groovy2shoes/contrib
1
0
Fork 0
forked from ports/contrib
Code Pull Requests Activity

postfix-lmdb: 3.7.2 (not affected iirc; but: README etc. updates)

Browse Source
This commit is contained in:
Steffen Nurpmeso 2022-06-08 23:03:47 +02:00
parent 4449150b43
commit 6218a83b98
5 changed files with 91 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
postfix-lmdb/.signature
View File

@ -1,17 +1,17 @@
untrusted comment: verify with /etc/ports/contrib.pub
RWSagIOpLGJF384azRoQDIIAt3mnxPMhSi7FJ6rXf2iQ8gGgMkKYER+o72UkrKiYGO1GUTa2GsgwB/eEZ1PUGfnscOJmOmG83wg=
SHA256 (Pkgfile) = ebde332bc985c59abe50c4be45d3dab6769fd94ab107625bb8aaa2855d5679ef
RWSagIOpLGJF34YubPOHGqD6bMuGPGGI16k5PR+vSjMsRQJyIutdVM+9Ttxrw9WduOseYhSRyXl7R7kQdOMhT06FubF6iD4eIQY=
SHA256 (Pkgfile) = 791e730a27bc421ae078da0bf9dcea78293c96699a6b00344e3257be8263449d
SHA256 (.footprint) = c4bef46624508b9105e8c5816c322560a560c09e9c5507509eb95c886d52a387
SHA256 (postfix-3.7.1.tar.gz) = 25c3e7ec09955af873407af3070fd259da8477b80e2f4663c5fdc00a2cc947ee
SHA256 (postfix-3.7.2.tar.gz) = 3785f76c2924a02873c0be0f0cd124a9166fc1aaf77ea2a06bd4ad795a6ed416
SHA256 (lmdb-default.patch) = 11f42333ae0640a3ca579463ed28007973693b93bc734b5d82225fcb516bf05e
SHA256 (postfix-install.patch) = 7185d2b2e4d7cc090b958c1d372c16e15f274465e2123686a0d97db20e2b5943
SHA256 (post-install) = 16dfda7fc118659d5ed83d4a0f683c730b0de723f9700806666532efa2502957
SHA256 (postfix.rc) = 5ac60205a95faf4633c64bc60d2689f654b997932e3bbc1204b66df7b5dce1d2
SHA256 (README) = a51f96a1f17cdc075d307c44f146e761e0c795812710b1db6e049b7bdee84210
SHA256 (README) = f0b40f97977607b7fd50791f611396ac0efb747227dd4063e05be914d23c7ded
SHA256 (aliases) = 60ae98d869800055b248c32c183a1836cc5a698cf337cb7ad734e862ae80e95a
SHA256 (relay_clientcerts) = 2aa69a949c06826e2f5a760791fb5cebb37e6797613270fd11381c33afa38297
SHA256 (client_restrict) = 9496a99f6714625c5883a41f8a5f9db8aa43199ef2167c18d83a2b39469622e3
SHA256 (sender_access) = c9b9b86c985facdc18e6bfe436c78340174fc315478e578d82c956e35355e678
SHA256 (sender_restrict) = 9b672511eac1971f8cd72b045e200aac8e0fe6407f1a055085fc1b85c1f24ed7
SHA256 (main-addon.cf) = 3c8e601c90773a6b8dc35327651af1307201f703a3dea55db10ef5fd7171e0bf
SHA256 (master.patch) = 062960dbabd1ae4890d7bb3dc364215f5755c04d1a2d6138f9871dbd66301009
SHA256 (main-addon.cf) = 9b76d29773fec26c3500df9203b5740ca52b44d5fc62d8c80da518f5959e6063
SHA256 (master.patch) = 096b53869e8a55c8971b6ab055c170f5dc7dc676e254e5780dbdfab2a145947c

2
postfix-lmdb/Pkgfile
View File

@ -6,7 +6,7 @@
rname=postfix
name=postfix-lmdb
version=3.7.1
version=3.7.2
release=1
source=(
https://de.${rname}.org/ftpmirror/official/${rname}-${version}.tar.gz

