summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/02_kfreebsd_support.diff15
-rw-r--r--debian/patches/03_ldap3_by_default.diff47
-rw-r--r--debian/patches/04_remove_gdbm_support.diff13
-rw-r--r--debian/patches/05_debian_defaults.diff118
-rw-r--r--debian/patches/05_debian_manpage_differences.diff159
-rw-r--r--debian/patches/05_debian_readme_differences.diff120
-rw-r--r--debian/patches/06_debian_paths.diff110
-rw-r--r--debian/patches/07_sasl_config.diff95
-rw-r--r--debian/patches/09_quiet_startup.diff86
-rw-r--r--debian/patches/10_openssl_version_check.diff32
-rw-r--r--debian/patches/12_add_bind_now_and_relro_to_pie.diff26
-rw-r--r--debian/patches/30_shared_libs.diff54
-rw-r--r--debian/patches/40_chroot_by_default.diff131
-rw-r--r--debian/patches/41_rmail.diff708
-rw-r--r--debian/patches/50_LANG.diff13
-rw-r--r--debian/patches/70_postfix-check.diff23
-rw-r--r--debian/patches/debian-man-name.diff9
-rw-r--r--debian/patches/postfix-dup-postconf.patch20
-rw-r--r--debian/patches/series19
-rw-r--r--debian/patches/tls_version.diff28
20 files changed, 1826 insertions, 0 deletions
diff --git a/debian/patches/02_kfreebsd_support.diff b/debian/patches/02_kfreebsd_support.diff
new file mode 100644
index 0000000..4bce5bc
--- /dev/null
+++ b/debian/patches/02_kfreebsd_support.diff
@@ -0,0 +1,15 @@
+Index: postfix/makedefs
+===================================================================
+--- postfix.orig/makedefs
++++ postfix/makedefs
+@@ -595,8 +595,8 @@ EOF
+ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ : ${PLUGIN_LD="${CC-gcc} -shared"}
+ ;;
+- GNU.0*|GNU/kFreeBSD.[567]*)
+- SYSTYPE=GNU0
++ GNU.0*|GNU/kFreeBSD.*)
++ SYSTYPE=GNU0
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *) if [ -f /usr/include/db.h ]
diff --git a/debian/patches/03_ldap3_by_default.diff b/debian/patches/03_ldap3_by_default.diff
new file mode 100644
index 0000000..e63ce8c
--- /dev/null
+++ b/debian/patches/03_ldap3_by_default.diff
@@ -0,0 +1,47 @@
+Index: postfix/src/global/dict_ldap.c
+===================================================================
+--- postfix.orig/src/global/dict_ldap.c 2018-02-23 02:37:11.468712118 -0500
++++ postfix/src/global/dict_ldap.c 2018-02-23 02:37:11.460712118 -0500
+@@ -102,7 +102,7 @@
+ /* How to handle LDAP aliases. See ldap.h or ldap_open(3) man page.
+ /* .IP version
+ /* Specifies the LDAP protocol version to use. Default is version
+-/* \fI2\fR.
++/* \fI3\fR.
+ /* .IP "\fBsasl_mechs (empty)\fR"
+ /* Specifies a space-separated list of LDAP SASL Mechanisms.
+ /* .IP "\fBsasl_realm (empty)\fR"
+@@ -1669,7 +1669,7 @@
+ /*
+ * Define LDAP Protocol Version.
+ */
+- dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 2, 2, 0);
++ dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 3, 2, 0);
+ switch (dict_ldap->version) {
+ case 2:
+ dict_ldap->version = LDAP_VERSION2;
+@@ -1678,9 +1678,9 @@
+ dict_ldap->version = LDAP_VERSION3;
+ break;
+ default:
+- msg_warn("%s: %s Unknown version %d, using 2.", myname, ldapsource,
++ msg_warn("%s: %s Unknown version %d, using 3.", myname, ldapsource,
+ dict_ldap->version);
+- dict_ldap->version = LDAP_VERSION2;
++ dict_ldap->version = LDAP_VERSION3;
+ }
+
+ #if defined(LDAP_API_FEATURE_X_OPENLDAP)
+Index: postfix/man/man5/ldap_table.5
+===================================================================
+--- postfix.orig/man/man5/ldap_table.5 2018-02-23 02:37:11.468712118 -0500
++++ postfix/man/man5/ldap_table.5 2018-02-23 02:37:11.464712118 -0500
+@@ -501,7 +501,7 @@
+ .IP "\fBchase_referrals (default: 0)\fR"
+ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version
+ 3 support).
+-.IP "\fBversion (default: 2)\fR"
++.IP "\fBversion (default: 3)\fR"
+ Specifies the LDAP protocol version to use.
+ .IP "\fBdebuglevel (default: 0)\fR"
+ What level to set for debugging in the OpenLDAP libraries.
diff --git a/debian/patches/04_remove_gdbm_support.diff b/debian/patches/04_remove_gdbm_support.diff
new file mode 100644
index 0000000..e4e240b
--- /dev/null
+++ b/debian/patches/04_remove_gdbm_support.diff
@@ -0,0 +1,13 @@
+--- a/src/util/dict_dbm.c
++++ b/src/util/dict_dbm.c
+@@ -417,6 +417,10 @@
+ char *dbm_path = 0;
+ int lock_fd;
+
++#ifdef HAVE_GDBM
++ msg_fatal("%s: gdbm maps use locking that is incompatible with postfix. Use a hash map instead.",
++ path);
++#endif
+ /*
+ * Let the optimizer worry about eliminating redundant code.
+ */
diff --git a/debian/patches/05_debian_defaults.diff b/debian/patches/05_debian_defaults.diff
new file mode 100644
index 0000000..b7bf6dd
--- /dev/null
+++ b/debian/patches/05_debian_defaults.diff
@@ -0,0 +1,118 @@
+Index: postfix-dev/conf/main.cf
+===================================================================
+--- postfix-dev.orig/conf/main.cf 2019-03-01 11:06:55.849697457 -0500
++++ postfix-dev/conf/main.cf 2019-03-01 11:06:55.841697457 -0500
+@@ -75,7 +75,7 @@
+ # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+ # USER.
+ #
+-mail_owner = postfix
++#mail_owner = postfix
+
+ # The default_privs parameter specifies the default rights used by
+ # the local delivery agent for delivery to external file or command.
+@@ -114,6 +114,11 @@
+ # myorigin also specifies the default domain name that is appended
+ # to recipient addresses that have no @domain part.
+ #
++# Debian GNU/Linux specific: Specifying a file name will cause the
++# first line of that file to be used as the name. The Debian default
++# is /etc/mailname.
++#
++#myorigin = /etc/mailname
+ #myorigin = $myhostname
+ #myorigin = $mydomain
+
+@@ -279,6 +284,7 @@
+ #mynetworks = 168.100.189.0/28, 127.0.0.0/8
+ #mynetworks = $config_directory/mynetworks
+ #mynetworks = hash:/etc/postfix/network_table
++mynetworks = 127.0.0.0/8
+
+ # The relay_domains parameter restricts what destinations this system will
+ # relay mail to. See the smtpd_recipient_restrictions description in
+@@ -567,6 +573,8 @@
+ #
+ #smtpd_banner = $myhostname ESMTP $mail_name
+ #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
++smtpd_banner = $myhostname ESMTP $mail_name (@@DISTRO@@)
++
+
+ # PARALLEL DELIVERY TO THE SAME DESTINATION
+ #
+@@ -591,7 +599,7 @@
+ # logging level when an SMTP client or server host name or address
+ # matches a pattern in the debug_peer_list parameter.
+ #
+-debug_peer_level = 2
++#debug_peer_level = 2
+
+ # The debug_peer_list parameter specifies an optional list of domain
+ # or network patterns, /file/name patterns or type:name tables. When
+Index: postfix-dev/conf/main.cf.tls
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ postfix-dev/conf/main.cf.tls 2019-03-01 11:06:55.841697457 -0500
+@@ -0,0 +1,11 @@
++
++# TLS parameters
++smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
++smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
++smtpd_use_tls=yes
++smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
++smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
++
++# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
++# information on enabling SSL in the smtp client.
