do not override Postfix's main.cf: instead, we use a /etc/alternc/postfix.cf to hold our configuration changes and apply that on postinst.

Closes: #1029

.gitattributes

@@ -279,6 +279,7 @@ etc/alternc/apache-ssl.conf -text
 etc/alternc/apache.conf -text
 etc/alternc/menulist.txt -text
 etc/alternc/phpmyadmin.inc.php -text
+etc/alternc/postfix.cf -text
 etc/alternc/templates/alternc/bureau.conf -text
 etc/alternc/templates/bind/automatic.conf -text
 etc/alternc/templates/bind/named.conf -text
@@ -291,7 +292,6 @@ etc/alternc/templates/courier/authdaemonrc -text
 etc/alternc/templates/courier/authmysqlrc -text
 etc/alternc/templates/default/saslauthd -text
 etc/alternc/templates/postfix/ca.der -text
-etc/alternc/templates/postfix/main.cf -text
 etc/alternc/templates/postfix/myalias.cf -text
 etc/alternc/templates/postfix/mydomain.cf -text
 etc/alternc/templates/postfix/mygid.cf -text

debian/changelog

@@ -10,6 +10,7 @@ alternc (0.9.9) stable; urgency=low
     * #1124: fix database user configuration
     * FTP/TLS is now working properly (config is RSA not DSA, and key AND
       certif config must be BOTH populated)
+    * #1029: do not overwrite the main.cf from postfix
   * new features:
     * start logging IP addresses in logs
     * rework the sqlbackup script to allow for date-based backups instead of
@@ -19,9 +20,13 @@ alternc (0.9.9) stable; urgency=low
       value or available domains
     * make a new alternc-slave package that eases installation on NFS-backed
       frontend nodes
+    * builtin postgrey and Spamhaus blacklisting configuration
   * other changes:
     * deprecate the mynetwork modification in Postfix, this is now left to the
       admin
+    * note that even though main.cf is not directly overwritten (#1029, as
+      per Debian Policy), some settings are directly overwritten. those
+      settings are configured in /etc/alternc/postfix.cf.
 
  -- Antoine Beaupré <anarcat@koumbit.org>  Tue, 15 Apr 2008 11:52:56 -0400
 

debian/control

@@ -10,7 +10,7 @@ Standards-Version: 3.7.3
 Package: alternc
 Architecture: all
 Pre-depends: debconf (>= 0.5.00) | debconf-2.0
-Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client
+Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
 Recommends: libapache-mod-gzip, apache-ssl, mysql-server
 Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4)
 Provides: alternc-admintools
@@ -29,7 +29,7 @@ Homepage: http://www.alternc.org/
 Package: alternc-slave
 Architecture: all
 Pre-depends: debconf (>= 0.5.00) | debconf-2.0
-Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client
+Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
 Recommends: libapache-mod-gzip, apache-ssl
 Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc
 Provides: alternc

etc/alternc/postfix.cf

@@ -1,31 +1,9 @@
-#
-# Fichier de configuration de Postfix pour AlternC
-# $Id: main.cf,v 1.17 2006/01/12 06:50:15 anarcat Exp $
-# 
-# %%warning_message%% 
-# pour postfix SARGE v2
-
-queue_directory = /var/spool/postfix
-command_directory = /usr/sbin
-daemon_directory = /usr/lib/postfix
-mail_owner = postfix
-# recipient_delimiter = +
-
 home_mailbox = Maildir/
-
 smtpd_banner = $myhostname ESMTP
-
 header_checks = regexp:/etc/postfix/header_checks
 body_checks = regexp:/etc/postfix/body_checks
-
 local_destination_concurrency_limit = 8
 default_destination_concurrency_limit = 10
-
-myhostname = %%fqdn%%
-myorigin = %%fqdn%%
-
-
-# Configuration TLS pour le serveur smtp : 
 smtpd_use_tls = yes
 smtpd_tls_dcert_file = /etc/courier/pop3d.pem
 smtpd_tls_dkey_file = $smtpd_tls_dcert_file
@@ -35,43 +13,22 @@ smtpd_tls_cert_file =  $smtpd_tls_dcert_file
 smtpd_tls_loglevel = 0
 smtpd_tls_received_header = yes
 smtpd_tls_session_cache_timeout = 3600s
-tls_random_source = dev:/dev/urandom
-
-# Configuration TLS pour le client smtp
 smtp_use_tls = yes
 smtp_tls_dcert_file = $smtpd_tls_dcert_file
 smtp_tls_dkey_file = $smtpd_tls_dcert_file
 smtp_tls_CApath = $smtpd_tls_CApath
-
-# Configuration SASL via sasldb (/etc/sasldb) uniquement en TLS.
-# Sinon le pass passe en clair et c'est mal !
 smtpd_tls_auth_only = yes
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_local_domain = postfix
 smtpd_sasl_security_options = noanonymous
 enable_sasl_authentification = yes
 broken_sasl_auth_clients = yes
-
-#queue_directory = /var/spool/postfix
-#command_directory = /usr/sbin
-#daemon_directory = /usr/lib/postfix
-#mail_owner = postfix
-#recipient_delimiter = +
-
-# Pour éviter certains vieux spammeurs.
-disable_vrfy_command = yes
-
-# On autorise le relai à : les authentifiés en saslet nos domaines.
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination
-
 alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases
 virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf
 virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
-
 virtual_mailbox_base = /
 virtual_minimum_uid = 1000
 virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf
 virtual_uid_maps = static:33
-
 default_privs = www-data
-program_directory = /usr/lib/postfix
+smtpd_recipient_restrictions = reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org

install/alternc.install

@@ -32,7 +32,7 @@ if [ -e /etc/courier/authdaemonrc ]; then
                   etc/courier/authmysqlrc"
 fi
 if [ -d /etc/postfix ]; then
-    CONFIG_FILES="$CONFIG_FILES etc/postfix/main.cf etc/postfix/myalias.cf
+    CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf
                   etc/postfix/mydomain.cf etc/postfix/mygid.cf
                   etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
 fi
@@ -213,6 +213,20 @@ if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfi
     chmod 640 /etc/postfix/my*
 fi
 
+# configure postfix appropriatly for our needs"
+while read line
+do
+   postconf -e $line
+done < /etc/alternc/postfix.cf
+
+while read line
+do
+   postconf -e $line
+done <<EOF
+myhostname = $FQDN
+myorigin = $FQDN
+EOF
+
 if [ -e /etc/courier/authmysqlrc ] ; then
     chown root:root /etc/courier/authmysqlrc
     chmod 640 /etc/courier/authmysqlrc