summaryrefslogtreecommitdiffstats
path: root/conf/post-install
blob: 975266b8b4a590066b14f15d393fdfd55f37b5c8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
#!/bin/sh

# To view the formatted manual page of this file, type:
#	POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man

#++
# NAME
#	post-install
# SUMMARY
#	Postfix post-installation script
# SYNOPSIS
#	postfix post-install [name=value] command ...
# DESCRIPTION
#	The post-install script performs the finishing touch of a Postfix
#	installation, after the executable programs and configuration
#	files are installed. Usage is one of the following:
# .IP o
#	While installing Postfix from source code on the local machine, the
#	script is run by the postfix-install script to update selected file
#	or directory permissions and to update Postfix configuration files.
# .IP o
#	While installing Postfix from a pre-built package, the script is run
#	by the package management procedure to set all file or directory
#	permissions and to update Postfix configuration files.
# .IP o
#	The script can be used to change installation parameter settings such
#	as mail_owner or setgid_group after Postfix is already installed.
# .IP o
#	The script can be used to upgrade configuration files and to upgrade
#	file/directory permissions of a secondary Postfix instance.
# .IP o
#	At Postfix start-up time, the script is run from "postfix check" to
#	create missing queue directories.
# .PP
#	The post-install script is controlled by installation parameters.
#	Specific parameters are described at the end of this document.
#	All installation parameters must be specified ahead of time via
#	one of the methods described below.
#
#	Arguments
# .IP create-missing
#	Create missing queue directories with ownerships and permissions
#	according to the contents of $meta_directory/postfix-files
#	and optionally in $meta_directory/postfix-files.d/*, using
#	the mail_owner and setgid_group parameter settings from the
#	command line, process environment or from the installed
#	main.cf file.
#
#	This is required at Postfix start-up time.
# .IP set-permissions
#	Set all file/directory ownerships and permissions according to the
#	contents of $meta_directory/postfix-files and optionally
#	in $meta_directory/postfix-files.d/*, using the mail_owner
#	and setgid_group parameter settings from the command line,
#	process environment or from the installed main.cf file.
#	Implies create-missing.
#
#	This is required when installing Postfix from a pre-built package,
#	or when changing the mail_owner or setgid_group installation parameter
#	settings after Postfix is already installed.
# .IP upgrade-permissions
#	Update ownership and permission of existing files/directories as
#	specified in $meta_directory/postfix-files and optionally
#	in $meta_directory/postfix-files.d/*, using the mail_owner
#	and setgid_group parameter settings from the command line,
#	process environment or from the installed main.cf file.
#	Implies create-missing.
#
#	This is required when upgrading an existing Postfix instance.
# .IP upgrade-configuration
#	Edit the installed main.cf and master.cf files, in order to account
#	for missing services and to fix deprecated parameter settings.
#
#	This is required when upgrading an existing Postfix instance.
# .IP upgrade-source
#	Short-hand for: upgrade-permissions upgrade-configuration.
#
#	This is recommended when upgrading Postfix from source code.
# .IP upgrade-package
#	Short-hand for: set-permissions upgrade-configuration.
#
#	This is recommended when upgrading Postfix from a pre-built package.
# .IP first-install-reminder
#	Remind the user that they still need to configure main.cf and the
#	aliases file, and that newaliases still needs to be run.
#
#	This is recommended when Postfix is installed for the first time.
# MULTIPLE POSTFIX INSTANCES
# .ad
# .fi
#	Multiple Postfix instances on the same machine can share command and
#	daemon program files but must have separate configuration and queue
#	directories.