++
+Index: postfix-dev/conf/postfix-files
+===================================================================
+--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:06:55.849697457 -0500
++++ postfix-dev/conf/postfix-files 2019-03-01 11:06:55.845697457 -0500
+@@ -143,27 +143,28 @@
+ $mailq_path:l:$sendmail_path
+ $config_directory/LICENSE:f:root:-:644:1
+ $config_directory/TLS_LICENSE:f:root:-:644:1
+-$config_directory/access:f:root:-:644:p1
+-$config_directory/aliases:f:root:-:644:p1
+-$config_directory/bounce.cf.default:f:root:-:644:1
+-$config_directory/canonical:f:root:-:644:p1
+-$config_directory/cidr_table:f:root:-:644:o
+-$config_directory/generic:f:root:-:644:p1
+-$config_directory/generics:f:root:-:644:o
+-$config_directory/header_checks:f:root:-:644:p1
+-$config_directory/install.cf:f:root:-:644:o
+-$config_directory/main.cf.default:f:root:-:644:1
++# Empty files not shipped in Debian
++#$config_directory/access:f:root:-:644:p1
++#$config_directory/aliases:f:root:-:644:p1
++#$config_directory/bounce.cf.default:f:root:-:644:1
++#$config_directory/canonical:f:root:-:644:p1
++#$config_directory/cidr_table:f:root:-:644:o
++#$config_directory/generic:f:root:-:644:p1
++#$config_directory/generics:f:root:-:644:o
++#$config_directory/header_checks:f:root:-:644:p1
++#$config_directory/install.cf:f:root:-:644:o
++#$config_directory/main.cf.default:f:root:-:644:1
+ $config_directory/main.cf:f:root:-:644:p
+ $config_directory/master.cf:f:root:-:644:p
+-$config_directory/pcre_table:f:root:-:644:o
+-$config_directory/regexp_table:f:root:-:644:o
+-$config_directory/relocated:f:root:-:644:p1
+-$config_directory/tcp_table:f:root:-:644:o
+-$config_directory/transport:f:root:-:644:p1
+-$config_directory/virtual:f:root:-:644:p1
++#$config_directory/pcre_table:f:root:-:644:o
++#$config_directory/regexp_table:f:root:-:644:o
++#$config_directory/relocated:f:root:-:644:p1
++#$config_directory/tcp_table:f:root:-:644:o
++#$config_directory/transport:f:root:-:644:p1
++#$config_directory/virtual:f:root:-:644:p1
+ $config_directory/postfix-script:f:root:-:755:o
+-$config_directory/postfix-script-sgid:f:root:-:755:o
+-$config_directory/postfix-script-nosgid:f:root:-:755:o
++#$config_directory/postfix-script-sgid:f:root:-:755:o
++#$config_directory/postfix-script-nosgid:f:root:-:755:o
+ $config_directory/post-install:f:root:-:755:o
+ $manpage_directory/man1/mailq.1:f:root:-:644
+ $manpage_directory/man1/newaliases.1:f:root:-:644
diff --git a/debian/patches/05_debian_manpage_differences.diff b/debian/patches/05_debian_manpage_differences.diff
new file mode 100644
index 0000000..f387ab9
--- /dev/null
+++ b/debian/patches/05_debian_manpage_differences.diff
@@ -0,0 +1,159 @@
+Index: postfix-dev/conf/postfix-files
+===================================================================
+--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:07:21.045697994 -0500
++++ postfix-dev/conf/postfix-files 2019-03-01 11:17:55.721711534 -0500
+@@ -166,79 +166,81 @@
+ #$config_directory/postfix-script-sgid:f:root:-:755:o
+ #$config_directory/postfix-script-nosgid:f:root:-:755:o
+ $config_directory/post-install:f:root:-:755:o
+-$manpage_directory/man1/mailq.1:f:root:-:644
+-$manpage_directory/man1/newaliases.1:f:root:-:644
+-$manpage_directory/man1/postalias.1:f:root:-:644
+-$manpage_directory/man1/postcat.1:f:root:-:644
+-$manpage_directory/man1/postconf.1:f:root:-:644
+-$manpage_directory/man1/postdrop.1:f:root:-:644
+-$manpage_directory/man1/postfix.1:f:root:-:644
+-$manpage_directory/man1/postfix-tls.1:f:root:-:644
+-$manpage_directory/man1/postkick.1:f:root:-:644
+-$manpage_directory/man1/postlock.1:f:root:-:644
+-$manpage_directory/man1/postlog.1:f:root:-:644
+-$manpage_directory/man1/postmap.1:f:root:-:644
+-$manpage_directory/man1/postmulti.1:f:root:-:644
+-$manpage_directory/man1/postqueue.1:f:root:-:644
+-$manpage_directory/man1/postsuper.1:f:root:-:644
+-$manpage_directory/man1/sendmail.1:f:root:-:644
+-$manpage_directory/man5/access.5:f:root:-:644
+-$manpage_directory/man5/aliases.5:f:root:-:644
+-$manpage_directory/man5/body_checks.5:f:root:-:644
+-$manpage_directory/man5/bounce.5:f:root:-:644
+-$manpage_directory/man5/canonical.5:f:root:-:644
+-$manpage_directory/man5/cidr_table.5:f:root:-:644
+-$manpage_directory/man5/generics.5:f:root:-:644:o
+-$manpage_directory/man5/generic.5:f:root:-:644
+-$manpage_directory/man5/header_checks.5:f:root:-:644
+-$manpage_directory/man5/ldap_table.5:f:root:-:644
+-$manpage_directory/man5/lmdb_table.5:f:root:-:644
+-$manpage_directory/man5/master.5:f:root:-:644
+-$manpage_directory/man5/memcache_table.5:f:root:-:644
+-$manpage_directory/man5/mysql_table.5:f:root:-:644
+-$manpage_directory/man5/socketmap_table.5:f:root:-:644
+-$manpage_directory/man5/sqlite_table.5:f:root:-:644
+-$manpage_directory/man5/nisplus_table.5:f:root:-:644
+-$manpage_directory/man5/pcre_table.5:f:root:-:644
+-$manpage_directory/man5/pgsql_table.5:f:root:-:644
+-$manpage_directory/man5/postconf.5:f:root:-:644
+-$manpage_directory/man5/postfix-wrapper.5:f:root:-:644
+-$manpage_directory/man5/regexp_table.5:f:root:-:644
+-$manpage_directory/man5/relocated.5:f:root:-:644
+-$manpage_directory/man5/tcp_table.5:f:root:-:644
+-$manpage_directory/man5/transport.5:f:root:-:644
+-$manpage_directory/man5/virtual.5:f:root:-:644
+-$manpage_directory/man8/bounce.8:f:root:-:644
+-$manpage_directory/man8/cleanup.8:f:root:-:644
+-$manpage_directory/man8/anvil.8:f:root:-:644
+-$manpage_directory/man8/defer.8:f:root:-:644
+-$manpage_directory/man8/discard.8:f:root:-:644
+-$manpage_directory/man8/dnsblog.8:f:root:-:644
+-$manpage_directory/man8/error.8:f:root:-:644
+-$manpage_directory/man8/flush.8:f:root:-:644
+-$manpage_directory/man8/lmtp.8:f:root:-:644
+-$manpage_directory/man8/local.8:f:root:-:644
+-$manpage_directory/man8/master.8:f:root:-:644
+-$manpage_directory/man8/nqmgr.8:f:root:-:644:o
+-$manpage_directory/man8/oqmgr.8:f:root:-:644:
+-$manpage_directory/man8/pickup.8:f:root:-:644
+-$manpage_directory/man8/pipe.8:f:root:-:644
+-$manpage_directory/man8/postlogd.8:f:root:-:644
+-$manpage_directory/man8/postscreen.8:f:root:-:644
+-$manpage_directory/man8/proxymap.8:f:root:-:644
+-$manpage_directory/man8/qmgr.8:f:root:-:644
+-$manpage_directory/man8/qmqpd.8:f:root:-:644
+-$manpage_directory/man8/scache.8:f:root:-:644
+-$manpage_directory/man8/showq.8:f:root:-:644
+-$manpage_directory/man8/smtp.8:f:root:-:644
+-$manpage_directory/man8/smtpd.8:f:root:-:644
+-$manpage_directory/man8/spawn.8:f:root:-:644
+-$manpage_directory/man8/tlsproxy.8:f:root:-:644
+-$manpage_directory/man8/tlsmgr.8:f:root:-:644
+-$manpage_directory/man8/trace.8:f:root:-:644
+-$manpage_directory/man8/trivial-rewrite.8:f:root:-:644
+-$manpage_directory/man8/verify.8:f:root:-:644
+-$manpage_directory/man8/virtual.8:f:root:-:644
++$manpage_directory/man1/mailq.1.gz:f:root:-:644
++$manpage_directory/man1/newaliases.1.gz:f:root:-:644
++$manpage_directory/man1/postalias.1.gz:f:root:-:644
++$manpage_directory/man1/postcat.1.gz:f:root:-:644
++$manpage_directory/man1/postconf.1.gz:f:root:-:644
++$manpage_directory/man1/postdrop.1.gz:f:root:-:644
++$manpage_directory/man1/postfix.1.gz:f:root:-:644
++$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
++$manpage_directory/man1/postkick.1.gz:f:root:-:644
++$manpage_directory/man1/postlock.1.gz:f:root:-:644
++$manpage_directory/man1/postlog.1.gz:f:root:-:644
++$manpage_directory/man1/postmap.1.gz:f:root:-:644
++$manpage_directory/man1/postmulti.1.gz:f:root:-:644
++$manpage_directory/man1/postqueue.1.gz:f:root:-:644
++$manpage_directory/man1/postsuper.1.gz:f:root:-:644
++$manpage_directory/man1/sendmail.1.gz:f:root:-:644
++$manpage_directory/man5/access.5.gz:f:root:-:644
++$manpage_directory/man5/aliases.5.gz:f:root:-:644
++$manpage_directory/man5/body_checks.5.gz:f:root:-:644
++$manpage_directory/man5/bounce.5.gz:f:root:-:644
++$manpage_directory/man5/canonical.5.gz:f:root:-:644
++$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
++$manpage_directory/man5/generics.5.gz:f:root:-:644:o
++$manpage_directory/man5/generic.5.gz:f:root:-:644
++$manpage_directory/man5/header_checks.5.gz:f:root:-:644
++$manpage_directory/man5/ldap_table.5.gz:f:root:-:644
++$manpage_directory/man5/lmdb_table.5.gz:f:root:-:644
++$manpage_directory/man5/master.5.gz:f:root:-:644
++$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
++$manpage_directory/man5/mysql_table.5.gz:f:root:-:644
++$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
++$manpage_directory/man5/sqlite_table.5.gz:f:root:-:644
++$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
++$manpage_directory/man5/pcre_table.5.gz:f:root:-:644
++$manpage_directory/man5/pgsql_table.5.gz:f:root:-:644
++$manpage_directory/man5/postconf.5.gz:f:root:-:644
++$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
++$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
++$manpage_directory/man5/relocated.5.gz:f:root:-:644
++$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
++$manpage_directory/man5/transport.5.gz:f:root:-:644
++$manpage_directory/man5/virtual.5.gz:f:root:-:644
++$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
++$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
