0.18-2 +- fix sendmail man page (again), make pflogsumm a subpackage + +* Mon Mar 15 2004 John Dennis 2:2.0.18-1 +- bring source up to upstream release 2.0.18 +- include pflogsumm, fixes bug #68799 +- include smtp-sink, smtp-source man pages, fixes bug #118163 + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Tue Feb 24 2004 John Dennis 2:2.0.16-14 +- fix bug 74553, make alternatives track sendmail man page + +* Tue Feb 24 2004 John Dennis 2:2.0.16-13 +- remove /etc/sysconfig/saslauthd from rpm, fixes bug 113975 + +* Wed Feb 18 2004 John Dennis +- set sasl back to v2 for mainline, this is good for fedora and beyond, + for RHEL3, we'll branch and set set sasl to v1 and turn off ipv6 + +* Tue Feb 17 2004 John Dennis +- revert back to v1 of sasl because LDAP still links against v1 and we can't +- bump revision for build + have two different versions of the sasl library loaded in one load image at + the same time. How is that possible? Because the sasl libraries have different + names (libsasl.so & libsasl2.so) but export the same symbols :-( + Fixes bugs 115249 and 111767 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jan 21 2004 John Dennis 2:2.0.16-7 +- fix bug 77216, support snapshot builds + +* Tue Jan 20 2004 John Dennis 2:2.0.16-6 +- add support for IPv6 via Dean Strik's patches, fixes bug 112491 + +* Tue Jan 13 2004 John Dennis 2:2.0.16-4 +- remove mysqlclient prereq, fixes bug 101779 +- remove md5 verification override, this fixes bug 113370. Write parse-postfix-files + script to generate explicit list of all upstream files with ownership, modes, etc. + carefully add back in all other not upstream files, files list is hopefully + rock solid now. + +* Mon Jan 12 2004 John Dennis 2:2.0.16-3 +- add zlib-devel build prereq, fixes bug 112822 +- remove copy of resolve.conf into chroot jail, fixes bug 111923 + +* Tue Dec 16 2003 John Dennis +- bump release to build 3.0E errata update + +* Sat Dec 13 2003 Jeff Johnson 2:2.0.16-2 +- rebuild against db-4.2.52. + +* Mon Nov 17 2003 John Dennis 2:2.0.16-1 +- sync up with current upstream release, 2.0.16, fixes bug #108960 + +* Thu Sep 25 2003 Jeff Johnson 2.0.11-6 +- rebuild against db-4.2.42. + +* Tue Jul 22 2003 Nalin Dahyabhai 2.0.11-5 +- rebuild + +* Thu Jun 26 2003 John Dennis +- bug 98095, change rmail.postfix to rmail for uucp invocation in master.cf + +* Wed Jun 25 2003 John Dennis +- add missing dependency for db3/db4 + +* Thu Jun 19 2003 John Dennis +- upgrade to new 2.0.11 upstream release +- fix authentication problems +- rewrite SASL documentation +- upgrade to use SASL version 2 +- Fix bugs 75439, 81913 90412, 91225, 78020, 90891, 88131 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri Mar 7 2003 John Dennis +- upgrade to release 2.0.6 +- remove chroot as this is now the preferred installation according to Wietse Venema, the postfix author + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Tue Feb 18 2003 Bill Nottingham 2:1.1.11-10 +- don't copy winbind/wins nss modules, fixes #84553 + +* Sat Feb 01 2003 Florian La Roche +- sanitize rpm scripts a bit + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Sat Jan 11 2003 Karsten Hopp 2:1.1.11-8 +- rebuild to fix krb5.h issue + +* Tue Jan 7 2003 Nalin Dahyabhai 2:1.1.11-7 +- rebuild + +* Fri Jan 3 2003 Nalin Dahyabhai +- if pkgconfig knows about openssl, use its cflags and linker flags + +* Thu Dec 12 2002 Tim Powers 2:1.1.11-6 +- lib64'ize +- build on all arches + +* Wed Jul 24 2002 Karsten Hopp +- make aliases.db config(noreplace) (#69612) + +* Tue Jul 23 2002 Karsten Hopp +- postfix has its own