1
0
forked from ports/contrib

postfix-lmdb: fix build issue with glibc 2.34; add more restriction DB checks

This commit is contained in:
Steffen Nurpmeso 2021-09-15 16:51:01 +02:00
parent e9c148a706
commit 306ab79303
9 changed files with 102 additions and 33 deletions

@ -1,15 +1,18 @@
untrusted comment: verify with /etc/ports/contrib.pub
RWSagIOpLGJF39bkSvldtd/SVdx+xx3/eNfYpWu8wQN39lwEQ5KTnKSOllpvtKo+qZCxvpJ1Y4xxuMAHd1ai/zjQLvfYb+zFZw0=
SHA256 (Pkgfile) = f8619f91dc10a51b2f50f1ee7523ad961092be53bf9ee9ac71545e8aafe0138a
RWSagIOpLGJF3xVKFyl74o/CWPcktzQbYC7i6VGVJ7Nvj6qVGhCk6g9tXb5KmwDOCznI8Rery/ABmKeYQAABl7BPkBdtdStlyQw=
SHA256 (Pkgfile) = 85789a7f4b4ad2cd351a9deb394d954cb3d48160f343a12f1b363e7e5392d71f
SHA256 (.footprint) = c4bef46624508b9105e8c5816c322560a560c09e9c5507509eb95c886d52a387
SHA256 (postfix-3.6.2.tar.gz) = 507323d20d7b3f705f49cf8c07d437c6d8090bed07e15a3c0ec405edad54a7d4
SHA256 (lmdb-default.patch) = 11f42333ae0640a3ca579463ed28007973693b93bc734b5d82225fcb516bf05e
SHA256 (postfix-install.patch) = 7185d2b2e4d7cc090b958c1d372c16e15f274465e2123686a0d97db20e2b5943
SHA256 (post-install) = b459d6e4c56384c24d5f3473964ed6442b2c501406745d1fd46c6b453e393138
SHA256 (closefrom.patch) = e7b07aefa319c67b0b44a95a5701f3ef3d35d8e58c126de841ec2e4b16b29c8f
SHA256 (post-install) = 2d7a4e57ea09916dba84bc388399dce162756809c2e914b54d617faeda89161c
SHA256 (postfix.rc) = 5ac60205a95faf4633c64bc60d2689f654b997932e3bbc1204b66df7b5dce1d2
SHA256 (aliases) = 60ae98d869800055b248c32c183a1836cc5a698cf337cb7ad734e862ae80e95a
SHA256 (README) = a51f96a1f17cdc075d307c44f146e761e0c795812710b1db6e049b7bdee84210
SHA256 (aliases) = 60ae98d869800055b248c32c183a1836cc5a698cf337cb7ad734e862ae80e95a
SHA256 (relay_clientcerts) = 2aa69a949c06826e2f5a760791fb5cebb37e6797613270fd11381c33afa38297
SHA256 (sender_restrict) = b83ab2c27d6966876c6cfa7f12d5c3d3065fb11507a69199ce8d30a757217e4c
SHA256 (main-addon.cf) = 5d4b2e895c6a80b97923170170277adb1a4f44e7c8c726981e653d3d0097e013
SHA256 (master.patch) = 2554c5e37ae7a87ee771aa46502aa99bf3668da0bbf3313664dd63e9336e794b
SHA256 (client_restrict) = 9496a99f6714625c5883a41f8a5f9db8aa43199ef2167c18d83a2b39469622e3
SHA256 (sender_access) = c9b9b86c985facdc18e6bfe436c78340174fc315478e578d82c956e35355e678
SHA256 (sender_restrict) = 9b672511eac1971f8cd72b045e200aac8e0fe6407f1a055085fc1b85c1f24ed7
SHA256 (main-addon.cf) = 3ab7e6882fbd302a95cfe7476c162fe63e0989c2be235778daabd871184f1fbb
SHA256 (master.patch) = 062960dbabd1ae4890d7bb3dc364215f5755c04d1a2d6138f9871dbd66301009

@ -7,12 +7,18 @@
rname=postfix
name=postfix-lmdb
version=3.6.2
release=1
release=2
source=(
https://de.${rname}.org/ftpmirror/official/${rname}-${version}.tar.gz
lmdb-default.patch postfix-install.patch post-install
lmdb-default.patch
postfix-install.patch
closefrom.patch
post-install
${rname}.rc
aliases README relay_clientcerts sender_restrict
README
aliases
relay_clientcerts
client_restrict sender_access sender_restrict
main-addon.cf master.patch
)
@ -21,6 +27,7 @@ build() {
patch -p1 < "${SRC}"/lmdb-default.patch
patch -p1 < "${SRC}"/postfix-install.patch
patch -p1 < "${SRC}"/closefrom.patch
cca='-DNO_DB -DNO_EAI -DNO_NIS -DNO_NISPLUS '
cca=${cca}' -DHAS_LMDB -DDEF_DB_TYPE=\"lmdb\" -DHAS_PCRE -DUSE_TLS'

@ -0,0 +1,2 @@
# See access(5) for format (REJECT,OK,HOLD,DUNNO)

