postfix-lmdb: 3.7.2 (not affected iirc; but: README etc. updates)
This commit is contained in:
parent
4449150b43
commit
6218a83b98
|
|
@ -1,17 +1,17 @@
|
|||
untrusted comment: verify with /etc/ports/contrib.pub
|
||||
RWSagIOpLGJF384azRoQDIIAt3mnxPMhSi7FJ6rXf2iQ8gGgMkKYER+o72UkrKiYGO1GUTa2GsgwB/eEZ1PUGfnscOJmOmG83wg=
|
||||
SHA256 (Pkgfile) = ebde332bc985c59abe50c4be45d3dab6769fd94ab107625bb8aaa2855d5679ef
|
||||
RWSagIOpLGJF34YubPOHGqD6bMuGPGGI16k5PR+vSjMsRQJyIutdVM+9Ttxrw9WduOseYhSRyXl7R7kQdOMhT06FubF6iD4eIQY=
|
||||
SHA256 (Pkgfile) = 791e730a27bc421ae078da0bf9dcea78293c96699a6b00344e3257be8263449d
|
||||
SHA256 (.footprint) = c4bef46624508b9105e8c5816c322560a560c09e9c5507509eb95c886d52a387
|
||||
SHA256 (postfix-3.7.1.tar.gz) = 25c3e7ec09955af873407af3070fd259da8477b80e2f4663c5fdc00a2cc947ee
|
||||
SHA256 (postfix-3.7.2.tar.gz) = 3785f76c2924a02873c0be0f0cd124a9166fc1aaf77ea2a06bd4ad795a6ed416
|
||||
SHA256 (lmdb-default.patch) = 11f42333ae0640a3ca579463ed28007973693b93bc734b5d82225fcb516bf05e
|
||||
SHA256 (postfix-install.patch) = 7185d2b2e4d7cc090b958c1d372c16e15f274465e2123686a0d97db20e2b5943
|
||||
SHA256 (post-install) = 16dfda7fc118659d5ed83d4a0f683c730b0de723f9700806666532efa2502957
|
||||
SHA256 (postfix.rc) = 5ac60205a95faf4633c64bc60d2689f654b997932e3bbc1204b66df7b5dce1d2
|
||||
SHA256 (README) = a51f96a1f17cdc075d307c44f146e761e0c795812710b1db6e049b7bdee84210
|
||||
SHA256 (README) = f0b40f97977607b7fd50791f611396ac0efb747227dd4063e05be914d23c7ded
|
||||
SHA256 (aliases) = 60ae98d869800055b248c32c183a1836cc5a698cf337cb7ad734e862ae80e95a
|
||||
SHA256 (relay_clientcerts) = 2aa69a949c06826e2f5a760791fb5cebb37e6797613270fd11381c33afa38297
|
||||
SHA256 (client_restrict) = 9496a99f6714625c5883a41f8a5f9db8aa43199ef2167c18d83a2b39469622e3
|
||||
SHA256 (sender_access) = c9b9b86c985facdc18e6bfe436c78340174fc315478e578d82c956e35355e678
|
||||
SHA256 (sender_restrict) = 9b672511eac1971f8cd72b045e200aac8e0fe6407f1a055085fc1b85c1f24ed7
|
||||
SHA256 (main-addon.cf) = 3c8e601c90773a6b8dc35327651af1307201f703a3dea55db10ef5fd7171e0bf
|
||||
SHA256 (master.patch) = 062960dbabd1ae4890d7bb3dc364215f5755c04d1a2d6138f9871dbd66301009
|
||||
SHA256 (main-addon.cf) = 9b76d29773fec26c3500df9203b5740ca52b44d5fc62d8c80da518f5959e6063
|
||||
SHA256 (master.patch) = 096b53869e8a55c8971b6ab055c170f5dc7dc676e254e5780dbdfab2a145947c
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
rname=postfix
|
||||
name=postfix-lmdb
|
||||
version=3.7.1
|
||||
version=3.7.2
|
||||
release=1
|
||||
source=(
|
||||
https://de.${rname}.org/ftpmirror/official/${rname}-${version}.tar.gz
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ The CRUX postfix package
|
|||
* SmartHost
|
||||
* Relay
|
||||
* DNS black lists
|
||||
* Gray listing
|
||||
* Address verification
|
||||
|
||||
Abstract
|
||||
--------
|
||||
|
|
@ -101,7 +103,29 @@ uncomment it. See above for SmartHost.