++$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
++$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
++$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
++$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
++$manpage_directory/man8/error.8postfix.gz:f:root:-:644
++$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
++$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
++$manpage_directory/man8/local.8postfix.gz:f:root:-:644
++$manpage_directory/man8/master.8postfix.gz:f:root:-:644
++$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
++$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
++$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
++$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
++$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
++$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
++$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
++$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
++$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
++$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
++$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
++$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
++$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
++$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
++$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
++$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
++$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
++$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
++$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
++$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
++$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
++$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644
+ $sample_directory/sample-aliases.cf:f:root:-:644:o
+ $sample_directory/sample-auth.cf:f:root:-:644:o
+ $sample_directory/sample-canonical.cf:f:root:-:644:o
diff --git a/debian/patches/05_debian_readme_differences.diff b/debian/patches/05_debian_readme_differences.diff
new file mode 100644
index 0000000..4e594e1
--- /dev/null
+++ b/debian/patches/05_debian_readme_differences.diff
@@ -0,0 +1,120 @@
+Index: postfix-dev/conf/postfix-files
+===================================================================
+--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:19:12.133713164 -0500
++++ postfix-dev/conf/postfix-files 2019-03-01 11:19:12.129713164 -0500
+@@ -273,65 +273,65 @@
+ $sample_directory/sample-transport.cf:f:root:-:644:o
+ $sample_directory/sample-verify.cf:f:root:-:644:o
+ $sample_directory/sample-virtual.cf:f:root:-:644:o
+-$readme_directory/AAAREADME:f:root:-:644
+-$readme_directory/ADDRESS_CLASS_README:f:root:-:644
+-$readme_directory/ADDRESS_REWRITING_README:f:root:-:644
+-$readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644
+-$readme_directory/BACKSCATTER_README:f:root:-:644
+-$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
+-$readme_directory/BUILTIN_FILTER_README:f:root:-:644
++$readme_directory/README.gz:f:root:-:644
++$readme_directory/ADDRESS_CLASS_README.gz:f:root:-:644
++$readme_directory/ADDRESS_REWRITING_README.gz:f:root:-:644
++$readme_directory/ADDRESS_VERIFICATION_README.gz:f:root:-:644
++$readme_directory/BACKSCATTER_README.gz:f:root:-:644
++$readme_directory/BASIC_CONFIGURATION_README.gz:f:root:-:644
++$readme_directory/BUILTIN_FILTER_README.gz:f:root:-:644
+ $readme_directory/CDB_README:f:root:-:644
+-$readme_directory/COMPATIBILITY_README:f:root:-:644
+-$readme_directory/CONNECTION_CACHE_README:f:root:-:644
++$readme_directory/COMPATIBILITY_README.gz:f:root:-:644
++$readme_directory/CONNECTION_CACHE_README.gz:f:root:-:644
+ $readme_directory/CONTENT_INSPECTION_README:f:root:-:644
+-$readme_directory/DATABASE_README:f:root:-:644
+-$readme_directory/DB_README:f:root:-:644
+-$readme_directory/DEBUG_README:f:root:-:644
+-$readme_directory/DSN_README:f:root:-:644
+-$readme_directory/ETRN_README:f:root:-:644
+-$readme_directory/FILTER_README:f:root:-:644
+-$readme_directory/FORWARD_SECRECY_README:f:root:-:644
+-$readme_directory/HOSTING_README:f:root:-:644:o
+-$readme_directory/INSTALL:f:root:-:644
+-$readme_directory/IPV6_README:f:root:-:644
+-$readme_directory/LDAP_README:f:root:-:644
++$readme_directory/DATABASE_README.gz:f:root:-:644
++$readme_directory/DB_README.gz:f:root:-:644
++$readme_directory/DEBUG_README.gz:f:root:-:644
++$readme_directory/DSN_README.gz:f:root:-:644
++$readme_directory/ETRN_README.gz:f:root:-:644
++$readme_directory/FILTER_README.gz:f:root:-:644
++$readme_directory/FORWARD_SECRECY_README.gz:f:root:-:644
++#$readme_directory/HOSTING_README:f:root:-:644:o
++#$readme_directory/INSTALL:f:root:-:644
++$readme_directory/IPV6_README.gz:f:root:-:644
++$readme_directory/LDAP_README.gz:f:root:-:644
+ $readme_directory/LINUX_README:f:root:-:644
+-$readme_directory/LMDB_README:f:root:-:644
+-$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
++$readme_directory/LMDB_README.gz:f:root:-:644
++$readme_directory/LOCAL_RECIPIENT_README.gz:f:root:-:644
+ $readme_directory/MACOSX_README:f:root:-:644:o
+-$readme_directory/MAILDROP_README:f:root:-:644
++$readme_directory/MAILDROP_README.gz:f:root:-:644
+ $readme_directory/MEMCACHE_README:f:root:-:644
+-$readme_directory/MILTER_README:f:root:-:644
+-$readme_directory/MULTI_INSTANCE_README:f:root:-:644
+-$readme_directory/MYSQL_README:f:root:-:644
++$readme_directory/MILTER_README.gz:f:root:-:644
++$readme_directory/MULTI_INSTANCE_README.gz:f:root:-:644
++$readme_directory/MYSQL_README.gz:f:root:-:644
+ $readme_directory/SQLITE_README:f:root:-:644
+-$readme_directory/NFS_README:f:root:-:644
+-$readme_directory/OVERVIEW:f:root:-:644
+-$readme_directory/PACKAGE_README:f:root:-:644
++$readme_directory/NFS_README.gz:f:root:-:644
++$readme_directory/OVERVIEW.gz:f:root:-:644
++$readme_directory/PACKAGE_README.gz:f:root:-:644
+ $readme_directory/PCRE_README:f:root:-:644
+-$readme_directory/PGSQL_README:f:root:-:644
+-$readme_directory/POSTSCREEN_README:f:root:-:644
++$readme_directory/PGSQL_README.gz:f:root:-:644
++$readme_directory/POSTSCREEN_README.gz:f:root:-:644
+ $readme_directory/QMQP_README:f:root:-:644:o
+-$readme_directory/QSHAPE_README:f:root:-:644
+-$readme_directory/RELEASE_NOTES:f:root:-:644
+-$readme_directory/RESTRICTION_CLASS_README:f:root:-:644
+-$readme_directory/SASL_README:f:root:-:644
+-$readme_directory/SCHEDULER_README:f:root:-:644
+-$readme_directory/SMTPD_ACCESS_README:f:root:-:644
+-$readme_directory/SMTPD_POLICY_README:f:root:-:644
+-$readme_directory/SMTPD_PROXY_README:f:root:-:644
+-$readme_directory/SOHO_README:f:root:-:644
+-$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644
+-$readme_directory/STRESS_README:f:root:-:644
+-$readme_directory/TLS_LEGACY_README:f:root:-:644
+-$readme_directory/TLS_README:f:root:-:644
+-$readme_directory/TUNING_README:f:root:-:644
++$readme_directory/QSHAPE_README.gz:f:root:-:644
++$readme_directory/RELEASE_NOTES.gz:f:root:-:644
++$readme_directory/RESTRICTION_CLASS_README.gz:f:root:-:644
++$readme_directory/SASL_README.gz:f:root:-:644
++$readme_directory/SCHEDULER_README.gz:f:root:-:644
++$readme_directory/SMTPD_ACCESS_README.gz:f:root:-:644
++$readme_directory/SMTPD_POLICY_README.gz:f:root:-:644
++$readme_directory/SMTPD_PROXY_README.gz:f:root:-:644
++$readme_directory/SOHO_README.gz:f:root:-:644
++$readme_directory/STANDARD_CONFIGURATION_README.gz:f:root:-:644
++$readme_directory/STRESS_README.gz:f:root:-:644
++$readme_directory/TLS_LEGACY_README.gz:f:root:-:644
++$readme_directory/TLS_README.gz:f:root:-:644
++$readme_directory/TUNING_README.gz:f:root:-:644
+ $readme_directory/ULTRIX_README:f:root:-:644
+-$readme_directory/UUCP_README:f:root:-:644
+-$readme_directory/VERP_README:f:root:-:644
+-$readme_directory/VIRTUAL_README:f:root:-:644
+-$readme_directory/XCLIENT_README:f:root:-:644
+-$readme_directory/XFORWARD_README:f:root:-:644
++$readme_directory/UUCP_README.gz:f:root:-:644
++$readme_directory/VERP_README.gz:f:root:-:644
++$readme_directory/VIRTUAL_README.gz:f:root:-:644
++$readme_directory/XCLIENT_README.gz:f:root:-:644
++$readme_directory/XFORWARD_README.gz:f:root:-:644
+ $html_directory/ADDRESS_CLASS_README.html:f:root:-:644
+ $html_directory/ADDRESS_REWRITING_README.html:f:root:-:644
+ $html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644
diff --git a/debian/patches/06_debian_paths.diff b/debian/patches/06_debian_paths.diff
new file mode 100644
index 0000000..3a71195
--- /dev/null
+++ b/debian/patches/06_debian_paths.diff
@@ -0,0 +1,110 @@
+Index: postfix-dev/conf/main.cf
+===================================================================
+--- postfix-dev.orig/conf/main.cf 2019-03-01 11:19:20.961713352 -0500
++++ postfix-dev/conf/main.cf 2019-03-01 11:19:20.953713352 -0500
+@@ -47,7 +47,7 @@
+ # See the files in examples/chroot-setup for setting up Postfix chroot
+ # environments on different UNIX systems.
+ #
+-queue_directory = /var/spool/postfix
++#queue_directory = /var/spool/postfix
+
+ # The command_directory parameter specifies the location of all
+ # postXXX commands.
+@@ -58,7 +58,7 @@
+ # daemon programs (i.e. programs listed in the master.cf file). This
+ # directory must be owned by root.