#
#	To create a secondary Postfix installation on the same machine,
#	copy the configuration files from the primary Postfix instance to
#	a secondary configuration directory and execute:
#
#	postfix post-install config_directory=secondary-config-directory \e
# .in +4
#		queue_directory=secondary-queue-directory \e
# .br
#		create-missing
# .PP
#	This creates secondary Postfix queue directories, sets their access
#	permissions, and saves the specified installation parameters to the
#	secondary main.cf file.
#
#	Be sure to list the secondary configuration directory in the
#	alternate_config_directories parameter in the primary main.cf file.
#
#	To upgrade a secondary Postfix installation on the same machine,
#	execute:
#
#	postfix post-install config_directory=secondary-config-directory \e
# .in +4
#		upgrade-permissions upgrade-configuration
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
#	Parameter settings can be specified through a variety of
#	mechanisms.  In order of decreasing precedence these are:
# .IP "command line"
#	Parameter settings can be given as name=value arguments on
#	the post-install command line. These have the highest precedence.
#	Settings that override the installed main.cf file are saved.
# .IP "process environment"
#	Parameter settings can be given as name=value environment
#	variables.
#	Settings that override the installed main.cf file are saved.
# .IP "installed configuration files"
#	If a parameter is not specified via the command line or via the
#	process environment, post-install will attempt to extract its
#	value from the already installed Postfix main.cf configuration file.
#	These settings have the lowest precedence.
# INSTALLATION PARAMETER DESCRIPTION
# .ad
# .fi
#	The description of installation parameters is as follows:
# .IP config_directory
#	The directory for Postfix configuration files.
# .IP daemon_directory
#	The directory for Postfix daemon programs. This directory
#	should not be in the command search path of any users.
# .IP command_directory
#	The directory for Postfix administrative commands. This
#	directory should be in the command search path of adminstrative users.
# .IP queue_directory
#	The directory for Postfix queues.
# .IP data_directory
#	The directory for Postfix writable data files (caches, etc.).
# .IP sendmail_path
#	The full pathname for the Postfix sendmail command.
#	This is the Sendmail-compatible mail posting interface.
# .IP newaliases_path
#	The full pathname for the Postfix newaliases command.
#	This is the Sendmail-compatible command to build alias databases
#	for the Postfix local delivery agent.
# .IP mailq_path
#	The full pathname for the Postfix mailq command.
#	This is the Sendmail-compatible command to list the mail queue.
# .IP mail_owner
#	The owner of the Postfix queue. Its numerical user ID and group ID
#	must not be used by any other accounts on the system.
# .IP setgid_group
#	The group for mail submission and for queue management commands.
#	Its numerical group ID must not be used by any other accounts on the
#	system, not even by the mail_owner account.
# .IP html_directory
#	The directory for the Postfix HTML files.
# .IP manpage_directory
#	The directory for the Postfix on-line manual pages.
# .IP sample_directory
#	The directory for the Postfix sample configuration files.
#	This feature is obsolete as of Postfix 2.1.
# .IP readme_directory
#	The directory for the Postfix README files.
# .IP shlib_directory
#	The directory for the Postfix shared-library files, and for
#	the Postfix dabatase plugin files with a relative pathname
#	in the file dynamicmaps.cf.
# .IP meta_directory
#	The directory for non-executable files that are shared
#	among multiple Postfix instances, such as postfix-files,
#	dynamicmaps.cf, as well as the multi-instance template files
#	main.cf.proto and master.cf.proto.
# SEE ALSO
#	postfix-install(1) Postfix primary installation script.
# FILES
#	$config_directory/main.cf, Postfix installation parameters.
#	$meta_directory/postfix-files, installation control file.
#	$meta_directory/postfix-files.d/*, optional control files.
#	$config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
# .fi
#	The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
#	Wietse Venema
#	IBM T.J. Watson Research
#	P.O. Box 704
#	Yorktown Heights, NY 10598, USA
#
#	Wietse Venema
#	Google, Inc.
#	111 8th Avenue
#	New York, NY 10011, USA
#--

