From 77ddb5002ffd87f56f6c71135bad35278b0217db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Mon, 6 Oct 2008 22:12:41 +0000 Subject: [PATCH] do not override Postfix's main.cf: instead, we use a /etc/alternc/postfix.cf to hold our configuration changes and apply that on postinst. Closes: #1029 --- .gitattributes | 2 +- debian/changelog | 5 +++ debian/control | 4 +- .../{templates/postfix/main.cf => postfix.cf} | 45 +------------------ install/alternc.install | 16 ++++++- 5 files changed, 24 insertions(+), 48 deletions(-) rename etc/alternc/{templates/postfix/main.cf => postfix.cf} (50%) diff --git a/.gitattributes b/.gitattributes index 9de1707b..13da87b1 100644 --- a/.gitattributes +++ b/.gitattributes @@ -279,6 +279,7 @@ etc/alternc/apache-ssl.conf -text etc/alternc/apache.conf -text etc/alternc/menulist.txt -text etc/alternc/phpmyadmin.inc.php -text +etc/alternc/postfix.cf -text etc/alternc/templates/alternc/bureau.conf -text etc/alternc/templates/bind/automatic.conf -text etc/alternc/templates/bind/named.conf -text @@ -291,7 +292,6 @@ etc/alternc/templates/courier/authdaemonrc -text etc/alternc/templates/courier/authmysqlrc -text etc/alternc/templates/default/saslauthd -text etc/alternc/templates/postfix/ca.der -text -etc/alternc/templates/postfix/main.cf -text etc/alternc/templates/postfix/myalias.cf -text etc/alternc/templates/postfix/mydomain.cf -text etc/alternc/templates/postfix/mygid.cf -text diff --git a/debian/changelog b/debian/changelog index 82fed0c8..ca13f691 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,7 @@ alternc (0.9.9) stable; urgency=low * #1124: fix database user configuration * FTP/TLS is now working properly (config is RSA not DSA, and key AND certif config must be BOTH populated) + * #1029: do not overwrite the main.cf from postfix * new features: * start logging IP addresses in logs * rework the sqlbackup script to allow for date-based backups instead of @@ -19,9 +20,13 @@ alternc (0.9.9) stable; urgency=low value or available domains * make a new alternc-slave package that eases installation on NFS-backed frontend nodes + * builtin postgrey and Spamhaus blacklisting configuration * other changes: * deprecate the mynetwork modification in Postfix, this is now left to the admin + * note that even though main.cf is not directly overwritten (#1029, as + per Debian Policy), some settings are directly overwritten. those + settings are configured in /etc/alternc/postfix.cf. -- Antoine Beaupré Tue, 15 Apr 2008 11:52:56 -0400 diff --git a/debian/control b/debian/control index 785c7668..d709b518 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.7.3 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0 -Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client +Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey Recommends: libapache-mod-gzip, apache-ssl, mysql-server Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4) Provides: alternc-admintools @@ -29,7 +29,7 @@ Homepage: http://www.alternc.org/ Package: alternc-slave Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0 -Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client +Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey Recommends: libapache-mod-gzip, apache-ssl Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Provides: alternc diff --git a/etc/alternc/templates/postfix/main.cf b/etc/alternc/postfix.cf similarity index 50% rename from etc/alternc/templates/postfix/main.cf rename to etc/alternc/postfix.cf index b974fba0..600685b1 100644 --- a/etc/alternc/templates/postfix/main.cf +++ b/etc/alternc/postfix.cf @@ -1,31 +1,9 @@ -# -# Fichier de configuration de Postfix pour AlternC -# $Id: main.cf,v 1.17 2006/01/12 06:50:15 anarcat Exp $ -# -# %%warning_message%% -# pour postfix SARGE v2 - -queue_directory = /var/spool/postfix -command_directory = /usr/sbin -daemon_directory = /usr/lib/postfix -mail_owner = postfix -# recipient_delimiter = + - home_mailbox = Maildir/ - smtpd_banner = $myhostname ESMTP - header_checks = regexp:/etc/postfix/header_checks body_checks = regexp:/etc/postfix/body_checks - local_destination_concurrency_limit = 8 default_destination_concurrency_limit = 10 - -myhostname = %%fqdn%% -myorigin = %%fqdn%% - - -# Configuration TLS pour le serveur smtp : smtpd_use_tls = yes smtpd_tls_dcert_file = /etc/courier/pop3d.pem smtpd_tls_dkey_file = $smtpd_tls_dcert_file @@ -35,43 +13,22 @@ smtpd_tls_cert_file = $smtpd_tls_dcert_file smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s -tls_random_source = dev:/dev/urandom - -# Configuration TLS pour le client smtp smtp_use_tls = yes smtp_tls_dcert_file = $smtpd_tls_dcert_file smtp_tls_dkey_file = $smtpd_tls_dcert_file smtp_tls_CApath = $smtpd_tls_CApath - -# Configuration SASL via sasldb (/etc/sasldb) uniquement en TLS. -# Sinon le pass passe en clair et c'est mal ! smtpd_tls_auth_only = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = postfix smtpd_sasl_security_options = noanonymous enable_sasl_authentification = yes broken_sasl_auth_clients = yes - -#queue_directory = /var/spool/postfix -#command_directory = /usr/sbin -#daemon_directory = /usr/lib/postfix -#mail_owner = postfix -#recipient_delimiter = + - -# Pour éviter certains vieux spammeurs. -disable_vrfy_command = yes - -# On autorise le relai à : les authentifiés en saslet nos domaines. -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination - alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf - virtual_mailbox_base = / virtual_minimum_uid = 1000 virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_uid_maps = static:33 - default_privs = www-data -program_directory = /usr/lib/postfix +smtpd_recipient_restrictions = reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org \ No newline at end of file diff --git a/install/alternc.install b/install/alternc.install index a5598d42..e027e599 100644 --- a/install/alternc.install +++ b/install/alternc.install @@ -32,7 +32,7 @@ if [ -e /etc/courier/authdaemonrc ]; then etc/courier/authmysqlrc" fi if [ -d /etc/postfix ]; then - CONFIG_FILES="$CONFIG_FILES etc/postfix/main.cf etc/postfix/myalias.cf + CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf etc/postfix/mydomain.cf etc/postfix/mygid.cf etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf" fi @@ -213,6 +213,20 @@ if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfi chmod 640 /etc/postfix/my* fi +# configure postfix appropriatly for our needs" +while read line +do + postconf -e $line +done < /etc/alternc/postfix.cf + +while read line +do + postconf -e $line +done <