+ #
+-daemon_directory = /usr/libexec/postfix
++daemon_directory = /usr/lib/postfix/sbin
+
+ # The data_directory parameter specifies the location of Postfix-writable
+ # data files (caches, random numbers). This directory must be owned
+@@ -465,8 +465,8 @@
+ # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+ # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+ #
+-#mailbox_command = /some/where/procmail
+-#mailbox_command = /some/where/procmail -a "$EXTENSION"
++#mailbox_command = /usr/bin/procmail
++#mailbox_command = /usr/bin/procmail -a "$EXTENSION"
+
+ # The mailbox_transport specifies the optional transport in master.cf
+ # to use after processing aliases and .forward files. This parameter
+Index: postfix-dev/examples/smtpd-policy/greylist.pl
+===================================================================
+--- postfix-dev.orig/examples/smtpd-policy/greylist.pl 2019-03-01 11:19:20.961713352 -0500
++++ postfix-dev/examples/smtpd-policy/greylist.pl 2019-03-01 11:19:20.953713352 -0500
+@@ -73,7 +73,7 @@
+ # In case of database corruption, this script saves the database as
+ # $database_name.time(), so that the mail system does not get stuck.
+ #
+-$database_name="/var/mta/greylist.db";
++$database_name="/var/lib/postfix/greylist.db";
+ $greylist_delay=60;
+
+ #
+Index: postfix-dev/makedefs
+===================================================================
+--- postfix.orig/makedefs
++++ postfix/makedefs
+@@ -496,11 +496,18 @@ case "$SYSTEM.$RELEASE" in
+ exit 1
+ fi
+ SYSLIBS="-ldb"
++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null |
++ sed -n '/^libraries: =/s/libraries: =//p' |
++ sed -e 's/:/\n/g' | xargs -n1 readlink -f |
++ grep -v 'gcc\|/[0-9.]\+$' | sort -u)
++ if [ -z "$SEARCHDIRS" ]; then
++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib"
++ fi
+ ;;
+ esac
+ for name in nsl resolv $GDBM_LIBS
+ do
+- for lib in /usr/lib64 /lib64 /usr/lib /lib
++ for lib in $SEARCHDIRS
+ do
+ test -e $lib/lib$name.a -o -e $lib/lib$name.so && {
+ SYSLIBS="$SYSLIBS -l$name"
+@@ -575,11 +582,18 @@ EOF
+ exit 1
+ fi
+ SYSLIBS="-ldb"
++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null |
++ sed -n '/^libraries: =/s/libraries: =//p' |
++ sed -e 's/:/\n/g' | xargs -n1 readlink -f |
++ grep -v 'gcc\|/[0-9.]\+$' | sort -u)
++ if [ -z "$SEARCHDIRS" ]; then
++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib"
++ fi
+ ;;
+ esac
+ for name in nsl resolv
+ do
+- for lib in /usr/lib64 /lib64 /usr/lib /usr/lib/* /lib /lib/*
++ for lib in $SEARCHDIRS
+ do
+ test -e $lib/lib$name.a -o -e $lib/lib$name.so && {
+ SYSLIBS="$SYSLIBS -l$name"
+@@ -613,11 +627,18 @@ EOF
+ exit 1
+ fi
+ SYSLIBS="-ldb"
++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null |
++ sed -n '/^libraries: =/s/libraries: =//p' |
++ sed -e 's/:/\n/g' | xargs -n1 readlink -f |
++ grep -v 'gcc\|/[0-9.]\+$' | sort -u)
++ if [ -z "$SEARCHDIRS" ]; then
++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib"
++ fi
+ ;;
+ esac
+ for name in nsl resolv
+ do
+- for lib in /usr/lib64 /lib64 /usr/lib /lib
++ for lib in $SEARCHDIRS
+ do
+ test -e $lib/lib$name.a -o -e $lib/lib$name.so && {
+ SYSLIBS="$SYSLIBS -l$name"
diff --git a/debian/patches/07_sasl_config.diff b/debian/patches/07_sasl_config.diff
new file mode 100644
index 0000000..ecdcbdd
--- /dev/null
+++ b/debian/patches/07_sasl_config.diff
@@ -0,0 +1,95 @@
+Index: postfix-dev/src/xsasl/xsasl_cyrus_client.c
+===================================================================
+--- postfix-dev.orig/src/xsasl/xsasl_cyrus_client.c 2019-03-01 11:19:26.777713476 -0500
++++ postfix-dev/src/xsasl/xsasl_cyrus_client.c 2019-03-01 11:19:26.769713476 -0500
+@@ -229,6 +229,9 @@
+ */
+ static sasl_callback_t callbacks[] = {
+ {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, 0},
++#ifdef SASL_CB_GETCONFPATH
++ {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0},
++#endif
+ {SASL_CB_LIST_END, 0, 0}
+ };
+
+Index: postfix-dev/src/xsasl/xsasl_cyrus_common.h
+===================================================================
+--- postfix-dev.orig/src/xsasl/xsasl_cyrus_common.h 2019-03-01 11:19:26.777713476 -0500
++++ postfix-dev/src/xsasl/xsasl_cyrus_common.h 2019-03-01 11:19:26.769713476 -0500
+@@ -16,12 +16,18 @@
+ */
+ #if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL)
+
++#include <sasl.h>
++
+ #define NO_SASL_LANGLIST ((const char *) 0)
+ #define NO_SASL_OUTLANG ((const char **) 0)
+ #define xsasl_cyrus_strerror(status) \
+ sasl_errstring((status), NO_SASL_LANGLIST, NO_SASL_OUTLANG)
+ extern int xsasl_cyrus_log(void *, int, const char *);
+ extern int xsasl_cyrus_security_parse_opts(const char *);
++extern int xsasl_getpath(void * context, char ** path);
++#ifdef SASL_CB_GETCONFPATH
++extern int xsasl_getconfpath(void * context, char ** path);
++#endif
+
+ #endif
+
+Index: postfix-dev/src/xsasl/xsasl_cyrus_log.c
+===================================================================
+--- postfix-dev.orig/src/xsasl/xsasl_cyrus_log.c 2019-03-01 11:19:26.777713476 -0500
++++ postfix-dev/src/xsasl/xsasl_cyrus_log.c 2019-03-01 11:19:26.769713476 -0500
+@@ -28,10 +28,16 @@
+ /* System library. */
+
+ #include <sys_defs.h>
++#include <string.h>
+
+ /* Utility library. */
+
+ #include <msg.h>
++#include <stringops.h>
++
++/* Global library. */
++
++#include <mail_params.h>
+
+ /* Application-specific */
+
+@@ -101,4 +107,22 @@
+ return (SASL_OK);
+ }
+
++int xsasl_getpath(void * context, char ** path)
++{
++#if SASL_VERSION_MAJOR >= 2
++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);
++#else
++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0);
++#endif
++ return SASL_OK;
++}
++
++#ifdef SASL_CB_GETCONFPATH
++int xsasl_getconfpath(void * context, char ** path)
++{
++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0);
++ return SASL_OK;
++}
++#endif
++
+ #endif
+Index: postfix-dev/src/xsasl/xsasl_cyrus_server.c
+===================================================================
+--- postfix-dev.orig/src/xsasl/xsasl_cyrus_server.c 2019-03-01 11:19:26.777713476 -0500
++++ postfix-dev/src/xsasl/xsasl_cyrus_server.c 2019-03-01 11:19:26.773713476 -0500
+@@ -181,6 +181,9 @@
+
+ static sasl_callback_t callbacks[] = {
+ {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, NO_CALLBACK_CONTEXT},
++#ifdef SASL_CB_GETCONFPATH
++ {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0},
++#endif
+ {SASL_CB_LIST_END, 0, 0}
+ };
+
diff --git a/debian/patches/09_quiet_startup.diff b/debian/patches/09_quiet_startup.diff
new file mode 100644
index 0000000..f87388e
--- /dev/null
+++ b/debian/patches/09_quiet_startup.diff
@@ -0,0 +1,86 @@
+Index: postfix-dev/conf/postfix-script
+===================================================================
+--- postfix-dev.orig/conf/postfix-script 2019-03-01 11:19:36.053713674 -0500
++++ postfix-dev/conf/postfix-script 2019-03-01 11:19:36.049713674 -0500
+@@ -47,6 +47,13 @@
+ FATAL="$LOGGER -p fatal"
+ PANIC="$LOGGER -p panic"
+
++if [ "X${1#quiet-}" != "X${1}" ]; then
++ INFO=:
++ x=${1#quiet-}
++ shift
++ set -- $x "$@"
++fi
++
+ umask 022
+ SHELL=/bin/sh
+
+@@ -122,6 +129,20 @@
+ echo "Stop postfix"
+ ;;
+
++quick-start)
++
++ $daemon_directory/master -t 2>/dev/null || {
++ $FATAL the Postfix mail system is already running
++ exit 1
++ }
++ $daemon_directory/postfix-script quick-check || {
++ $FATAL Postfix integrity check failed!
++ exit 1
++ }
++ $INFO starting the Postfix mail system
++ $daemon_directory/master &
++ ;;
++
+ start|start-fg)
+
+ $daemon_directory/master -t 2>/dev/null || {
+@@ -189,7 +210,7 @@
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+- exit 1
++ exit 0
+ }
+ $INFO stopping the Postfix mail system
+ kill `sed 1q pid/master.pid`
+@@ -208,7 +229,7 @@
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $FATAL the Postfix mail system is not running
+- exit 1
++ exit 0
+ }
+ $INFO aborting the Postfix mail system
+ kill `sed 1q pid/master.pid`
+@@ -252,12 +273,11 @@
+ exit 0
+ ;;
+
+-
+-check-fatal)
++quick-check)
+ # This command is NOT part of the public interface.
+
+ $SHELL $daemon_directory/post-install create-missing || {
+- $FATAL unable to create missing queue directories
++ $WARN unable to create missing queue directories
+ exit 1
+ }
+
+@@ -267,6 +287,13 @@
+ $FATAL no $config_directory/master.cf file found
+ exit 1
+ }
++ exit 0
++ ;;
++
++check-fatal)
++ # This command is NOT part of the public interface.
