From 16cd6580b5ab72fdaa1cb69814e69838e283179e Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 16 Jun 2016 00:00:30 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- init.d/postfix | 2 +- postfix/main.cf.default | 31 ++++++++++++++++++++++++------- postfix/main.cf.proto | 4 ++-- postfix/makedefs.out | 12 ++++++------ postfix/postfix-files | 2 ++ 5 files changed, 35 insertions(+), 16 deletions(-) diff --git a/init.d/postfix b/init.d/postfix index d37981d0..73e34f43 100755 --- a/init.d/postfix +++ b/init.d/postfix @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ diff --git a/postfix/main.cf.default b/postfix/main.cf.default index 447290b3..68753452 100644 --- a/postfix/main.cf.default +++ b/postfix/main.cf.default @@ -11,6 +11,7 @@ address_verify_map = btree:$data_directory/verify_cache address_verify_negative_cache = yes address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 3h +address_verify_pending_request_limit = 5000 address_verify_poll_count = ${stress?{1}:{3}} address_verify_poll_delay = 3s address_verify_positive_expire_time = 31d @@ -99,6 +100,7 @@ default_recipient_limit = 20000 default_recipient_refill_delay = 5s default_recipient_refill_limit = 100 default_transport = smtp +default_transport_rate_delay = 0s default_verp_delimiters = += defer_code = 450 defer_service_name = defer @@ -115,6 +117,7 @@ disable_mime_input_processing = no disable_mime_output_conversion = no disable_verp_bounces = no disable_vrfy_command = no +dns_ncache_ttl_fix_enable = no dnsblog_reply_delay = 0s dnsblog_service_name = dnsblog dont_remove = 0 @@ -142,6 +145,7 @@ error_recipient_limit = $default_recipient_limit error_recipient_refill_delay = $default_recipient_refill_delay error_recipient_refill_limit = $default_recipient_refill_limit error_service_name = error +error_transport_rate_delay = $default_transport_rate_delay execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ expand_owner_alias = no export_environment = TZ MAIL_CONFIG LANG @@ -213,6 +217,7 @@ lmtp_dns_resolver_options = lmtp_dns_support_level = lmtp_enforce_tls = no lmtp_extra_recipient_limit = $default_extra_recipient_limit +lmtp_fallback_relay = lmtp_generic_maps = lmtp_header_checks = lmtp_host_lookup = dns @@ -289,6 +294,7 @@ lmtp_tls_session_cache_timeout = 3600s lmtp_tls_trust_anchor_file = lmtp_tls_verify_cert_match = hostname lmtp_tls_wrappermode = no +lmtp_transport_rate_delay = $default_transport_rate_delay lmtp_use_tls = no lmtp_xforward_timeout = 300s local_command_shell = @@ -311,12 +317,13 @@ local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_recipient_refill_delay = $default_recipient_refill_delay local_recipient_refill_limit = $default_recipient_refill_limit local_transport = local:$myhostname +local_transport_rate_delay = $default_transport_rate_delay luser_relay = mail_name = Postfix mail_owner = postfix -mail_release_date = 20151010 +mail_release_date = 20160224 mail_spool_directory = /var/mail -mail_version = 3.0.3 +mail_version = 3.1.0 mailbox_command = mailbox_command_maps = mailbox_delivery_lock = fcntl, dotlock @@ -351,6 +358,7 @@ milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname +milter_macro_defaults = milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 @@ -374,6 +382,7 @@ newaliases_path = /usr/bin/newaliases non_fqdn_reject_code = 504 non_smtpd_milters = notify_classes = resource, software +openssl_path = openssl owner_request_special = yes parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps permit_mx_backup_networks = @@ -399,11 +408,12 @@ postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = ignore +postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h +postscreen_dnsbl_min_ttl = 60s postscreen_dnsbl_reply_map = postscreen_dnsbl_sites = postscreen_dnsbl_threshold = 1 postscreen_dnsbl_timeout = 10s -postscreen_dnsbl_ttl = 1h postscreen_dnsbl_whitelist_threshold = 0 