filelist, remove LICENSE entry from it (#69069) + +* Tue Jul 16 2002 Karsten Hopp +- fix shell in /etc/passwd (#68373) +- fix documentation in /etc/postfix (#65858) +- Provides: /usr/bin/newaliases (#66746) +- fix autorequires by changing /usr/local/bin/perl to /usr/bin/perl in a + script in %%doc (#68852), although I don't think this is necessary anymore + +* Mon Jul 15 2002 Phil Knirsch +- Fixed missing smtpd.conf file for SASL support and included SASL Postfix + Red Hat HOWTO (#62505). +- Included SASL2 support patch (#68800). + +* Mon Jun 24 2002 Karsten Hopp +- 1.1.11, TLS 0.8.11a +- fix #66219 and #66233 (perl required for %%post) + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Bernhard Rosenkraenzer 1.1.10-1 +- 1.1.10, TLS 0.8.10 +- Build with db4 +- Enable SASL + +* Mon Apr 15 2002 Bernhard Rosenkraenzer 1.1.7-2 +- Fix bugs #62358 and #62783 +- Make sure libdb-3.3.so is in the chroot jail (#62906) + +* Mon Apr 8 2002 Bernhard Rosenkraenzer 1.1.7-1 +- 1.1.7, fixes 2 critical bugs +- Make sure there's a resolv.conf in the chroot jail + +* Wed Mar 27 2002 Bernhard Rosenkraenzer 1.1.5-3 +- Add Provides: lines for alternatives stuff (#60879) + +* Tue Mar 26 2002 Nalin Dahyabhai 1.1.5-2 +- rebuild + +* Tue Mar 26 2002 Bernhard Rosenkraenzer 1.1.5-1 +- 1.1.5 (bugfix release) +- Rebuild with current db + +* Thu Mar 14 2002 Bill Nottingham 1.1.4-3 +- remove db trigger, it's both dangerous and pointless +- clean up other triggers a little + +* Wed Mar 13 2002 Bernhard Rosenkraenzer 1.1.4-2 +- Some trigger tweaks to make absolutely sure /etc/services is in the + chroot jail + +* Mon Mar 11 2002 Bernhard Rosenkraenzer 1.1.4-1 +- 1.1.4 +- TLS 0.8.4 +- Move postalias run from %%post to init script to work around + anaconda being broken. + +* Fri Mar 8 2002 Bill Nottingham 1.1.3-5 +- use alternatives --initscript support + +* Thu Feb 28 2002 Bill Nottingham 1.1.3-4 +- run alternatives --remove in %%preun +- add various prereqs + +* Thu Feb 28 2002 Nalin Dahyabhai 1.1.3-3 +- adjust the default postfix-files config file to match the alternatives setup + by altering the arguments passed to post-install in the %%install phase + (otherwise, it might point to sendmail's binaries, breaking it rather rudely) +- adjust the post-install script so that it silently uses paths which have been + modified for use with alternatives, for upgrade cases where the postfix-files + configuration file isn't overwritten +- don't forcefully strip files -- that's a build root policy +- remove hard requirement on openldap, library dependencies take care of it +- redirect %%postun to /dev/null +- don't remove the postfix user and group when the package is removed + +* Wed Feb 20 2002 Bernhard Rosenkraenzer 1.1.3-2 +- listen on 127.0.0.1 only by default (#60071) +- Put config samples in %%{_docdir}/%%{name}-%%{version} rather than + /etc/postfix (#60072) +- Some spec file cleanups + +* Tue Feb 19 2002 Bernhard Rosenkraenzer 1.1.3-1 +- 1.1.3, TLS 0.8.3 +- Fix updating +- Don't run the statistics cron job +- remove requirement on perl Date::Calc + +* Thu Jan 31 2002 Bernhard Rosenkraenzer 1.1.2-3 +- Fix up alternatives stuff + +* Wed Jan 30 2002 Bernhard Rosenkraenzer 1.1.2-2 +- Use alternatives + +* Sun Jan 27 2002 Bernhard Rosenkraenzer 1.1.2-1 +- Initial Red Hat Linux packaging, based on spec file from + Simon J Mudd +- Changes from that: + - Set up chroot environment in triggers to make sure we catch glibc errata + - Remove some hacks to support building on all sorts of distributions at + the cost of specfile readability + - Remove postdrop group on deletion +