umask 022

PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
SHELL=/bin/sh
IFS=" 	
"
BACKUP_IFS="$IFS"
debug=:
#debug=echo
MOST_PARAMETERS="command_directory daemon_directory data_directory
    html_directory mail_owner mailq_path manpage_directory
    newaliases_path queue_directory readme_directory sample_directory
    sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"

USAGE="Usage: $0 [name=value] command
    create-missing          Create missing queue directories.
    upgrade-source          When installing or upgrading from source code.
    upgrade-package         When installing or upgrading from pre-built package.
    first-install-reminder  Remind of mandatory first-time configuration steps.
    name=value              Specify an installation parameter".

# Process command-line options and parameter settings. Work around
# brain damaged shells. "IFS=value command" should not make the
# IFS=value setting permanent. But some broken standard allows it.

create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
obsolete=; keep_list=;

for arg
do
    case $arg in
	*[" 	"]*) echo $0: "Error: argument contains whitespace: '$arg'"
		     exit 1;;
                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
     create-missing) create=1;;
	  set-perm*) create=1; set_perms=1;;
      upgrade-perm*) create=1; upgrade_perms=1;;
      upgrade-conf*) upgrade_conf=1;;
     upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
    upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
     first-install*) first_install_reminder=1;;
		  *) echo "$0: Error: $USAGE" 1>&2; exit 1;;
    esac
    shift
done

# Sanity checks.

test -n "$create$upgrade_conf$first_install_reminder" || {
    echo "$0: Error: $USAGE" 1>&2
    exit 1
}

# Bootstrapping problem.

if [ -n "$command_directory" ]
then
    POSTCONF="$command_directory/postconf"
else
    POSTCONF="postconf"
fi

$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
    echo $0: Error: no $POSTCONF command found. 1>&2
    echo Re-run this command as $0 command_directory=/some/where. 1>&2
    exit 1
}

# Also used to require license etc. files only in the default instance.

def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
test -n "$config_directory" ||
    config_directory="$def_config_directory"

test -d "$config_directory" || {
    echo $0: Error: $config_directory is not a directory. 1>&2
    exit 1
}

# If this is a secondary instance, don't touch shared files.
# XXX Solaris does not have "test -e".

instances=`test ! -f $def_config_directory/main.cf || 
    $POSTCONF -c $def_config_directory -h multi_instance_directories | 
	sed 's/,/ /'` || exit 1

update_shared_files=1
for name in $instances
do
    case "$name" in
    "$def_config_directory") ;;
    "$config_directory") update_shared_files=; break;;
    esac
done

test -f $meta_directory/postfix-files || {
    echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
    exit 1
}

# SunOS5 fmt(1) truncates lines > 1000 characters.

fake_fmt() {
    sed '
    :top
	/^\(  *\)\([^ ][^ ]*\)  */{
	    s//\1\2\
\1/
	    P
	    D
	    b top
	}
    ' | fmt
}

case `uname -s` in
HP-UX*) FMT=cat;;
SunOS*) FMT=fake_fmt;;
     *) FMT=fmt;;
esac

# If a parameter is not set via the command line or environment,
# try to use settings from installed configuration files.

# Extract parameter settings from the obsolete install.cf file, as
# a transitional aid.

grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
    test -f $config_directory/install.cf  && {
        for name in sendmail_path newaliases_path mailq_path setgid manpages
        do
	eval junk=\$$name
        case "$junk" in
        "") eval unset $name;;
        esac
	   eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
		|| exit 1
        done
        : ${setgid_group=$setgid}
        : ${manpage_directory=$manpages}
    }
}

# Extract parameter settings from the installed main.cf file.

test -f $config_directory/main.cf && {
    for name in $MOST_PARAMETERS
    do
	eval junk=\$$name
        case "$junk" in
        "") eval unset $name;;
        esac
        eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
    done
}

# Sanity checks

case $manpage_directory in
 no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
     echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac

case $setgid_group in
 no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
     echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac

for path in "$daemon_directory" "$command_directory" "$queue_directory" \
    "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
    "$meta_directory"
do
   case "$path" in
   /*) ;;
    *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
   esac
done

for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
   case "$path" in
   /*) ;;
   no) ;;
    *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
   esac
done

# Find out what parameters were not specified via command line,
# via environment, or via installed configuration files.

missing=
for name in $MOST_PARAMETERS
do
    eval test -n \"\$$name\" || missing="$missing $name"
done

# All parameters must be specified at this point.

test -n "$non_interactive" -a -n "$missing" && {
    cat <<EOF | ${FMT} 1>&2
$0: Error: some required installation parameters are not defined.

- Either the parameters need to be given in the $config_directory/main.cf
file from a recent Postfix installation,

- Or the parameters need to be specified through the process
environment.

- Or the parameters need to be specified as name=value arguments
on the $0 command line,

The following parameters were missing:

    $missing

EOF
    exit 1
}

POSTCONF="$command_directory/postconf"

# Save settings, allowing command line/environment override.

# Undo MAIL_VERSION expansion at the end of a parameter value. If
# someone really wants the expanded mail version in main.cf, then
# we're sorry.