++
++ $daemon_directory/postfix-script quick-check
+
+ maillog_file=`$command_directory/postconf -h maillog_file` || {
+ $FATAL cannot execute $command_directory/postconf!
diff --git a/debian/patches/10_openssl_version_check.diff b/debian/patches/10_openssl_version_check.diff
new file mode 100644
index 0000000..b282f81
--- /dev/null
+++ b/debian/patches/10_openssl_version_check.diff
@@ -0,0 +1,32 @@
+Index: postfix/src/tls/tls_misc.c
+===================================================================
+--- postfix.orig/src/tls/tls_misc.c
++++ postfix/src/tls/tls_misc.c
+@@ -1258,26 +1258,7 @@ static void tls_version_split(unsigned l
+
+ void tls_check_version(void)
+ {
+- TLS_VINFO hdr_info;
+- TLS_VINFO lib_info;
+-
+- tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
+- tls_version_split(OpenSSL_version_num(), &lib_info);
+-
+- /*
+- * Warn if run-time library is different from compile-time library,
+- * allowing later run-time "micro" versions starting with 1.1.0.
+- */
+- if (lib_info.major != hdr_info.major
+- || lib_info.minor != hdr_info.minor
+- || (lib_info.micro != hdr_info.micro
+- && (lib_info.micro < hdr_info.micro
+- || hdr_info.major == 0
+- || (hdr_info.major == 1 && hdr_info.minor == 0))))
+- msg_warn("run-time library vs. compile-time header version mismatch: "
+- "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
+- lib_info.major, lib_info.minor, lib_info.micro,
+- hdr_info.major, hdr_info.minor, hdr_info.micro);
++ /* Debian will change the soname if openssl is ever incompatible. */
+ }
+
+ /* tls_compile_version - compile-time OpenSSL version */
diff --git a/debian/patches/12_add_bind_now_and_relro_to_pie.diff b/debian/patches/12_add_bind_now_and_relro_to_pie.diff
new file mode 100644
index 0000000..214d4d7
--- /dev/null
+++ b/debian/patches/12_add_bind_now_and_relro_to_pie.diff
@@ -0,0 +1,26 @@
+Subject: add immediate binding and relro when enabling position independent
+ executables
+Author: Steve Beattie <steve.beattie@canonical.com>
+
+When enabling position independent executables (-pie) to get better
+Address Space Layout Protection, using immediate binding (linking with
+"-z now") gives better protection as well. Added relro to the patch as well
+since it seems to have gotten lost somewhere (ScottK/2016-07-29).
+
+---
+ makedefs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: postfix-dev/makedefs
+===================================================================
+--- postfix.orig/makedefs
++++ postfix/makedefs
+@@ -1213,7 +1213,7 @@ case "$pie" in
+ case " $CCARGS " in
+ *" $CCARGS_PIE "*) CCARGS_PIE=;;
+ esac
+- SYSLIBS_PIE="-pie";;
++ SYSLIBS_PIE="-pie -z relro -z now";;
+ ""|no) ;;
+ *) error "Specify \"pie=yes\" or \"pie=no\"";;
+ esac
diff --git a/debian/patches/30_shared_libs.diff b/debian/patches/30_shared_libs.diff
new file mode 100644
index 0000000..801c090
--- /dev/null
+++ b/debian/patches/30_shared_libs.diff
@@ -0,0 +1,54 @@
+Index: postfix/src/dns/Makefile.in
+===================================================================
+--- postfix.orig/src/dns/Makefile.in
++++ postfix/src/dns/Makefile.in
+@@ -63,7 +63,7 @@ root_tests:
+ $(LIB): $(OBJS)
+ $(AR) $(ARFL) $(LIB) $?
+ $(RANLIB) $(LIB)
+- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS)
++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) -L../../lib -lpostfix-util -lpostfix-global
+
+ $(LIB_DIR)/$(LIB): $(LIB)
+ cp $(LIB) $(LIB_DIR)
+Index: postfix/src/global/Makefile.in
+===================================================================
+--- postfix.orig/src/global/Makefile.in
++++ postfix/src/global/Makefile.in
+@@ -144,7 +144,7 @@ test: $(TESTPROG)
+ $(LIB): $(OBJS)
+ $(AR) $(ARFL) $(LIB) $?
+ $(RANLIB) $(LIB)
+- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS)
++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) -L../../lib -lpostfix-util
+
+ $(LIB_DIR)/$(LIB): $(LIB)
+ cp $(LIB) $(LIB_DIR)
+Index: postfix/src/master/Makefile.in
+===================================================================
+--- postfix.orig/src/master/Makefile.in
++++ postfix/src/master/Makefile.in
+@@ -44,7 +44,8 @@ root_tests:
+ $(LIB): $(LIB_OBJ)
+ $(AR) $(ARFL) $(LIB) $?
+ $(RANLIB) $(LIB)
+- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(LIB_OBJ) $(SHLIB_SYSLIBS)
++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(LIB_OBJ) $(SHLIB_SYSLIBS) \
++ -L../../lib -lpostfix-global -lpostfix-util
+
+ $(LIB_DIR)/$(LIB): $(LIB)
+ cp $(LIB) $(LIB_DIR)/$(LIB)
+Index: postfix/src/tls/Makefile.in
+===================================================================
+--- postfix.orig/src/tls/Makefile.in
++++ postfix/src/tls/Makefile.in
+@@ -81,7 +81,8 @@ root_tests:
+ $(LIB): $(OBJS)
+ $(AR) $(ARFL) $(LIB) $?
+ $(RANLIB) $(LIB)
+- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS)
++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) \
++ -L../../lib -lpostfix-dns -lpostfix-global -lpostfix-util
+
+ $(LIB_DIR)/$(LIB): $(LIB)
+ cp $(LIB) $(LIB_DIR)
diff --git a/debian/patches/40_chroot_by_default.diff b/debian/patches/40_chroot_by_default.diff
new file mode 100644
index 0000000..0d62c87
--- /dev/null
+++ b/debian/patches/40_chroot_by_default.diff
@@ -0,0 +1,131 @@
+Index: postfix-dev/conf/master.cf
+===================================================================
+--- postfix-dev.orig/conf/master.cf 2019-03-01 11:42:37.729743149 -0500
++++ postfix-dev/conf/master.cf 2019-03-01 11:46:07.493747624 -0500
+@@ -9,12 +9,12 @@
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (no) (never) (100)
+ # ==========================================================================
+-smtp inet n - n - - smtpd
+-#smtp inet n - n - 1 postscreen
+-#smtpd pass - - n - - smtpd
+-#dnsblog unix - - n - 0 dnsblog
+-#tlsproxy unix - - n - 0 tlsproxy
+-#submission inet n - n - - smtpd
++smtp inet n - y - - smtpd
++#smtp inet n - y - 1 postscreen
++#smtpd pass - - y - - smtpd
++#dnsblog unix - - y - 0 dnsblog
++#tlsproxy unix - - y - 0 tlsproxy
++#submission inet n - y - - smtpd
+ # -o syslog_name=postfix/submission
+ # -o smtpd_tls_security_level=encrypt
+ # -o smtpd_sasl_auth_enable=yes
+@@ -26,7 +26,7 @@
+ # -o smtpd_recipient_restrictions=
+ # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+ # -o milter_macro_daemon_name=ORIGINATING
+-#smtps inet n - n - - smtpd
++#smtps inet n - y - - smtpd
+ # -o syslog_name=postfix/smtps
+ # -o smtpd_tls_wrappermode=yes
+ # -o smtpd_sasl_auth_enable=yes
+@@ -37,33 +37,33 @@
+ # -o smtpd_recipient_restrictions=
+ # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+ # -o milter_macro_daemon_name=ORIGINATING
+-#628 inet n - n - - qmqpd
+-pickup unix n - n 60 1 pickup
+-cleanup unix n - n - 0 cleanup
++#628 inet n - y - - qmqpd
++pickup unix n - y 60 1 pickup
++cleanup unix n - y - 0 cleanup
+ qmgr unix n - n 300 1 qmgr
+ #qmgr unix n - n 300 1 oqmgr
+-tlsmgr unix - - n 1000? 1 tlsmgr
+-rewrite unix - - n - - trivial-rewrite
+-bounce unix - - n - 0 bounce
+-defer unix - - n - 0 bounce
+-trace unix - - n - 0 bounce
+-verify unix - - n - 1 verify
+-flush unix n - n 1000? 0 flush
++tlsmgr unix - - y 1000? 1 tlsmgr
++rewrite unix - - y - - trivial-rewrite
++bounce unix - - y - 0 bounce
++defer unix - - y - 0 bounce
++trace unix - - y - 0 bounce
++verify unix - - y - 1 verify
++flush unix n - y 1000? 0 flush
+ proxymap unix - - n - - proxymap
+ proxywrite unix - - n - 1 proxymap
+-smtp unix - - n - - smtp
+-relay unix - - n - - smtp
++smtp unix - - y - - smtp
++relay unix - - y - - smtp
+ -o syslog_name=postfix/$service_name
+ # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+-showq unix n - n - - showq
+-error unix - - n - - error
+-retry unix - - n - - error
+-discard unix - - n - - discard
++showq unix n - y - - showq
++error unix - - y - - error
++retry unix - - y - - error
++discard unix - - y - - discard
+ local unix - n n - - local
+ virtual unix - n n - - virtual
+-lmtp unix - - n - - lmtp
+-anvil unix - - n - 1 anvil
+-scache unix - - n - 1 scache
++lmtp unix - - y - - lmtp
++anvil unix - - y - 1 anvil
++scache unix - - y - 1 scache
+ postlog unix-dgram n - n - 1 postlogd
+ #
+ # ====================================================================
+@@ -78,8 +78,8 @@
+ # maildrop. See the Postfix MAILDROP_README file for details.
