diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:59:04 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:59:04 +0000 |
| commit | cc0cf222a55b518d86e9179ba08c61c298144c61 (patch) | |
| tree | 98ad9d9c8459e9f7347678bbbaed28fa30739f6e /debian/patches/40_chroot_by_default.diff | |
| parent | Adding upstream version 3.8.5. (diff) | |
| download | postfix-cc0cf222a55b518d86e9179ba08c61c298144c61.tar.xz postfix-cc0cf222a55b518d86e9179ba08c61c298144c61.zip | |
Adding debian version 3.8.5-1.debian/3.8.5-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/40_chroot_by_default.diff')
| -rw-r--r-- | debian/patches/40_chroot_by_default.diff | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/debian/patches/40_chroot_by_default.diff b/debian/patches/40_chroot_by_default.diff new file mode 100644 index 0000000..a648e4b --- /dev/null +++ b/debian/patches/40_chroot_by_default.diff @@ -0,0 +1,129 @@ +From: LaMont Jones <lamont@debian.org> +Subject: Set chroot to default enabled +Forwarded: not-needed +Index: postfix/conf/master.cf +=================================================================== +--- postfix.orig/conf/master.cf ++++ postfix/conf/master.cf +@@ -9,14 +9,14 @@ + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (no) (never) (100) + # ========================================================================== +-smtp inet n - n - - smtpd +-#smtp inet n - n - 1 postscreen +-#smtpd pass - - n - - smtpd +-#dnsblog unix - - n - 0 dnsblog +-#tlsproxy unix - - n - 0 tlsproxy ++smtp inet n - y - - smtpd ++#smtp inet n - y - 1 postscreen ++#smtpd pass - - y - - smtpd ++#dnsblog unix - - y - 0 dnsblog ++#tlsproxy unix - - y - 0 tlsproxy + # Choose one: enable submission for loopback clients only, or for any client. +-#127.0.0.1:submission inet n - n - - smtpd +-#submission inet n - n - - smtpd ++#127.0.0.1:submission inet n - y - - smtpd ++#submission inet n - y - - smtpd + # -o syslog_name=postfix/submission + # -o smtpd_tls_security_level=encrypt + # -o smtpd_sasl_auth_enable=yes +@@ -34,8 +34,8 @@ smtp inet n - n + # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING + # Choose one: enable submissions for loopback clients only, or for any client. +-#127.0.0.1:submissions inet n - n - - smtpd +-#submissions inet n - n - - smtpd ++#127.0.0.1:submissions inet n - y - - smtpd ++#submissions inet n - y - - smtpd + # -o syslog_name=postfix/submissions + # -o smtpd_tls_wrappermode=yes + # -o smtpd_sasl_auth_enable=yes +@@ -51,33 +51,33 @@ smtp inet n - n + # -o smtpd_relay_restrictions= + # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING +-#628 inet n - n - - qmqpd +-pickup unix n - n 60 1 pickup +-cleanup unix n - n - 0 cleanup ++#628 inet n - y - - qmqpd ++pickup unix n - y 60 1 pickup ++cleanup unix n - y - 0 cleanup + qmgr unix n - n 300 1 qmgr + #qmgr unix n - n 300 1 oqmgr +-tlsmgr unix - - n 1000? 1 tlsmgr +-rewrite unix - - n - - trivial-rewrite +-bounce unix - - n - 0 bounce +-defer unix - - n - 0 bounce +-trace unix - - n - 0 bounce +-verify unix - - n - 1 verify +-flush unix n - n 1000? 0 flush ++tlsmgr unix - - y 1000? 1 tlsmgr ++rewrite unix - - y - - trivial-rewrite ++bounce unix - - y - 0 bounce ++defer unix - - y - 0 bounce ++trace unix - - y - 0 bounce ++verify unix - - y - 1 verify ++flush unix n - y 1000? 0 flush + proxymap unix - - n - - proxymap + proxywrite unix - - n - 1 proxymap +-smtp unix - - n - - smtp +-relay unix - - n - - smtp ++smtp unix - - y - - smtp ++relay unix - - y - - smtp + -o syslog_name=postfix/$service_name + # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +-showq unix n - n - - showq +-error unix - - n - - error +-retry unix - - n - - error +-discard unix - - n - - discard ++showq unix n - y - - showq ++error unix - - y - - error ++retry unix - - y - - error ++discard unix - - y - - discard + local unix - n n - - local + virtual unix - n n - - virtual +-lmtp unix - - n - - lmtp +-anvil unix - - n - 1 anvil +-scache unix - - n - 1 scache ++lmtp unix - - y - - lmtp ++anvil unix - - y - 1 anvil ++scache unix - - y - 1 scache + postlog unix-dgram n - n - 1 postlogd + # + # ==================================================================== +@@ -92,8 +92,8 @@ postlog unix-dgram n - n + # maildrop. See the Postfix MAILDROP_README file for details. + # Also specify in main.cf: maildrop_destination_recipient_limit=1 + # +-#maildrop unix - n n - - pipe +-# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} ++#maildrop unix - n n - - pipe ++# flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} + # + # ==================================================================== + # +@@ -132,16 +131,11 @@ postlog unix-dgram n - n + # + # Other external delivery methods. + # +-#ifmail unix - n n - - pipe +-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +-# +-#bsmtp unix - n n - - pipe +-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +-# +-#scalemail-backend unix - n n - 2 pipe +-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +-# ${nexthop} ${user} ${extension} +-# +-#mailman unix - n n - - pipe +-# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +-# ${nexthop} ${user} ++#ifmail unix - n n - - pipe ++# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) ++#bsmtp unix - n n - - pipe ++# flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient ++#scalemail-backend unix - n n - 2 pipe ++# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} ++#mailman unix - n n - - pipe ++# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} |