# Confine side effects from mail_version unexpansion within a subshell.

(case "$mail_version" in
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
esac

for name in $MOST_PARAMETERS
do
    eval junk=\$$name
    case "$junk" in
    *"$mail_version"*) 
	case "$pattern" in
	"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
	esac
	val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
	eval ${name}='"$val"'
    esac
done

# XXX Maybe update main.cf only with first install, upgrade, set
# permissions, and what else? Should there be a warning otherwise?

override=
for name in $MOST_PARAMETERS
do
    eval junk=\"\$$name\"
    test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
	override=1
	break
    }
done

test -n "$override" && {
    $POSTCONF -c $config_directory -e \
	"daemon_directory = $daemon_directory" \
	"command_directory = $command_directory" \
	"queue_directory = $queue_directory" \
	"data_directory = $data_directory" \
	"mail_owner = $mail_owner" \
	"setgid_group = $setgid_group" \
	"sendmail_path = $sendmail_path" \
	"mailq_path = $mailq_path" \
	"newaliases_path = $newaliases_path" \
	"html_directory = $html_directory" \
	"manpage_directory = $manpage_directory" \
	"sample_directory = $sample_directory" \
	"readme_directory = $readme_directory" \
	"shlib_directory = $shlib_directory" \
	"meta_directory = $meta_directory" \
    || exit 1
} || exit 0) || exit 1

# Use file/directory status information in $meta_directory/postfix-files.

test -n "$create" && {
    postfix_files_d=$meta_directory/postfix-files.d
    for postfix_file in $meta_directory/postfix-files \
	`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
    do
	exec <$postfix_file || exit 1
	while IFS=: read path type owner group mode flags junk
	do
	    IFS="$BACKUP_IFS"
	    set_permission=
	    # Skip comments. Skip shared files, if updating a secondary instance.
	    case $path in
	    [$]*) case "$update_shared_files" in
		  1) $debug keep non-shared or shared $path;;
		  *) non_shared=
		     for name in $NON_SHARED
		     do
			 case $path in
			 "\$$name"*) non_shared=1; break;;
			 esac
		     done
		     case "$non_shared" in
		      1) $debug keep non-shared $path;;
		      *) $debug skip shared $path; continue;;
		     esac;;
		  esac;;
	       *) continue;;
	    esac
	    # Skip hard links and symbolic links.
	    case $type in
	    [hl]) continue;;
	    [df]) ;;
	       *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
	    esac
	    # Expand $name, and canonicalize null fields.
	    for name in path owner group flags
	    do
		eval junk=\${$name}
		case $junk in
		[$]*) eval $name=$junk;;
		   -) eval $name=;;
		   *) ;;
		esac
	    done
	    # Skip uninstalled files.
	    case $path in
	    no|no/*) continue;;
	    esac
	    # Pick up the flags.
	    case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
	    case $flags in *c*) create_flag=1;; *) create_flag=;; esac
	    case $flags in *r*) recursive="-R";; *) recursive=;; esac
	    case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
	    case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
				    "$def_config_directory" && continue;; esac
	    # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
	    if [ -n "$obsolete_flag" ]
	    then
		test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
		continue;
	    else
		keep_list="$keep_list $path"
	    fi
	    # Create missing directories with proper owner/group/mode settings.
	    if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
	    then
		mkdir $path || exit 1
		set_permission=1
	    # Update all owner/group/mode settings.
	    elif [ -n "$set_perms" ]
	    then
		set_permission=1
	    # Update obsolete owner/group/mode settings.
	    elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
	    then
		set_permission=1
	    fi
	    test -n "$set_permission" && {
		chown $recursive $owner $path || exit 1
		test -z "$group" || chgrp $recursive $group $path || exit 1
		# Don't "chmod -R"; queue file status is encoded in mode bits.
		if [ "$type" = "d" -a -n "$recursive" ]
		then
		    find $path -type d -exec chmod $mode "{}" ";"
		else
		    chmod $mode $path
		fi || exit 1
	    }
	done
	IFS="$BACKUP_IFS"
    done
}