28
postfix-lmdb/README
View File

@ -7,6 +7,8 @@ The CRUX postfix package
* SmartHost
* Relay
* DNS black lists
* Gray listing
* Address verification
Abstract
--------
@ -101,7 +103,29 @@ uncomment it. See above for SmartHost.
DNS deny lists
--------------
Edit main.cf and uncomment and edit lines marked #DNSDL.
Run "/etc/rc.d/postfix-lmdb reload" (or restart).
. Edit main.cf and uncomment and edit lines marked #DNSDL.
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
Gray listing
------------
. Install s-postgray, and create a minimal configuration file.
. Edit main.cf and uncomment and edit lines marked #GRAY.
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
. Track your logs to fill in configuration some days or weeks.
. Remove "-c 0" s-postgray command line option from master.cf.
Address verification
--------------------
. Unless you use gray listing with --msg-allow=permit allowance, and
have a completed set of allowlisted entries, you should read postfix's
README_FILES/ADDRESS_VERIFICATION_README.
. Edit main.cf and uncomment and edit lines marked #VERIFY.
If gray listing is enabled, you could reconfigure it to not include
recipients but only senders and client addresses via --focus-sender;
then, change GRAY and VERIFY to happen in smtpd_sender_restrictions
not smtpd_recipient_restrictions.
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
# s-ts-mode

