diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:57 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:57 +0000 |
commit | a9cdccbffffdd2e58b5cc69683682517e892ea40 (patch) | |
tree | 5890cdcebde1069c9b7419d92476e52cc5525d6f /debian/patches/40_chroot_by_default.diff | |
parent | Adding upstream version 3.7.10. (diff) | |
download | postfix-a9cdccbffffdd2e58b5cc69683682517e892ea40.tar.xz postfix-a9cdccbffffdd2e58b5cc69683682517e892ea40.zip |
Adding debian version 3.7.10-0+deb12u1.debian/3.7.10-0+deb12u1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/40_chroot_by_default.diff')
-rw-r--r-- | debian/patches/40_chroot_by_default.diff | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/debian/patches/40_chroot_by_default.diff b/debian/patches/40_chroot_by_default.diff new file mode 100644 index 0000000..eef9fec --- /dev/null +++ b/debian/patches/40_chroot_by_default.diff @@ -0,0 +1,134 @@ +Index: postfix/conf/master.cf +=================================================================== +--- postfix.orig/conf/master.cf ++++ postfix/conf/master.cf +@@ -9,14 +9,14 @@ + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (no) (never) (100) + # ========================================================================== +-smtp inet n - n - - smtpd +-#smtp inet n - n - 1 postscreen +-#smtpd pass - - n - - smtpd +-#dnsblog unix - - n - 0 dnsblog +-#tlsproxy unix - - n - 0 tlsproxy ++smtp inet n - y - - smtpd ++#smtp inet n - y - 1 postscreen ++#smtpd pass - - y - - smtpd ++#dnsblog unix - - y - 0 dnsblog ++#tlsproxy unix - - y - 0 tlsproxy + # Choose one: enable submission for loopback clients only, or for any client. +-#127.0.0.1:submission inet n - n - - smtpd +-#submission inet n - n - - smtpd ++#127.0.0.1:submission inet n - y - - smtpd ++#submission inet n - y - - smtpd + # -o syslog_name=postfix/submission + # -o smtpd_tls_security_level=encrypt + # -o smtpd_sasl_auth_enable=yes +@@ -33,8 +33,8 @@ smtp inet n - n + # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING + # Choose one: enable submissions for loopback clients only, or for any client. +-#127.0.0.1:submissions inet n - n - - smtpd +-#submissions inet n - n - - smtpd ++#127.0.0.1:submissions inet n - y - - smtpd ++#submissions inet n - y - - smtpd + # -o syslog_name=postfix/submissions + # -o smtpd_tls_wrappermode=yes + # -o smtpd_sasl_auth_enable=yes +@@ -49,33 +49,33 @@ smtp inet n - n + # -o smtpd_relay_restrictions= + # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING +-#628 inet n - n - - qmqpd +-pickup unix n - n 60 1 pickup +-cleanup unix n - n - 0 cleanup ++#628 inet n - y - - qmqpd ++pickup unix n - y 60 1 pickup ++cleanup unix n - y - 0 cleanup + qmgr unix n - n 300 1 qmgr + #qmgr unix n - n 300 1 oqmgr +-tlsmgr unix - - n 1000? 1 tlsmgr +-rewrite unix - - n - - trivial-rewrite +-bounce unix - - n - 0 bounce +-defer unix - - n - 0 bounce +-trace unix - - n - 0 bounce +-verify unix - - n - 1 verify +-flush unix n - n 1000? 0 flush ++tlsmgr unix - - y 1000? 1 tlsmgr ++rewrite unix - - y - - trivial-rewrite ++bounce unix - - y - 0 bounce ++defer unix - - y - 0 bounce ++trace unix - - y - 0 bounce ++verify unix - - y - 1 verify ++flush unix n - y 1000? 0 flush + proxymap unix - - n - - proxymap + proxywrite unix - - n - 1 proxymap +-smtp unix - - n - - smtp +-relay unix - - n - - smtp ++smtp unix - - y - - smtp ++relay unix - - y - - smtp + -o syslog_name=postfix/$service_name + # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +-showq unix n - n - - showq +-error unix - - n - - error +-retry unix - - n - - error +-discard unix - - n - - discard ++showq unix n - y - - showq ++error unix - - y - - error ++retry unix - - y - - error ++discard unix - - y - - discard + local unix - n n - - local + virtual unix - n n - - virtual +-lmtp unix - - n - - lmtp +-anvil unix - - n - 1 anvil +-scache unix - - n - 1 scache ++lmtp unix - - y - - lmtp ++anvil unix - - y - 1 anvil ++scache unix - - y - 1 scache + postlog unix-dgram n - n - 1 postlogd + # + # ==================================================================== +@@ -90,8 +90,8 @@ postlog unix-dgram n - n + # maildrop. See the Postfix MAILDROP_README file for details. + # Also specify in main.cf: maildrop_destination_recipient_limit=1 + # +-#maildrop unix - n n - - pipe +-# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} ++maildrop unix - n n - - pipe ++ flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} + # + # ==================================================================== + # +@@ -113,7 +113,6 @@ postlog unix-dgram n - n + # flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} + # + # ==================================================================== +-# + # Old example of delivery via Cyrus. + # + #old-cyrus unix - n n - - pipe +@@ -130,16 +129,11 @@ postlog unix-dgram n - n + # + # Other external delivery methods. + # +-#ifmail unix - n n - - pipe +-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +-# +-#bsmtp unix - n n - - pipe +-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +-# +-#scalemail-backend unix - n n - 2 pipe +-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +-# ${nexthop} ${user} ${extension} +-# +-#mailman unix - n n - - pipe +-# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +-# ${nexthop} ${user} ++ifmail unix - n n - - pipe ++ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) ++bsmtp unix - n n - - pipe ++ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient ++scalemail-backend unix - n n - 2 pipe ++ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} ++mailman unix - n n - - pipe ++ flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} |