Navigation

← Previous Changeset
Next Changeset →

Changeset 2322

Timestamp:

10/07/08 00:12:41 (1 month ago)

Author:

anarcat

Message:

do not override Postfix's main.cf: instead, we use a /etc/alternc/postfix.cf to hold our configuration changes and apply that on postinst.

Closes: #1029

Files:

alternc/trunk/debian/changelog (modified) (2 diffs)
alternc/trunk/debian/control (modified) (2 diffs)
alternc/trunk/etc/alternc/postfix.cf (moved) (moved from alternc/trunk/etc/alternc/templates/postfix/main.cf) (3 diffs, 1 prop)
alternc/trunk/install/alternc.install (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

alternc/trunk/debian/changelog

r2317	r2322
11	11	* FTP/TLS is now working properly (config is RSA not DSA, and key AND
12	12	certif config must be BOTH populated)
	13	* #1029: do not overwrite the main.cf from postfix
13	14	* new features:
14	15	* start logging IP addresses in logs
…	…
20	21	* make a new alternc-slave package that eases installation on NFS-backed
21	22	frontend nodes
	23	* builtin postgrey and Spamhaus blacklisting configuration
22	24	* other changes:
23	25	* deprecate the mynetwork modification in Postfix, this is now left to the
24	26	admin
	27	* note that even though main.cf is not directly overwritten (#1029, as
	28	per Debian Policy), some settings are directly overwritten. those
	29	settings are configured in /etc/alternc/postfix.cf.
25	30
26	31	-- Antoine BeauprÃ© <anarcat@koumbit.org> Tue, 15 Apr 2008 11:52:56 -0400

alternc/trunk/debian/control

r2312	r2322
11	11	Architecture: all
12	12	Pre-depends: debconf (>= 0.5.00) \| debconf-2.0
13		Depends: debianutils (>= 1.13.1), apache \| apache2, libapache-mod-php5 \| libapache2-mod-php5 \| libapache-mod-php4 \| libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql \| php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql \| courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli \| php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client
	13	Depends: debianutils (>= 1.13.1), apache \| apache2, libapache-mod-php5 \| libapache2-mod-php5 \| libapache-mod-php4 \| libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql \| php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql \| courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli \| php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
14	14	Recommends: libapache-mod-gzip, apache-ssl, mysql-server
15	15	Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4)
…	…
30	30	Architecture: all
31	31	Pre-depends: debconf (>= 0.5.00) \| debconf-2.0
32		Depends: debianutils (>= 1.13.1), apache \| apache2, libapache-mod-php5 \| libapache2-mod-php5 \| libapache-mod-php4 \| libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql \| php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql \| courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli \| php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client
	32	Depends: debianutils (>= 1.13.1), apache \| apache2, libapache-mod-php5 \| libapache2-mod-php5 \| libapache-mod-php4 \| libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql \| php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql \| courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli \| php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
33	33	Recommends: libapache-mod-gzip, apache-ssl
34	34	Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc

alternc/trunk/etc/alternc/postfix.cf

Property svn:mergeinfo set

r2317	r2322
1		#
2		~~# Fichier de configuration de Postfix pour AlternC~~
3		~~# $Id: main.cf,v 1.17 2006/01/12 06:50:15 anarcat Exp $~~
4		#
5		~~# %%warning_message%%~~
6		~~# pour postfix SARGE v2~~
7
8		~~queue_directory = /var/spool/postfix~~
9		~~command_directory = /usr/sbin~~
10		~~daemon_directory = /usr/lib/postfix~~
11		~~mail_owner = postfix~~
12		~~# recipient_delimiter = +~~
13
14	1	home_mailbox = Maildir/
15
16	2	smtpd_banner = $myhostname ESMTP
17
18	3	header_checks = regexp:/etc/postfix/header_checks
19	4	body_checks = regexp:/etc/postfix/body_checks
20
21	5	local_destination_concurrency_limit = 8
22	6	default_destination_concurrency_limit = 10
23
24		~~myhostname = %%fqdn%%~~
25		~~myorigin = %%fqdn%%~~
26
27
28		~~# Configuration TLS pour le serveur smtp :~~
29	7	smtpd_use_tls = yes
30	8	smtpd_tls_dcert_file = /etc/courier/pop3d.pem
…	…
36	14	smtpd_tls_received_header = yes
37	15	smtpd_tls_session_cache_timeout = 3600s
38		~~tls_random_source = dev:/dev/urandom~~
39
40		~~# Configuration TLS pour le client smtp~~
41	16	smtp_use_tls = yes
42	17	smtp_tls_dcert_file = $smtpd_tls_dcert_file
43	18	smtp_tls_dkey_file = $smtpd_tls_dcert_file
44	19	smtp_tls_CApath = $smtpd_tls_CApath
45
46		~~# Configuration SASL via sasldb (/etc/sasldb) uniquement en TLS.~~
47		~~# Sinon le pass passe en clair et c'est mal !~~
48	20	smtpd_tls_auth_only = yes
49	21	smtpd_sasl_auth_enable = yes
…	…
52	24	enable_sasl_authentification = yes
53	25	broken_sasl_auth_clients = yes
54
55		~~#queue_directory = /var/spool/postfix~~
56		~~#command_directory = /usr/sbin~~
57		~~#daemon_directory = /usr/lib/postfix~~
58		~~#mail_owner = postfix~~
59		~~#recipient_delimiter = +~~
60
61		~~# Pour éviter certains vieux spammeurs.~~
62		~~disable_vrfy_command = yes~~
63
64		~~# On autorise le relai à : les authentifiés en saslet nos domaines.~~
65		smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination
66
67	26	alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases
68	27	virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf
69	28	virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
70
71	29	virtual_mailbox_base = /
72	30	virtual_minimum_uid = 1000
73	31	virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf
74	32	virtual_uid_maps = static:33
75
76	33	default_privs = www-data
77		program_directory = /usr/lib/postfix
	34	smtpd_recipient_restrictions = reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org

alternc/trunk/install/alternc.install

r2317	r2322
33	33	fi
34	34	if [ -d /etc/postfix ]; then
35		CONFIG_FILES="$CONFIG_FILES etc/postfix/m~~ain.cf etc/postfix/m~~yalias.cf
	35	CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf
36	36	etc/postfix/mydomain.cf etc/postfix/mygid.cf
37	37	etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
…	…
214	214	fi
215	215
	216	# configure postfix appropriatly for our needs"
	217	while read line
	218	do
	219	postconf -e $line
	220	done < /etc/alternc/postfix.cf
	221
	222	while read line
	223	do
	224	postconf -e $line
	225	done <<EOF
	226	myhostname = $FQDN
	227	myorigin = $FQDN
	228	EOF
	229
216	230	if [ -e /etc/courier/authmysqlrc ] ; then
217	231	chown root:root /etc/courier/authmysqlrc