77
postfix-lmdb/main-addon.cf
View File

@ -4,7 +4,7 @@
default_privs = _postfix_xlocal
setgid_group = _postfix_queue
mail_spool_directory = /var/spool/mail
alias_database = lmdb:/etc/postfix-lmdb/aliases
alias_database = lmdb:$meta_directory/aliases
alias_maps = $alias_database
# all # or ipv4, ipv6 or ipv4 or ipv6
inet_protocols = all
@ -68,9 +68,9 @@ tls_append_default_CA = no
# Put the hash only in relay_clientcerts, right hand value is not inspected:
# FINGERPRINT-HERE whatever value
# Search #RELAY for this, uncomment
#RELAY relay_clientcerts = lmdb:/etc/postfix-lmdb/relay_clientcerts
#RELAY relay_clientcerts = lmdb:$meta_directory/relay_clientcerts
# relay_domains <-> reject_unauth_destination,permit_auth_destination
# eg lmdb:/etc/postfix-lmdb/transport
# eg lmdb:$meta_directory/transport
transport_maps =
relay_domains = $mynetworks,$transport_maps
@ -79,12 +79,12 @@ smtpd_authorized_verp_clients = 127.0.0.1
# Clients connection checks
smtpd_client_restrictions =
# permit_inet_interfaces, OR
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
check_client_access lmdb:$meta_directory/client_restrict,
reject_unknown_client_hostname,
check_client_access lmdb:/etc/postfix-lmdb/client_restrict,
# in case you want reject DNS blacklists rather than greylist them,
# exchange sleep (maybe) and uncomment the lines below
sleep 1,
@ -103,34 +103,41 @@ smtpd_data_restrictions =
permit
smtpd_helo_restrictions =
# permit_inet_interfaces, OR
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
reject_unknown_helo_hostname,
permit
# MAIL FROM Checks
smtpd_sender_restrictions =
# permit_inet_interfaces, OR
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY reject_authenticated_sender_login_mismatch,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
reject_non_fqdn_sender,
# Total no-goes database, eg: qq.com reject
check_sender_access lmdb:/etc/postfix-lmdb/sender_restrict,
check_sender_access lmdb:$meta_directory/sender_restrict,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
#GRAY: with --focus-sender only! And --msg-allow=permit
#GRAY check_policy_service unix:private/postgray,
#VERIFY(..then) reject_unverified_sender,
permit
smtpd_relay_before_recipient_restrictions = yes
# RCPT TO checks, relay policy
# Local clients and authenticated clients may specify any destination domain
smtpd_relay_restrictions =
# permit_inet_interfaces, OR
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
reject_non_fqdn_sender,
#[RELAY] permit_sasl_authenticated,
reject_non_fqdn_recipient,
#permit_auth_destination,
#reject
@ -140,27 +147,24 @@ smtpd_relay_restrictions =
# RCPT TO checks, spam blocking policy
# Match fast for $mynetworks and authenticated clients.
smtpd_recipient_restrictions =
# permit_inet_interfaces, OR
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
reject_unknown_recipient_domain,
# (SMTPD_POLICY_README says
# reject_unauth_destination is not needed here if the mail relay policy is
# specified with smtpd_relay_restrictions (available with Postfix 2.10 and
# later))
#reject_unauth_destination,
# better not: reject_unverified_sender,
# DB of MAIL FROM's without policy server checks (one way, or another)
check_sender_access lmdb:/etc/postfix-lmdb/sender_access,
check_sender_access lmdb:$meta_directory/sender_access,
#check_policy_service inet:127.0.0.1:5525,
#check_policy_service unix:private/postgray
#GRAY: without --focus-sender
#GRAY check_policy_service unix:private/postgray,
#VERIFY(..then) reject_unverified_sender,
#(VERIFY would not) reject_unverified_recipient,
permit
# i would turn that on..
#smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_hard_error_limit = 1
smtpd_hard_error_limit = 2
smtpd_soft_error_limit = 1
smtpd_per_record_deadline = yes
smtpd_timeout = 15s
@ -172,11 +176,14 @@ smtpd_junk_command_limit = 5
#smtpd_client_connection_rate_limit = 20
#smtpd_client_connection_count_limit = 2
#VERIFY address_verify_map = lmdb:$data_directory/verify_cache
#VERIFY address_verify_cache_cleanup_interval = 86400s
#TLS Do not forget to look into master.cf!
# That one is for client certificates!
#smtpd_tls_CAfile = /etc/dovecot/cert.pem
#TLS smtpd_tls_chain_files = /etc/postfix-lmdb/key_and_cert.pem
#TLS smtpd_tls_dh1024_param_file = /etc/postfix-lmdb/dh2048.pem
#TLS smtpd_tls_chain_files = $meta_directory/key_and_cert.pem
#TLS smtpd_tls_dh1024_param_file = $meta_directory/dh2048.pem
# This are managed per-service in master.cf!
#smtpd_tls_security_level = none
#RELAY smtpd_tls_ask_ccert = yes
@ -194,7 +201,7 @@ smtpd_tls_mandatory_exclude_ciphers =
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers
smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
smtpd_tls_session_cache_database = lmdb:/var/lib/postfix-lmdb/smtpd_scache
smtpd_tls_session_cache_database = lmdb:$data_directory/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
# Usually enabled per-service in master.cf!
@ -223,7 +230,7 @@ smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
smtp_tls_ciphers = $smtpd_tls_ciphers
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_connection_reuse = yes
smtp_tls_session_cache_database = lmdb:/var/lib/postfix-lmdb/smtp_scache
smtp_tls_session_cache_database = lmdb:$data_directory/smtp_scache
smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
#smtp_sasl_auth_enable = $smtpd_sasl_auth_enable
@ -256,8 +263,8 @@ smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
#SMART Authentication like that not tried, this from postfix SASL_README:
#smtp_sasl_auth_enable = yes
#smtp_sasl_tls_security_options = noanonymous
#smtp_sasl_password_maps = lmdb:/etc/postfix-lmdb/sasl_passwd
# /etc/postfix-lmdb/sasl_passwd:
#smtp_sasl_password_maps = lmdb:$meta_directory/sasl_passwd
# $meta_directory/sasl_passwd:
# # destination credentials
# #user1@example.com username1:password1
# #user2@example.net username2:password2
@ -265,9 +272,9 @@ smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
# # Alternative form:
# # [mail.isp.example]:submission username:password
#SMART Even sender-specific, uncomment the user1 user2 entries above then
# sender_dependent_relayhost_maps = lmdb:/etc/postfix/sender_relay
# /etc/postfix/sender_relay:
# # Per-sender provider; see also /etc/postfix/sasl_passwd.
# sender_dependent_relayhost_maps = lmdb:$meta_directory/sender_relay
# $meta_directory/sender_relay:
# # Per-sender provider; see also $meta_directory/sasl_passwd.
# user1@example.com [mail.example.com]:submission
# user2@example.net [mail.example.net]

18
postfix-lmdb/master.patch
View File

@ -1,5 +1,5 @@
--- master.cf.orig 2021-09-15 16:42:06.307124019 +0200
+++ master.cf 2021-09-15 16:47:11.560462685 +0200
--- master.cf.orig 2022-06-08 22:53:27.956225130 +0200
+++ master.cf 2022-06-08 22:56:16.596225800 +0200
@@ -10,6 +10,20 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
@ -21,3 +21,17 @@
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
@@ -86,7 +100,12 @@
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
-#
+
+#GRAY
+#GRAY postgray unix - n n - - spawn
+#GRAY
+#GRAY user=_postfix_xlocal argv=/usr/libexec/s-postgray -c0 -R /etc/postfix-lmdb/pg.rc
+
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#