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter @@ -481,6 +491,7 @@ relay_recipient_maps = relay_recipient_refill_delay = $default_recipient_refill_delay relay_recipient_refill_limit = $default_recipient_refill_limit relay_transport = relay +relay_transport_rate_delay = $default_transport_rate_delay relayhost = relocated_maps = remote_header_rewrite_domain = @@ -504,6 +515,7 @@ retry_minimum_delivery_slots = $default_minimum_delivery_slots retry_recipient_limit = $default_recipient_limit retry_recipient_refill_delay = $default_recipient_refill_delay retry_recipient_refill_limit = $default_recipient_refill_limit +retry_transport_rate_delay = $default_transport_rate_delay rewrite_service_name = rewrite sample_directory = /etc/postfix send_cyrus_sasl_authzid = no @@ -604,6 +616,7 @@ smtp_tls_CApath = smtp_tls_block_early_mail_reply = no smtp_tls_cert_file = smtp_tls_ciphers = medium +smtp_tls_dane_insecure_mx_policy = dane smtp_tls_dcert_file = smtp_tls_dkey_file = $smtp_tls_dcert_file smtp_tls_eccert_file = @@ -630,12 +643,14 @@ smtp_tls_session_cache_timeout = 3600s smtp_tls_trust_anchor_file = smtp_tls_verify_cert_match = hostname smtp_tls_wrappermode = no +smtp_transport_rate_delay = $default_transport_rate_delay smtp_use_tls = no smtp_xforward_timeout = 300s smtpd_authorized_verp_clients = $authorized_verp_clients smtpd_authorized_xclient_hosts = smtpd_authorized_xforward_hosts = smtpd_banner = $myhostname ESMTP $mail_name +smtpd_client_auth_rate_limit = 0 smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 0 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} @@ -671,6 +686,7 @@ smtpd_per_record_deadline = ${stress?{yes}:{no}} smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem smtpd_policy_service_max_idle = 300s smtpd_policy_service_max_ttl = 1000s +smtpd_policy_service_policy_context = smtpd_policy_service_request_limit = 0 smtpd_policy_service_retry_delay = 1s smtpd_policy_service_timeout = 100s @@ -759,11 +775,11 @@ tls_dane_trust_anchor_digest_enable = yes tls_disable_workarounds = tls_eecdh_strong_curve = prime256v1 tls_eecdh_ultra_curve = secp384r1 -tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH -tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH +tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH +tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH tls_legacy_public_key_fingerprints = no -tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH -tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH +tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH +tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_random_bytes = 32 @@ -855,4 +871,5 @@ virtual_recipient_limit = $default_recipient_limit virtual_recipient_refill_delay = $default_recipient_refill_delay virtual_recipient_refill_limit = $default_recipient_refill_limit virtual_transport = virtual +virtual_transport_rate_delay = $default_transport_rate_delay virtual_uid_maps = diff --git a/postfix/main.cf.proto b/postfix/main.cf.proto index 1fc886b8..0c36e3ac 100644 --- a/postfix/main.cf.proto +++ b/postfix/main.cf.proto @@ -153,8 +153,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). diff --git a/postfix/makedefs.out b/postfix/makedefs.out index faab147b..921cc045 100644 --- a/postfix/makedefs.out +++ b/postfix/makedefs.out @@ -21,17 +21,17 @@ SYSTYPE = LINUX4 _AR = x86_64-pc-linux-gnu-ar ARFL = rv _RANLIB = x86_64-pc-linux-gnu-ranlib -SYSLIBS = -pie -Wl,-O1 -Wl,--as-needed -ldl -lpam -lssl -lcrypto -lsasl2 -lldap -llber -L/usr/lib64 -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -L/usr/lib64 -lpcre -L/usr/lib64/postgresql-9.5/lib64 -lpq -lsqlite3 -lpthread -ldb -lnsl -lresolv -ldl -L/usr/local/lib -licuuc -CC = x86_64-pc-linux-gnu-gcc -fPIC -I. -I../../include -DHAS_PCRE -DHAS_LDAP -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/mysql/.. -DHAS_PGSQL -I/usr/include/postgresql-9.5 -DHAS_SQLITE -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\$${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS $(WARN) +SYSLIBS = -pie -Wl,-O1 -Wl,--as-needed -ldl -lpam -lssl -lcrypto -lsasl2 -lldap -llber -L/usr/lib64 -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -L/usr/lib64 -lpcre -L/usr/lib64/postgresql-9.5/lib64 -lpq -lsqlite3 -lpthread -ldb -lnsl -lresolv -ldl -L/usr/lib64 -licui18n -licuuc -licudata +CC = x86_64-pc-linux-gnu-gcc -fPIC -I. -I../../include -DHAS_PCRE -DHAS_LDAP -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/mysql/.. -DHAS_PGSQL -I/usr/include/postgresql-9.5 -DHAS_SQLITE -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DU_DISABLE_RENAMING=1 -I/usr/include -DHAS_DEV_URANDOM -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\$${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS $(WARN) OPT = -O2 -pipe -Wno-comment DEBUG = AWK = awk STRCASE = -EXPORT = CCARGS='-I. -I../../include -DHAS_PCRE -DHAS_LDAP -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/mysql/.. -DHAS_PGSQL -I/usr/include/postgresql-9.5 -DHAS_SQLITE -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\$${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS' OPT='-O2 -pipe -Wno-comment' DEBUG='' +EXPORT = CCARGS='-I. -I../../include -DHAS_PCRE -DHAS_LDAP -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/mysql/.. -DHAS_PGSQL -I/usr/include/postgresql-9.5 -DHAS_SQLITE -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DU_DISABLE_RENAMING=1 -I/usr/include -DHAS_DEV_URANDOM -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\$${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS' OPT='-O2 -pipe -Wno-comment' DEBUG='' WARN = -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wunused -Wno-missing-braces -DEFINED_MAP_TYPES = pcre ldap mysql pgsql sqlite +DEFINED_MAP_TYPES = pcre ldap mysql pgsql sqlite dev_urandom MAKE_FIX = # Switch between Postfix static and dynamically-linked libraries. AR = : @@ -39,9 +39,9 @@ RANLIB = : LIB_PREFIX = postfix- LIB_SUFFIX = .so SHLIB_CFLAGS = -fPIC -SHLIB_DIR = /usr/lib64/postfix/3.0.3 +SHLIB_DIR = /usr/lib64/postfix/3.1.0 SHLIB_LD = x86_64-pc-linux-gnu-gcc -shared -Wl,-soname,${LIB} -SHLIB_SYSLIBS = -Wl,-O1 -Wl,--as-needed -ldl -lpam -lssl -lcrypto -lsasl2 -lldap -llber -L/usr/lib64 -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -L/usr/lib64 -lpcre -L/usr/lib64/postgresql-9.5/lib64 -lpq -lsqlite3 -lpthread -ldb -lnsl -lresolv -ldl -L/usr/local/lib -licuuc +SHLIB_SYSLIBS = -Wl,-O1 -Wl,--as-needed -ldl -lpam -lssl -lcrypto -lsasl2 -lldap -llber -L/usr/lib64 -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -L/usr/lib64 -lpcre -L/usr/lib64/postgresql-9.5/lib64 -lpq -lsqlite3 -lpthread -ldb -lnsl -lresolv -ldl -L/usr/lib64 -licui18n -licuuc -licudata SHLIB_RPATH = -Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR} # Switch between dynamicmaps.cf plugins and hard-linked databases. NON_PLUGIN_MAP_OBJ = $(MAP_OBJ) diff --git a/postfix/postfix-files b/postfix/postfix-files index e80ff601..4d59d5b1 100644 --- a/postfix/postfix-files +++ b/postfix/postfix-files @@ -96,6 +96,7 @@ $daemon_directory/post-install:f:root:-:755 #$daemon_directory/postfix-files:f:root:-:644:o #$daemon_directory/postfix-files.d:d:root:-:755:o $daemon_directory/postfix-script:f:root:-:755 +$daemon_directory/postfix-tls-script:f:root:-:755 $daemon_directory/postfix-wrapper:f:root:-:755 $daemon_directory/postmulti-script:f:root:-:755 $daemon_directory/postscreen:f:root:-:755 @@ -160,6 +161,7 @@ $manpage_directory/man1/postcat.1:f:root:-:644 $manpage_directory/man1/postconf.1:f:root:-:644 $manpage_directory/man1/postdrop.1:f:root:-:644 $manpage_directory/man1/postfix.1:f:root:-:644 +$manpage_directory/man1/postfix-tls.1:f:root:-:644 $manpage_directory/man1/postkick.1:f:root:-:644 $manpage_directory/man1/postlock.1:f:root:-:644 $manpage_directory/man1/postlog.1:f:root:-:644 -- 2.39.5