+ # Also specify in main.cf: maildrop_destination_recipient_limit=1
+ #
+-#maildrop unix - n n - - pipe
+-# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
++maildrop unix - n n - - pipe
++ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+ #
+ # ====================================================================
+ #
+@@ -101,7 +101,6 @@
+ # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+ #
+ # ====================================================================
+-#
+ # Old example of delivery via Cyrus.
+ #
+ #old-cyrus unix - n n - - pipe
+@@ -118,16 +117,13 @@
+ #
+ # Other external delivery methods.
+ #
+-#ifmail unix - n n - - pipe
+-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+-#
+-#bsmtp unix - n n - - pipe
+-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+-#
+-#scalemail-backend unix - n n - 2 pipe
+-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
+-# ${nexthop} ${user} ${extension}
+-#
+-#mailman unix - n n - - pipe
+-# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+-# ${nexthop} ${user}
++ifmail unix - n n - - pipe
++ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
++bsmtp unix - n n - - pipe
++ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
++scalemail-backend unix - n n - 2 pipe
++ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
++mailman unix - n n - - pipe
++ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
++ ${nexthop} ${user}
++
diff --git a/debian/patches/41_rmail.diff b/debian/patches/41_rmail.diff
new file mode 100644
index 0000000..8664065
--- /dev/null
+++ b/debian/patches/41_rmail.diff
@@ -0,0 +1,708 @@
+Index: postfix-dev/Makefile.in
+===================================================================
+--- postfix-dev.orig/Makefile.in 2019-03-01 11:47:11.561748990 -0500
++++ postfix-dev/Makefile.in 2019-03-01 11:47:11.553748990 -0500
+@@ -8,6 +8,7 @@
+ src/pipe src/showq src/postalias src/postcat src/postconf src/postdrop \
+ src/postkick src/postlock src/postlog src/postmap src/postqueue \
+ src/postsuper src/qmqpd src/spawn src/flush src/verify \
++ rmail \
+ src/virtual src/proxymap src/anvil src/scache src/discard src/tlsmgr \
+ src/postmulti src/postscreen src/dnsblog src/tlsproxy \
+ src/posttls-finger src/postlogd
+Index: postfix-dev/conf/master.cf
+===================================================================
+--- postfix-dev.orig/conf/master.cf 2019-03-01 11:47:11.561748990 -0500
++++ postfix-dev/conf/master.cf 2019-03-01 11:47:11.553748990 -0500
+@@ -110,10 +110,8 @@
+ #
+ # See the Postfix UUCP_README file for configuration details.
+ #
+-#uucp unix - n n - - pipe
+-# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+-#
+-# ====================================================================
++uucp unix - n n - - pipe
++ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ #
+ # Other external delivery methods.
+ #
+Index: postfix-dev/rmail/LICENSE
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ postfix-dev/rmail/LICENSE 2019-03-01 11:47:11.553748990 -0500
+@@ -0,0 +1,79 @@
++ SENDMAIL LICENSE
++
++The following license terms and conditions apply, unless a different
++license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor,
++Emeryville, CA 94608, or by electronic mail at license@sendmail.com.
++
++License Terms:
++
++Use, Modification and Redistribution (including distribution of any
++modified or derived work) in source and binary forms is permitted only if
++each of the following conditions is met:
++
++1. Redistributions qualify as "freeware" or "Open Source Software" under
++ one of the following terms:
++
++ (a) Redistributions are made at no charge beyond the reasonable cost of
++ materials and delivery.
++
++ (b) Redistributions are accompanied by a copy of the Source Code or by an
++ irrevocable offer to provide a copy of the Source Code for up to three
++ years at the cost of materials and delivery. Such redistributions
++ must allow further use, modification, and redistribution of the Source
++ Code under substantially the same terms as this license. For the
++ purposes of redistribution "Source Code" means the complete compilable
++ and linkable source code of sendmail including all modifications.
++
++2. Redistributions of source code must retain the copyright notices as they
++ appear in each source code file, these license terms, and the
++ disclaimer/limitation of liability set forth as paragraph 6 below.
++
++3. Redistributions in binary form must reproduce the Copyright Notice,
++ these license terms, and the disclaimer/limitation of liability set
++ forth as paragraph 6 below, in the documentation and/or other materials
++ provided with the distribution. For the purposes of binary distribution
++ the "Copyright Notice" refers to the following language:
++ "Copyright (c) 1998-2000 Sendmail, Inc. All rights reserved."
++
++4. Neither the name of Sendmail, Inc. nor the University of California nor
++ the names of their contributors may be used to endorse or promote
++ products derived from this software without specific prior written
++ permission. The name "sendmail" is a trademark of Sendmail, Inc.
++
++5. All redistributions must comply with the conditions imposed by the
++ University of California on certain embedded code, whose copyright
++ notice and conditions for redistribution are as follows:
++
++ (a) Copyright (c) 1988, 1993 The Regents of the University of
++ California. All rights reserved.
++
++ (b) Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions
++ are met:
++
++ (i) Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++
++ (ii) Redistributions in binary form must reproduce the above
++ copyright notice, this list of conditions and the following
++ disclaimer in the documentation and/or other materials provided
++ with the distribution.
++
++ (iii) Neither the name of the University nor the names of its
++ contributors may be used to endorse or promote products derived
++ from this software without specific prior written permission.
++
++6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY
++ SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
++ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
++ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
++ NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF
++ CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
++ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
++ USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
++
++$Revision: 1.1.2.1 $, Last updated $Date: 2004/12/28 05:34:15 $
+Index: postfix-dev/rmail/Makefile.in
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ postfix-dev/rmail/Makefile.in 2019-03-01 11:47:11.553748990 -0500
+@@ -0,0 +1,56 @@
++SHELL = /bin/sh
++SRCS = rmail.c
++OBJS = rmail.o
++HDRS =
++TESTSRC =
++WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
++ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
++ -Wunused
++DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) -DHASSNPRINTF -DHASSTRERROR
++CFLAGS = $(DEBUG) $(OPT) $(DEFS)
++TESTPROG=
++PROG = rmail
++INC_DIR =
++LIBS =
++
++.c.o:; $(CC) $(CFLAGS) -c $*.c
++
++$(PROG): $(OBJS) $(LIBS)
++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
++
++Makefile: Makefile.in
++ cat ../conf/makedefs.out $? >$@
++
++test: $(TESTPROG)
++
++update: ../bin/$(PROG)
++
++../bin/$(PROG): $(PROG)
++ cp $(PROG) ../bin
++
++printfck: $(OBJS) $(PROG)
++ rm -rf printfck
++ mkdir printfck
++ sed '1,/^# do not edit/!d' Makefile >printfck/Makefile
++ set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done
++ cd printfck; make "INC_DIR=../../include" `cd ..; ls *.o`
++
++lint:
++ lint $(DEFS) $(SRCS) $(LINTFIX)
++
++clean:
++ rm -f *.o *core $(PROG) $(TESTPROG) junk
++ rm -rf printfck
++
++tidy: clean
++
++depend: $(MAKES)
++ (sed '1,/^# do not edit/!d' Makefile.in; \
++ set -e; for i in [a-z][a-z0-9]*.c; do \
++ $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \
++ -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \
++ done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in
++ @make -f Makefile.in Makefile
++
++# do not edit below this line - it is generated by 'make depend'
++rmail.o: rmail.c
+Index: postfix-dev/rmail/rmail.8
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ postfix-dev/rmail/rmail.8 2019-03-01 11:47:11.553748990 -0500
+@@ -0,0 +1,49 @@
++.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
++.\" All rights reserved.
++.\" Copyright (c) 1983, 1990
++.\" The Regents of the University of California. All rights reserved.
++.\"
++.\" By using this file, you agree to the terms and conditions set
++.\" forth in the LICENSE file which can be found at the top level of
++.\" the sendmail distribution.
++.\"
++.\"
++.\" $Id: 10rmail.dpatch,v 1.1.2.1 2004/12/28 05:34:15 lamont Exp $
++.\"
++.TH RMAIL 8 "$Date: 2004/12/28 05:34:15 $"
++.SH NAME
++.B rmail
++\- handle remote mail received via uucp
++.SH SYNOPSIS
++.B rmail
++.I
++user ...
++.SH DESCRIPTION
++.B Rmail
++interprets incoming mail received via
++uucp(1),
++collapsing ``From'' lines in the form generated
++by
++mail.local(8)
++into a single line of the form ``return-path!sender'',
++and passing the processed mail on to
++sendmail(8).
++.PP
++.B Rmail
++is explicitly designed for use with
++uucp
++and
++sendmail.
++.SH SEE ALSO
++uucp(1),
++mail.local(8),
++sendmail(8)
++.SH HISTORY
++The
++.B rmail
++program appeared in
++4.2BSD.
++.SH BUGS
++.B Rmail
++should not reside in
++/bin.
+Index: postfix-dev/rmail/rmail.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ postfix-dev/rmail/rmail.c 2019-03-01 11:47:11.553748990 -0500
+@@ -0,0 +1,475 @@
++/*
++ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
++ * All rights reserved.
++ * Copyright (c) 1988, 1993
++ * The Regents of the University of California. All rights reserved.
++ *
++ * By using this file, you agree to the terms and conditions set
++ * forth in the LICENSE file which can be found at the top level of
++ * the sendmail distribution.
++ *
++ */
++
++#ifndef lint
++static char copyright[] =
++"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\
++ All rights reserved.\n\
++ Copyright (c) 1988, 1993\n\
++ The Regents of the University of California. All rights reserved.\n";
++#endif /* ! lint */
++
++#ifndef lint
++static char id[] = "@(#)$Id: 10rmail.dpatch,v 1.1.2.1 2004/12/28 05:34:15 lamont Exp $";
++#endif /* ! lint */
++
++/*
++ * RMAIL -- UUCP mail server.