|
|||
DNS deny lists
|
||||
--------------
|
||||
|
||||
Edit main.cf and uncomment and edit lines marked #DNSDL.
|
||||
Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
. Edit main.cf and uncomment and edit lines marked #DNSDL.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
Gray listing
|
||||
------------
|
||||
|
||||
. Install s-postgray, and create a minimal configuration file.
|
||||
. Edit main.cf and uncomment and edit lines marked #GRAY.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
. Track your logs to fill in configuration some days or weeks.
|
||||
. Remove "-c 0" s-postgray command line option from master.cf.
|
||||
|
||||
Address verification
|
||||
--------------------
|
||||
|
||||
. Unless you use gray listing with --msg-allow=permit allowance, and
|
||||
have a completed set of allowlisted entries, you should read postfix's
|
||||
README_FILES/ADDRESS_VERIFICATION_README.
|
||||
. Edit main.cf and uncomment and edit lines marked #VERIFY.
|
||||
If gray listing is enabled, you could reconfigure it to not include
|
||||
recipients but only senders and client addresses via --focus-sender;
|
||||
then, change GRAY and VERIFY to happen in smtpd_sender_restrictions
|
||||
not smtpd_recipient_restrictions.
|
||||
. Run "/etc/rc.d/postfix-lmdb reload" (or restart).
|
||||
|
||||
# s-ts-mode
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
default_privs = _postfix_xlocal
|
||||
setgid_group = _postfix_queue
|
||||
mail_spool_directory = /var/spool/mail
|
||||
alias_database = lmdb:/etc/postfix-lmdb/aliases
|
||||
alias_database = lmdb:$meta_directory/aliases
|
||||
alias_maps = $alias_database
|
||||
# all # or ipv4, ipv6 or ipv4 or ipv6
|
||||
inet_protocols = all
|
||||
|
|
@ -68,9 +68,9 @@ tls_append_default_CA = no
|
|||
# Put the hash only in relay_clientcerts, right hand value is not inspected:
|
||||
# FINGERPRINT-HERE whatever value
|
||||
# Search #RELAY for this, uncomment
|
||||
#RELAY relay_clientcerts = lmdb:/etc/postfix-lmdb/relay_clientcerts
|
||||
#RELAY relay_clientcerts = lmdb:$meta_directory/relay_clientcerts
|
||||
# relay_domains <-> reject_unauth_destination,permit_auth_destination
|
||||
# eg lmdb:/etc/postfix-lmdb/transport
|
||||
# eg lmdb:$meta_directory/transport
|
||||
transport_maps =
|
||||
relay_domains = $mynetworks,$transport_maps
|
||||
|
||||
|
|
@ -79,12 +79,12 @@ smtpd_authorized_verp_clients = 127.0.0.1
|
|||
|
||||
# Clients connection checks
|
||||
smtpd_client_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
check_client_access lmdb:$meta_directory/client_restrict,
|
||||
reject_unknown_client_hostname,
|
||||
check_client_access lmdb:/etc/postfix-lmdb/client_restrict,
|
||||
# in case you want reject DNS blacklists rather than greylist them,
|
||||
# exchange sleep (maybe) and uncomment the lines below
|
||||
sleep 1,
|
||||
|
|
@ -103,34 +103,41 @@ smtpd_data_restrictions =
|
|||
permit
|
||||
|
||||
smtpd_helo_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_invalid_helo_hostname,
|
||||
reject_non_fqdn_helo_hostname,
|
||||