# Upgrade existing Postfix configuration files if necessary.

test -n "$upgrade_conf" && {

    # Postfix 2.0.
    # Add missing relay service to master.cf.

    grep '^relay' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for relay service
	cat >>$config_directory/master.cf <<EOF || exit 1
relay	  unix	-	-	n	-	-	smtp
EOF
    }

    # Postfix 1.1.
    # Add missing flush service to master.cf.

    grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for flush service
	cat >>$config_directory/master.cf <<EOF || exit 1
flush     unix  -       -       n       1000?   0       flush
EOF
    }

    # Postfix 2.1.
    # Add missing trace service to master.cf.

    grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for trace service
	cat >>$config_directory/master.cf <<EOF || exit 1
trace	  unix	-	-	n	-	0	bounce
EOF
    }

    # Postfix 2.1.
    # Add missing verify service to master.cf.

    grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for verify service
	cat >>$config_directory/master.cf <<EOF || exit 1
verify	  unix	-	-	n	-	1	verify
EOF
    }

    # Postfix 2.1.
    # Fix verify service process limit.

    grep '^verify.*[ 	]0[ 	]*verify' \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, setting verify process limit to 1
	    ed $config_directory/master.cf <<EOF || exit 1
/^verify.*[ 	]0[ 	]*verify/
s/\([ 	]\)0\([ 	]\)/\11\2/
p
w
q
EOF
    }

    # Postfix 1.1.
    # Change privileged pickup service into unprivileged.

    grep "^pickup[ 	]*fifo[ 	]*n[ 	]*n" \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, making the pickup service unprivileged
	    ed $config_directory/master.cf <<EOF || exit 1
/^pickup[ 	]*fifo[ 	]*n[ 	]*n/
s/\(n[ 	]*\)n/\1-/
p
w
q
EOF
    }

    # Postfix 1.1.
    # Change private cleanup and flush services into public.

    for name in cleanup flush
    do
	grep "^$name[ 	]*unix[ 	]*[-y]" \
	    $config_directory/master.cf >/dev/null && {
		echo Editing $config_directory/master.cf, making the $name service public
	    ed $config_directory/master.cf <<EOF || exit 1
/^$name[ 	]*unix[ 	]*[-y]/
s/[-y]/n/
p
w
q
EOF
	}
    done

    # Postfix 2.2.
    # File systems have improved since Postfix came out, and all we
    # require now is that defer and deferred are hashed because those
    # can contain lots of files.

    found=`$POSTCONF -c $config_directory -h hash_queue_names`
    missing=
    (echo "$found" | grep defer >/dev/null)  || missing="$missing defer"
    (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
    test -n "$missing" && {
	echo fixing main.cf hash_queue_names for missing $missing
	$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
	    exit 1
    }

    # Turn on safety nets for new features that could bounce mail that
    # would be accepted by a previous Postfix version.

    # [The "unknown_local_recipient_reject_code = 450" safety net,
    # introduced with Postfix 2.0 and deleted after Postfix 2.3.]

    # Postfix 2.0.
    # Add missing proxymap service to master.cf.

    grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for proxymap service
	cat >>$config_directory/master.cf <<EOF || exit 1
proxymap  unix	-	-	n	-	-	proxymap
EOF
    }

    # Postfix 2.1.
    # Add missing anvil service to master.cf.

    grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for anvil service
	cat >>$config_directory/master.cf <<EOF || exit 1
anvil	  unix	-	-	n	-	1	anvil
EOF
    }

    # Postfix 2.2.
    # Add missing scache service to master.cf.

    grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for scache service
	cat >>$config_directory/master.cf <<EOF || exit 1
scache	  unix	-	-	n	-	1	scache
EOF
    }

    # Postfix 2.2.
    # Add missing discard service to master.cf.

    grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for discard service
	cat >>$config_directory/master.cf <<EOF || exit 1
discard	  unix	-	-	n	-	-	discard
EOF
    }

    # Postfix 2.2.
    # Update the tlsmgr fifo->unix service.

    grep "^tlsmgr[ 	]*fifo[ 	]" \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
	    ed $config_directory/master.cf <<EOF || exit 1
/^tlsmgr[ 	]*fifo[ 	]/
s/fifo/unix/
s/[0-9][0-9]*/&?/
p
w
q
EOF
    }