++ *
++ * This program reads the >From ... remote from ... lines that UUCP is so
++ * fond of and turns them into something reasonable. It then execs sendmail
++ * with various options built from these lines.
++ *
++ * The expected syntax is:
++ *
++ * <user> := [-a-z0-9]+
++ * <date> := ctime format
++ * <site> := [-a-z0-9!]+
++ * <blank line> := "^\n$"
++ * <from> := "From" <space> <user> <space> <date>
++ * [<space> "remote from" <space> <site>]
++ * <forward> := ">" <from>
++ * msg := <from> <forward>* <blank-line> <body>
++ *
++ * The output of rmail(8) compresses the <forward> lines into a single
++ * from path.
++ *
++ * The err(3) routine is included here deliberately to make this code
++ * a bit more portable.
++ */
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/stat.h>
++#include <sys/wait.h>
++
++#include <ctype.h>
++#include <fcntl.h>
++#ifdef BSD4_4
++# define FORK vfork
++# include <paths.h>
++#else /* BSD4_4 */
++# define FORK fork
++# ifndef _PATH_SENDMAIL
++# define _PATH_SENDMAIL "/usr/lib/sendmail"
++# endif /* ! _PATH_SENDMAIL */
++#endif /* BSD4_4 */
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#ifdef EX_OK
++# undef EX_OK /* unistd.h may have another use for this */
++#endif /* EX_OK */
++#include <sysexits.h>
++
++#ifndef MAX
++# define MAX(a, b) ((a) < (b) ? (b) : (a))
++#endif /* ! MAX */
++
++#ifndef __P
++# ifdef __STDC__
++# define __P(protos) protos
++# else /* __STDC__ */
++# define __P(protos) ()
++# define const
++# endif /* __STDC__ */
++#endif /* ! __P */
++
++#ifndef STDIN_FILENO
++# define STDIN_FILENO 0
++#endif /* ! STDIN_FILENO */
++
++#if defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11)
++# define HASSNPRINTF 1
++#endif /* defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11) */
++
++#if defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4)
++# define memmove(d, s, l) (bcopy((s), (d), (l)))
++#endif /* defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) */
++
++#if !HASSNPRINTF
++extern int snprintf __P((char *, size_t, const char *, ...));
++#endif /* !HASSNPRINTF */
++
++#if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6)
++# ifndef HASSTRERROR
++# define HASSTRERROR 1
++# endif /* ! HASSTRERROR */
++#endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) ||
++ defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */
++
++#if defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__)
++# undef WIFEXITED
++# undef WEXITSTATUS
++# define WIFEXITED(st) (((st) & 0377) == 0)
++# define WEXITSTATUS(st) (((st) >> 8) & 0377)
++#endif /* defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) */
++
++#include <errno.h>
++
++static void err __P((int, const char *, ...));
++static void usage __P((void));
++static char *xalloc __P((int));
++
++#define newstr(s) strcpy(xalloc(strlen(s) + 1), s)
++
++static char *
++xalloc(sz)
++ register int sz;
++{
++ register char *p;
++
++ /* some systems can't handle size zero mallocs */
++ if (sz <= 0)
++ sz = 1;
++
++ p = malloc((unsigned) sz);
++ if (p == NULL)
++ err(EX_TEMPFAIL, "out of memory");
++ return (p);
++}
++
++int
++main(argc, argv)
++ int argc;
++ char *argv[];
++{
++ int ch, debug, i, pdes[2], pid, status;
++ size_t fplen = 0, fptlen = 0, len;
++ off_t offset;
++ FILE *fp;
++ char *addrp = NULL, *domain, *p, *t;
++ char *from_path, *from_sys, *from_user;
++ char **args, buf[2048], lbuf[2048];
++ struct stat sb;
++ extern char *optarg;
++ extern int optind;
++
++ debug = 0;
++ domain = "UUCP"; /* Default "domain". */
++ while ((ch = getopt(argc, argv, "D:T")) != -1)
++ {
++ switch (ch)
++ {
++ case 'T':
++ debug = 1;
++ break;
++
++ case 'D':
++ domain = optarg;
++ break;
++
++ case '?':
++ default:
++ usage();
++ }
++ }
++
++ argc -= optind;
++ argv += optind;
++
++ if (argc < 1)
++ usage();
++
++ from_path = from_sys = from_user = NULL;
++ for (offset = 0; ; )
++ {
++ /* Get and nul-terminate the line. */
++ if (fgets(lbuf, sizeof(lbuf), stdin) == NULL)
++ exit(EX_DATAERR);
++ if ((p = strchr(lbuf, '\n')) == NULL)
++ err(EX_DATAERR, "line too long");
++ *p = '\0';
++
++ /* Parse lines until reach a non-"From" line. */
++ if (!strncmp(lbuf, "From ", 5))
++ addrp = lbuf + 5;
++ else if (!strncmp(lbuf, ">From ", 6))
++ addrp = lbuf + 6;
++ else if (offset == 0)
++ err(EX_DATAERR,
++ "missing or empty From line: %s", lbuf);
++ else
++ {
++ *p = '\n';
++ break;
++ }
++
++ if (addrp == NULL || *addrp == '\0')
++ err(EX_DATAERR, "corrupted From line: %s", lbuf);
++
++ /* Use the "remote from" if it exists. */
++ for (p = addrp; (p = strchr(p + 1, 'r')) != NULL; )
++ {
++ if (!strncmp(p, "remote from ", 12))
++ {
++ for (t = p += 12; *t != '\0'; ++t)
++ {
++ if (isascii(*t) && isspace(*t))
++ break;
++ }
++ *t = '\0';
++ if (debug)
++ fprintf(stderr, "remote from: %s\n", p);
++ break;
++ }
++ }
++
++ /* Else use the string up to the last bang. */
++ if (p == NULL)
++ {
++ if (*addrp == '!')
++ err(EX_DATAERR, "bang starts address: %s",
++ addrp);
++ else if ((t = strrchr(addrp, '!')) != NULL)
++ {
++ *t = '\0';
++ p = addrp;
++ addrp = t + 1;
++ if (*addrp == '\0')
++ err(EX_DATAERR,
++ "corrupted From line: %s", lbuf);
++ if (debug)
++ fprintf(stderr, "bang: %s\n", p);
++ }
++ }
++
++ /* 'p' now points to any system string from this line. */
++ if (p != NULL)
++ {
++ /* Nul terminate it as necessary. */
++ for (t = p; *t != '\0'; ++t)
++ {
++ if (isascii(*t) && isspace(*t))
++ break;
++ }
++ *t = '\0';
++
++ /* If the first system, copy to the from_sys string. */
++ if (from_sys == NULL)
++ {
++ from_sys = newstr(p);
++ if (debug)
++ fprintf(stderr, "from_sys: %s\n",
++ from_sys);
++ }
++
++ /* Concatenate to the path string. */
++ len = t - p;
++ if (from_path == NULL)
++ {
++ fplen = 0;
++ if ((from_path = malloc(fptlen = 256)) == NULL)
++ err(EX_TEMPFAIL, NULL);
++ }
++ if (fplen + len + 2 > fptlen)
++ {
++ fptlen += MAX(fplen + len + 2, 256);
++ if ((from_path = realloc(from_path,
++ fptlen)) == NULL)
++ err(EX_TEMPFAIL, NULL);
++ }
++ memmove(from_path + fplen, p, len);
++ fplen += len;
++ from_path[fplen++] = '!';
++ from_path[fplen] = '\0';
++ }
++
++ /* Save off from user's address; the last one wins. */
++ for (p = addrp; *p != '\0'; ++p)
++ {
++ if (isascii(*p) && isspace(*p))
++ break;
++ }
++ *p = '\0';
++ if (*addrp == '\0')
++ addrp = "<>";
++ if (from_user != NULL)
++ free(from_user);
++ from_user = newstr(addrp);
++
++ if (debug)
++ {
++ if (from_path != NULL)
++ fprintf(stderr, "from_path: %s\n", from_path);
++ fprintf(stderr, "from_user: %s\n", from_user);
++ }
++
++ if (offset != -1)
++ offset = (off_t)ftell(stdin);
++ }
++
++
++ /* Allocate args (with room for sendmail args as well as recipients */
++ args = (char **)xalloc(sizeof(*args) * (10 + argc));
++
++ i = 0;
++ args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */
++ args[i++] = "-G"; /* relay submission */
++ args[i++] = "-oee"; /* No errors, just status. */
++ args[i++] = "-odq"; /* Queue it, don't try to deliver. */
++ args[i++] = "-oi"; /* Ignore '.' on a line by itself. */
++
++ /* set from system and protocol used */
++ if (from_sys == NULL)
++ snprintf(buf, sizeof(buf), "-p%s", domain);
++ else if (strchr(from_sys, '.') == NULL)
++ snprintf(buf, sizeof(buf), "-p%s:%s.%s",
++ domain, from_sys, domain);
++ else
++ snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys);
++ args[i++] = newstr(buf);
++
++ /* Set name of ``from'' person. */
++ snprintf(buf, sizeof(buf), "-f%s%s",
++ from_path ? from_path : "", from_user);
++ args[i++] = newstr(buf);
++
++ /*
++ ** Don't copy arguments beginning with - as they will be
++ ** passed to sendmail and could be interpreted as flags.