reject_unknown_helo_hostname
|
||||
reject_unknown_helo_hostname,
|
||||
permit
|
||||
|
||||
# MAIL FROM Checks
|
||||
smtpd_sender_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY reject_authenticated_sender_login_mismatch,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_non_fqdn_sender,
|
||||
# Total no-goes database, eg: qq.com reject
|
||||
check_sender_access lmdb:/etc/postfix-lmdb/sender_restrict,
|
||||
check_sender_access lmdb:$meta_directory/sender_restrict,
|
||||
reject_unknown_sender_domain,
|
||||
reject_unknown_reverse_client_hostname,
|
||||
#GRAY: with --focus-sender only! And --msg-allow=permit
|
||||
#GRAY check_policy_service unix:private/postgray,
|
||||
#VERIFY(..then) reject_unverified_sender,
|
||||
permit
|
||||
|
||||
smtpd_relay_before_recipient_restrictions = yes
|
||||
|
||||
# RCPT TO checks, relay policy
|
||||
# Local clients and authenticated clients may specify any destination domain
|
||||
smtpd_relay_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_non_fqdn_sender,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_non_fqdn_recipient,
|
||||
#permit_auth_destination,
|
||||
#reject
|
||||
|
|
@ -140,27 +147,24 @@ smtpd_relay_restrictions =
|
|||
# RCPT TO checks, spam blocking policy
|
||||
# Match fast for $mynetworks and authenticated clients.
|
||||
smtpd_recipient_restrictions =
|
||||
# permit_inet_interfaces, OR
|
||||
# permit_inet_interfaces, OR
|
||||
permit_mynetworks,
|
||||
#RELAY permit_tls_clientcerts,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
#[RELAY] permit_sasl_authenticated,
|
||||
reject_unknown_recipient_domain,
|
||||
# (SMTPD_POLICY_README says
|
||||
# reject_unauth_destination is not needed here if the mail relay policy is
|
||||
# specified with smtpd_relay_restrictions (available with Postfix 2.10 and
|
||||
# later))
|
||||
#reject_unauth_destination,
|
||||
# better not: reject_unverified_sender,
|
||||
# DB of MAIL FROM's without policy server checks (one way, or another)
|
||||
check_sender_access lmdb:/etc/postfix-lmdb/sender_access,
|
||||
check_sender_access lmdb:$meta_directory/sender_access,
|
||||
#check_policy_service inet:127.0.0.1:5525,
|
||||
#check_policy_service unix:private/postgray
|
||||
#GRAY: without --focus-sender
|
||||
#GRAY check_policy_service unix:private/postgray,
|
||||
#VERIFY(..then) reject_unverified_sender,
|
||||
#(VERIFY would not) reject_unverified_recipient,
|
||||
permit
|
||||
|
||||
# i would turn that on..
|
||||
#smtpd_delay_reject = no
|
||||
smtpd_helo_required = yes
|
||||
smtpd_hard_error_limit = 1
|
||||
smtpd_hard_error_limit = 2
|
||||
smtpd_soft_error_limit = 1
|
||||
smtpd_per_record_deadline = yes
|
||||
smtpd_timeout = 15s
|
||||
|
|
@ -172,11 +176,14 @@ smtpd_junk_command_limit = 5
|
|||
#smtpd_client_connection_rate_limit = 20
|
||||
#smtpd_client_connection_count_limit = 2
|
||||
|
||||
#VERIFY address_verify_map = lmdb:$data_directory/verify_cache
|
||||
#VERIFY address_verify_cache_cleanup_interval = 86400s
|
||||
|
||||
#TLS Do not forget to look into master.cf!