    # Postfix 2.2.
    # Add missing tlsmgr service to master.cf.

    grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
	cat >>$config_directory/master.cf <<EOF || exit 1
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
EOF
    }

    # Postfix 2.2.
    # Add missing retry service to master.cf.

    grep '^retry.*error' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for retry service
	cat >>$config_directory/master.cf <<EOF || exit 1
retry     unix  -       -       n       -       -       error
EOF
    }

    # Postfix 2.5.
    # Add missing proxywrite service to master.cf.

    grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
	cat >>$config_directory/master.cf <<EOF || exit 1
proxywrite unix -       -       n       -       1       proxymap
EOF
    }

    # Postfix 2.5.
    # Fix a typo in the default master.cf proxywrite entry.

    grep '^proxywrite.*-[ 	]*proxymap' $config_directory/master.cf >/dev/null && {
	echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
	    ed $config_directory/master.cf <<EOF || exit 1
/^proxywrite.*-[ 	]*proxymap/
s/-\([ 	]*proxymap\)/1\1/
p
w
q
EOF
    }

    # Postfix 2.8.
    # Add missing postscreen service to master.cf.

    grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
	cat >>$config_directory/master.cf <<EOF || exit 1
#smtp      inet  n       -       n       -       1       postscreen
EOF
    }

    # Postfix 2.8.
    # Add missing smtpd (unix-domain) service to master.cf.

    grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#smtpd     pass  -       -       n       -       -       smtpd
EOF
    }

    # Postfix 2.8.
    # Add temporary dnsblog (unix-domain) service to master.cf.

    grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#dnsblog   unix  -       -       n       -       0       dnsblog
EOF
    }

    # Postfix 2.8.
    # Add tlsproxy (unix-domain) service to master.cf.

    grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#tlsproxy  unix  -       -       n       -       0       tlsproxy
EOF
    }

    # Report (but do not remove) obsolete files.

    test -n "$obsolete" && {
	cat <<EOF | ${FMT}

    Note: the following files or directories still exist but are
    no longer part of Postfix:

    $obsolete

EOF
    }

    # Postfix 2.9.
    # Safety net for incompatible changes in IPv6 defaults.
    # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
    # UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
    # BEFORE 2.9.
    # This code assumes that the default is "inet_protocols = ipv4"
    # when IPv6 support is not compiled in. See util/sys_defs.h.

    test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
	test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
	cat <<EOF | ${FMT}
    COMPATIBILITY: editing $config_directory/main.cf, setting
    inet_protocols=ipv4.  Specify inet_protocols explicitly if you
    want to enable IPv6.
    In a future release IPv6 will be enabled by default.
EOF
	$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
    }

# Disabled because unhelpful down-stream maintainers disable the safety net.
#    # Postfix 2.10.
#    # Safety net for incompatible changes due to the introduction
#    # of the smtpd_relay_restrictions feature to separate the
#    # mail relay policy from the spam blocking policy.
#    # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
#    # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
#    # POSTFIX BEFORE 2.10.
#    test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
#	cat <<EOF | ${FMT}
#    COMPATIBILITY: editing $config_directory/main.cf, overriding
#    smtpd_relay_restrictions to prevent inbound mail from
#    unexpectedly bouncing.
#    Specify an empty smtpd_relay_restrictions value to keep using 
#    smtpd_recipient_restrictions as before.
#EOF
#	$POSTCONF -c $config_directory "smtpd_relay_restrictions = \
#	    permit_mynetworks permit_sasl_authenticated \
#	    defer_unauth_destination" || exit 1
#    }

    # Postfix 3.4
    # Add a postlog service entry.

    grep '^postlog' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
	cat >>$config_directory/master.cf <<EOF || exit 1
postlog   unix-dgram n  -       n       -       1       postlogd
EOF
    }
}

# A reminder if this is the first time Postfix is being installed.

test -n "$first_install_reminder" && {

    ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
    NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
    cat <<EOF | ${FMT}

    Warning: you still need to edit myorigin/mydestination/mynetworks
    parameter settings in $config_directory/main.cf.

    See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
    for information about dialup sites or about sites inside a
    firewalled network.

    BTW: Check your $ALIASES file and be sure to set up aliases
    that send mail for root and postmaster to a real person, then
    run $NEWALIASES_PATH.

EOF

}

exit 0