++ ** To prevent confusion of sendmail wrap < and > around
++ ** the address (helps to pass addrs like @gw1,@gw2:aa@bb)
++ */
++
++ while (*argv != NULL)
++ {
++ if (**argv == '-')
++ err(EX_USAGE, "dash precedes argument: %s", *argv);
++
++ if (strchr(*argv, ',') == NULL || strchr(*argv, '<') != NULL)
++ args[i++] = *argv;
++ else
++ {
++ len = strlen(*argv) + 3;
++ if ((args[i] = malloc(len)) == NULL)
++ err(EX_TEMPFAIL, "Cannot malloc");
++ snprintf(args[i++], len, "<%s>", *argv);
++ }
++ argv++;
++ argc--;
++
++ /* Paranoia check, argc used for args[] bound */
++ if (argc < 0)
++ err(EX_SOFTWARE, "Argument count mismatch");
++ }
++ args[i] = NULL;
++
++ if (debug)
++ {
++ fprintf(stderr, "Sendmail arguments:\n");
++ for (i = 0; args[i] != NULL; i++)
++ fprintf(stderr, "\t%s\n", args[i]);
++ }
++
++ /*
++ ** If called with a regular file as standard input, seek to the right
++ ** position in the file and just exec sendmail. Could probably skip
++ ** skip the stat, but it's not unreasonable to believe that a failed
++ ** seek will cause future reads to fail.
++ */
++
++ if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode))
++ {
++ if (lseek(STDIN_FILENO, offset, SEEK_SET) != offset)
++ err(EX_TEMPFAIL, "stdin seek");
++ (void) execv(_PATH_SENDMAIL, args);
++ err(EX_OSERR, "%s", _PATH_SENDMAIL);
++ }
++
++ if (pipe(pdes) < 0)
++ err(EX_OSERR, NULL);
++
++ switch (pid = FORK())
++ {
++ case -1: /* Err. */
++ err(EX_OSERR, NULL);
++ /* NOTREACHED */
++
++ case 0: /* Child. */
++ if (pdes[0] != STDIN_FILENO)
++ {
++ (void) dup2(pdes[0], STDIN_FILENO);
++ (void) close(pdes[0]);
++ }
++ (void) close(pdes[1]);
++ (void) execv(_PATH_SENDMAIL, args);
++ _exit(127);
++ /* NOTREACHED */
++ }
++
++ if ((fp = fdopen(pdes[1], "w")) == NULL)
++ err(EX_OSERR, NULL);
++ (void) close(pdes[0]);
++
++ /* Copy the file down the pipe. */
++ do
++ {
++ (void) fprintf(fp, "%s", lbuf);
++ } while (fgets(lbuf, sizeof(lbuf), stdin) != NULL);
++
++ if (ferror(stdin))
++ err(EX_TEMPFAIL, "stdin: %s", strerror(errno));
++
++ if (fclose(fp))
++ err(EX_OSERR, NULL);
++
++ if ((waitpid(pid, &status, 0)) == -1)
++ err(EX_OSERR, "%s", _PATH_SENDMAIL);
++
++ if (!WIFEXITED(status))
++ err(EX_OSERR, "%s: did not terminate normally", _PATH_SENDMAIL);
++
++ if (WEXITSTATUS(status))
++ err(status, "%s: terminated with %d (non-zero) status",
++ _PATH_SENDMAIL, WEXITSTATUS(status));
++ exit(EX_OK);
++ /* NOTREACHED */
++ return EX_OK;
++}
++
++static void
++usage()
++{
++ (void) fprintf(stderr, "usage: rmail [-T] [-D domain] user ...\n");
++ exit(EX_USAGE);
++}
++
++#ifdef __STDC__
++# include <stdarg.h>
++#else /* __STDC__ */
++# include <varargs.h>
++#endif /* __STDC__ */
++
++static void
++#ifdef __STDC__
++err(int eval, const char *fmt, ...)
++#else /* __STDC__ */
++err(eval, fmt, va_alist)
++ int eval;
++ const char *fmt;
++ va_dcl
++#endif /* __STDC__ */
++{
++ va_list ap;
++#ifdef __STDC__
++ va_start(ap, fmt);
++#else /* __STDC__ */
++ va_start(ap);
++#endif /* __STDC__ */
++ (void) fprintf(stderr, "rmail: ");
++ (void) vfprintf(stderr, fmt, ap);
++ va_end(ap);
++ (void) fprintf(stderr, "\n");
++ exit(eval);
++}
diff --git a/debian/patches/50_LANG.diff b/debian/patches/50_LANG.diff
new file mode 100644
index 0000000..647601b
--- /dev/null
+++ b/debian/patches/50_LANG.diff
@@ -0,0 +1,13 @@
+Index: postfix/html/Makefile.in
+===================================================================
+--- postfix.orig/html/Makefile.in 2016-02-16 13:57:02.847893144 -0700
++++ postfix/html/Makefile.in 2016-02-16 17:51:31.873418586 -0700
+@@ -25,7 +25,7 @@
+ postfix-wrapper.5.html sqlite_table.5.html socketmap_table.5.html
+ OTHER = postfix-manuals.html
+ AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }'
+-MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
++MAN2HTML = LANG=C man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
+ NROFF = LANG=C GROFF_NO_SGR=1 nroff
+
+ update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER)
diff --git a/debian/patches/70_postfix-check.diff b/debian/patches/70_postfix-check.diff
new file mode 100644
index 0000000..6d1951c
--- /dev/null
+++ b/debian/patches/70_postfix-check.diff
@@ -0,0 +1,23 @@
+Index: postfix/conf/postfix-script
+===================================================================
+--- postfix.orig/conf/postfix-script
++++ postfix/conf/postfix-script
+@@ -341,9 +341,17 @@ check-warn)
+ find $todo ! -user root \
+ -exec $WARN not owned by root: {} \;
+
+- find $todo \( -perm -020 -o -perm -002 \) \
++ # Handle symlinks separately
++ find -L $todo \( -perm -020 -o -perm -002 \) \
+ -exec $WARN group or other writable: {} \;
+
++ find $todo -type l | while read f; do \
++ # makedefs out known to be a symlink and OK
++ if [ "$f" != "/etc/postfix/./makedefs.out" ]; then \
++ readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
++ fi \
++ done; \
++
+ # Check Postfix mail_owner-owned directory tree owner/permissions.
+
+ find $data_directory/. ! -user $mail_owner \
diff --git a/debian/patches/debian-man-name.diff b/debian/patches/debian-man-name.diff
new file mode 100644
index 0000000..c3153b0
--- /dev/null
+++ b/debian/patches/debian-man-name.diff
@@ -0,0 +1,9 @@
+In Debian, Postfix's smtp(8) uses a different name to avoid naming conflicts.
+Need to point lmtp(8) to the right file. See #920356.
+Index: postfix-dev/man/man8/lmtp.8
+===================================================================
+--- postfix-dev.orig/man/man8/lmtp.8 2015-01-29 17:21:00.000000000 -0500
++++ postfix-dev/man/man8/lmtp.8 2019-02-16 02:46:57.254292885 -0500
+@@ -1 +1 @@
+-.so man8/smtp.8
++.so man8/smtp.8postfix
diff --git a/debian/patches/postfix-dup-postconf.patch b/debian/patches/postfix-dup-postconf.patch
new file mode 100644
index 0000000..2531bb1
--- /dev/null
+++ b/debian/patches/postfix-dup-postconf.patch
@@ -0,0 +1,20 @@
+Description: Fix duplicate bounce_notice_recipient entries in postconf output.
+ Bug introduced on 2021-07-08. Reported by Vincent Lefevre.
+ https://marc.info/?l=postfix-users&m=163698504624352&w=2
+Bug-Debian: https://bugs.debian.org/999694
+Author: Wietse Venema <wietse@porcupine.org>
+Last-Update: 2021-11-15
+
+Index: postfix/src/smtpd/smtpd.c
+===================================================================
+--- postfix.orig/src/smtpd/smtpd.c
++++ postfix/src/smtpd/smtpd.c
+@@ -6391,7 +6391,7 @@ int main(int argc, char **argv)
+ VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0,
+ VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
+ VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0,
+- VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, &var_bounce_rcpt, 1, 0,
++ VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0,
+ VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
+ VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
+ VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..bb1d7f4
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,19 @@
+postfix-dup-postconf.patch
+02_kfreebsd_support.diff
+03_ldap3_by_default.diff
+04_remove_gdbm_support.diff
+05_debian_defaults.diff
+05_debian_manpage_differences.diff
+05_debian_readme_differences.diff
+06_debian_paths.diff
+07_sasl_config.diff
+09_quiet_startup.diff
+10_openssl_version_check.diff
+12_add_bind_now_and_relro_to_pie.diff
+30_shared_libs.diff
+40_chroot_by_default.diff
+41_rmail.diff
+50_LANG.diff
+70_postfix-check.diff
+tls_version.diff
+debian-man-name.diff
diff --git a/debian/patches/tls_version.diff b/debian/patches/tls_version.diff
new file mode 100644
index 0000000..f028d24
--- /dev/null
+++ b/debian/patches/tls_version.diff
@@ -0,0 +1,28 @@
+Index: postfix/src/tls/tls_client.c
+===================================================================
+--- postfix.orig/src/tls/tls_client.c
++++ postfix/src/tls/tls_client.c
+@@ -414,6 +414,9 @@ TLS_APPL_STATE *tls_client_init(const TL
+ SSL_CTX_set_min_proto_version(client_ctx, 0);
+ #endif
+
++ /* Enable all supported protocols */
++ SSL_CTX_set_min_proto_version(client_ctx, 0);
++
+ /*
+ * Set the call-back routine for verbose logging.
+ */
+Index: postfix/src/tls/tls_server.c
+===================================================================
+--- postfix.orig/src/tls/tls_server.c
++++ postfix/src/tls/tls_server.c
+@@ -539,6 +539,9 @@ TLS_APPL_STATE *tls_server_init(const TL
+ if (protomask != 0)
+ SSL_CTX_set_options(server_ctx, TLS_SSL_OP_PROTOMASK(protomask));
+
++ /* Enable all supported protocols */
++ SSL_CTX_set_min_proto_version(server_ctx, 0);
++
+ /*
+ * Some sites may want to give the client less rope. On the other hand,
+ * this could trigger inter-operability issues, the client should not