|
||||
# That one is for client certificates!
|
||||
#smtpd_tls_CAfile = /etc/dovecot/cert.pem
|
||||
#TLS smtpd_tls_chain_files = /etc/postfix-lmdb/key_and_cert.pem
|
||||
#TLS smtpd_tls_dh1024_param_file = /etc/postfix-lmdb/dh2048.pem
|
||||
#TLS smtpd_tls_chain_files = $meta_directory/key_and_cert.pem
|
||||
#TLS smtpd_tls_dh1024_param_file = $meta_directory/dh2048.pem
|
||||
# This are managed per-service in master.cf!
|
||||
#smtpd_tls_security_level = none
|
||||
#RELAY smtpd_tls_ask_ccert = yes
|
||||
|
|
@ -194,7 +201,7 @@ smtpd_tls_mandatory_exclude_ciphers =
|
|||
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
|
||||
smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers
|
||||
smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
|
||||
smtpd_tls_session_cache_database = lmdb:/var/lib/postfix-lmdb/smtpd_scache
|
||||
smtpd_tls_session_cache_database = lmdb:$data_directory/smtpd_scache
|
||||
smtpd_tls_session_cache_timeout = 3600s
|
||||
|
||||
# Usually enabled per-service in master.cf!
|
||||
|
|
@ -223,7 +230,7 @@ smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
|
|||
smtp_tls_ciphers = $smtpd_tls_ciphers
|
||||
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
|
||||
smtp_tls_connection_reuse = yes
|
||||
smtp_tls_session_cache_database = lmdb:/var/lib/postfix-lmdb/smtp_scache
|
||||
smtp_tls_session_cache_database = lmdb:$data_directory/smtp_scache
|
||||
smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
|
||||
|
||||
#smtp_sasl_auth_enable = $smtpd_sasl_auth_enable
|
||||
|
|
@ -256,8 +263,8 @@ smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
|
|||
#SMART Authentication like that not tried, this from postfix SASL_README:
|
||||
#smtp_sasl_auth_enable = yes
|
||||
#smtp_sasl_tls_security_options = noanonymous
|
||||
#smtp_sasl_password_maps = lmdb:/etc/postfix-lmdb/sasl_passwd
|
||||
# /etc/postfix-lmdb/sasl_passwd:
|
||||
#smtp_sasl_password_maps = lmdb:$meta_directory/sasl_passwd
|
||||
# $meta_directory/sasl_passwd:
|
||||
# # destination credentials
|
||||
# #user1@example.com username1:password1
|
||||
# #user2@example.net username2:password2
|
||||
|
|
@ -265,9 +272,9 @@ smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
|
|||
# # Alternative form:
|
||||
# # [mail.isp.example]:submission username:password
|
||||
#SMART Even sender-specific, uncomment the user1 user2 entries above then
|
||||
# sender_dependent_relayhost_maps = lmdb:/etc/postfix/sender_relay
|
||||
# /etc/postfix/sender_relay:
|
||||
# # Per-sender provider; see also /etc/postfix/sasl_passwd.
|
||||
# sender_dependent_relayhost_maps = lmdb:$meta_directory/sender_relay
|
||||
# $meta_directory/sender_relay:
|
||||
# # Per-sender provider; see also $meta_directory/sasl_passwd.
|
||||
# user1@example.com [mail.example.com]:submission
|
||||
# user2@example.net [mail.example.net]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
--- master.cf.orig 2021-09-15 16:42:06.307124019 +0200
|
||||
+++ master.cf 2021-09-15 16:47:11.560462685 +0200
|
||||
--- master.cf.orig 2022-06-08 22:53:27.956225130 +0200
|
||||
+++ master.cf 2022-06-08 22:56:16.596225800 +0200
|
||||
@@ -10,6 +10,20 @@
|
||||
# (yes) (yes) (no) (never) (100)
|
||||
# ==========================================================================
|
||||
|
|
@ -21,3 +21,17 @@
|
|||
#smtp inet n - n - 1 postscreen
|
||||
#smtpd pass - - n - - smtpd
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
@@ -86,7 +100,12 @@
|
||||
# agent. See the pipe(8) man page for information about ${recipient}
|
||||
# and other message envelope options.
|
||||
# ====================================================================
|
||||
-#
|
||||
+
|
||||
+#GRAY
|
||||
+#GRAY postgray unix - n n - - spawn
|
||||
+#GRAY
|
||||
+#GRAY user=_postfix_xlocal argv=/usr/libexec/s-postgray -c0 -R /etc/postfix-lmdb/pg.rc
|
||||
+
|
||||
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user