@ -0,0 +1,40 @@
diff -ru postfix-3.6.2.orig/src/util/sys_compat.c postfix-3.6.2/src/util/sys_compat.c
--- postfix-3.6.2.orig/src/util/sys_compat.c 2021-09-15 16:42:06.337124020 +0200
+++ postfix-3.6.2/src/util/sys_compat.c 2021-09-15 16:43:00.893791647 +0200
@@ -286,7 +286,7 @@
/* closefrom() - closes all file descriptors from the given one up */
-int closefrom(int lowfd)
+void closefrom(int lowfd)
{
int fd_limit = open_limit(0);
int fd;
@@ -298,14 +298,12 @@
*/
if (lowfd < 0) {
errno = EBADF;
- return (-1);
+ return;
}
if (fd_limit > 500)
fd_limit = 500;
for (fd = lowfd; fd < fd_limit; fd++)
(void) close(fd);
-
- return (0);
}
#endif
diff -ru postfix-3.6.2.orig/src/util/sys_defs.h postfix-3.6.2/src/util/sys_defs.h
--- postfix-3.6.2.orig/src/util/sys_defs.h 2021-09-15 16:42:06.337124020 +0200
+++ postfix-3.6.2/src/util/sys_defs.h 2021-09-15 16:42:34.500457851 +0200
@@ -1509,7 +1509,7 @@
#endif
#ifndef HAS_CLOSEFROM
-extern int closefrom(int);
+extern void closefrom(int);
#endif

@ -61,12 +61,13 @@ relay_domains = $mynetworks,$transport_maps
# Only localhost for mailing-lists etc.; maybe $mynetworks?
smtpd_authorized_verp_clients = 127.0.0.1
# Clients which are allowed to invoke commands
# Clients connection checks
smtpd_client_restrictions =
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
# permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
check_client_access lmdb:/etc/postfix-lmdb/client_restrict,
reject_unknown_client_hostname,
# in case you want reject DNS blacklists rather than greylist them
# with gross, exchange sleep (maybe) and uncomment the lines below
@ -89,11 +90,22 @@ smtpd_helo_restrictions =
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
# permit_sasl_authenticated,
#[RELAY] permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
# MAIL FROM Checks
smtpd_sender_restrictions =
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
# Total no-goes database, eg: qq.com reject
check_sender_access lmdb:/etc/postfix-lmdb/sender_restrict,
reject_unknown_sender_domain,
permit
smtpd_relay_before_recipient_restrictions = yes
# RCPT TO checks, relay policy
@ -120,20 +132,16 @@ smtpd_recipient_restrictions =
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_recipient_domain,
# (SMTPD_POLICY_README says
# reject_unauth_destination is not needed here if the mail relay policy is
# specified with smtpd_relay_restrictions (available with Postfix 2.10 and
# later))
reject_unauth_destination,
# better not reject_unverified_sender,
#check_policy_service inet:127.0.0.1:5525,
permit
# MAIL FROM Checks
smtpd_sender_restrictions =
# permit_inet_interfaces, OR
permit_mynetworks,
#RELAY permit_tls_clientcerts,
#[RELAY] permit_sasl_authenticated,
# Eg: qq.com reject
lmdb:/etc/postfix-lmdb/sender_restrict,
reject_unknown_sender_domain,
# better not: reject_unverified_sender,
# DB of MAIL FROM's without policy server checks (one way, or another)
check_sender_access lmdb:/etc/postfix-lmdb/sender_access,
#check_policy_service unix:/run/greylistd.socket,
##check_policy_service inet:127.0.0.1:5525,
permit
# i would turn that on..
@ -195,7 +203,8 @@ smtp_tls_security_level = may
smtp_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_protocols = $smtpd_tls_protocols
#SMART When only relaying to smarthost, the next can be =high !?!
#SMART When only relaying to smarthost, the next should be =high
#SMART smtp_tls_mandatory_ciphers = high
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
smtp_tls_ciphers = $smtpd_tls_ciphers

@ -1,6 +1,6 @@
--- master.cf.orig 2021-04-12 20:30:45.650213781 +0200
+++ master.cf 2021-04-12 20:32:34.676882357 +0200
@@ -10,6 +10,18 @@
--- master.cf.orig 2021-09-15 16:42:06.307124019 +0200
+++ master.cf 2021-09-15 16:47:11.560462685 +0200
@@ -10,6 +10,20 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
@ -8,14 +8,16 @@
+#TLS -o smtpd_tls_security_level=may
+#TLS -o smtpd_sasl_auth_enable=no
+#TLS submission inet n - n - - smtpd
+#TLS -o syslog_name=postfix/submission
+#TLS -o smtpd_tls_security_level=encrypt
+#TLS -o smtpd_sasl_auth_enable=yes
+#TLS # This was SMTPS aka :465. I use it as that.
+#TLS submissions inet n - n - - smtpd
+#TLS -o syslog_name=postfix/submissions
+#TLS -o smtpd_tls_wrappermode=yes
+#TLS -o smtpd_sasl_auth_enable=no
+tlsproxy unix - - n - 0 tlsproxy
+ -o tlsproxy_tls_security_level=encrypt
+ -o tlsproxy_tls_security_level=encrypt
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog

@ -51,5 +51,8 @@ p_i upgrade-permissions
/usr/sbin/postalias /etc/${name}/aliases
/usr/sbin/postmap lmdb:/etc/${name}/sender_restrict
/usr/sbin/postmap lmdb:/etc/${name}/relay_clientcerts
/usr/sbin/postmap lmdb:/etc/${name}/client_restrict
/usr/sbin/postmap lmdb:/etc/${name}/sender_access
/usr/sbin/postmap lmdb:/etc/${name}/sender_restrict

@ -0,0 +1,3 @@
# See access(5) for format (REJECT,OK,HOLD,DUNNO)
crux.nu OK

@ -1,3 +1,3 @@
# See access(5) for format
# See access(5) for format (REJECT,OK,HOLD,DUNNO)
qq.com reject