kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

do not override Postfix's main.cf: instead, we use a /etc/alternc/postfix.cf to hold our configuration changes and apply that on postinst. 

Closes: #1029
This commit is contained in:
Antoine Beaupré 2008-10-06 22:12:41 +00:00
parent a96dafef8b
commit 77ddb5002f
5 changed files with 24 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -279,6 +279,7 @@ etc/alternc/apache-ssl.conf -text
etc/alternc/apache.conf -text etc/alternc/apache.conf -text
etc/alternc/menulist.txt -text etc/alternc/menulist.txt -text
etc/alternc/phpmyadmin.inc.php -text etc/alternc/phpmyadmin.inc.php -text
etc/alternc/postfix.cf -text
etc/alternc/templates/alternc/bureau.conf -text etc/alternc/templates/alternc/bureau.conf -text
etc/alternc/templates/bind/automatic.conf -text etc/alternc/templates/bind/automatic.conf -text
etc/alternc/templates/bind/named.conf -text etc/alternc/templates/bind/named.conf -text
@ -291,7 +292,6 @@ etc/alternc/templates/courier/authdaemonrc -text
etc/alternc/templates/courier/authmysqlrc -text etc/alternc/templates/courier/authmysqlrc -text
etc/alternc/templates/default/saslauthd -text etc/alternc/templates/default/saslauthd -text
etc/alternc/templates/postfix/ca.der -text etc/alternc/templates/postfix/ca.der -text
etc/alternc/templates/postfix/main.cf -text
etc/alternc/templates/postfix/myalias.cf -text etc/alternc/templates/postfix/myalias.cf -text
etc/alternc/templates/postfix/mydomain.cf -text etc/alternc/templates/postfix/mydomain.cf -text
etc/alternc/templates/postfix/mygid.cf -text etc/alternc/templates/postfix/mygid.cf -text

5
debian/changelog vendored
View File

@ -10,6 +10,7 @@ alternc (0.9.9) stable; urgency=low
* #1124: fix database user configuration * #1124: fix database user configuration
* FTP/TLS is now working properly (config is RSA not DSA, and key AND * FTP/TLS is now working properly (config is RSA not DSA, and key AND
certif config must be BOTH populated) certif config must be BOTH populated)
* #1029: do not overwrite the main.cf from postfix
* new features: * new features:
* start logging IP addresses in logs * start logging IP addresses in logs
* rework the sqlbackup script to allow for date-based backups instead of * rework the sqlbackup script to allow for date-based backups instead of
@ -19,9 +20,13 @@ alternc (0.9.9) stable; urgency=low
value or available domains value or available domains
* make a new alternc-slave package that eases installation on NFS-backed * make a new alternc-slave package that eases installation on NFS-backed
frontend nodes frontend nodes
* builtin postgrey and Spamhaus blacklisting configuration
* other changes: * other changes:
* deprecate the mynetwork modification in Postfix, this is now left to the * deprecate the mynetwork modification in Postfix, this is now left to the
admin admin
* note that even though main.cf is not directly overwritten (#1029, as
per Debian Policy), some settings are directly overwritten. those
settings are configured in /etc/alternc/postfix.cf.
-- Antoine Beaupré <anarcat@koumbit.org> Tue, 15 Apr 2008 11:52:56 -0400 -- Antoine Beaupré <anarcat@koumbit.org> Tue, 15 Apr 2008 11:52:56 -0400

4
debian/control vendored
View File

@ -10,7 +10,7 @@ Standards-Version: 3.7.3
Package: alternc Package: alternc
Architecture: all Architecture: all
Pre-depends: debconf (>= 0.5.00) | debconf-2.0 Pre-depends: debconf (>= 0.5.00) | debconf-2.0
Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
Recommends: libapache-mod-gzip, apache-ssl, mysql-server Recommends: libapache-mod-gzip, apache-ssl, mysql-server
Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4) Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4)
Provides: alternc-admintools Provides: alternc-admintools
@ -29,7 +29,7 @@ Homepage: http://www.alternc.org/
Package: alternc-slave Package: alternc-slave
Architecture: all Architecture: all
Pre-depends: debconf (>= 0.5.00) | debconf-2.0 Pre-depends: debconf (>= 0.5.00) | debconf-2.0
Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client Depends: debianutils (>= 1.13.1), apache | apache2, libapache-mod-php5 | libapache2-mod-php5 | libapache-mod-php4 | libapache2-mod-php4, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql | php4-mysql, phpmyadmin, postfix, proftpd-mysql, squirrelmail, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, libsasl2-modules, php5-cli | php4-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, postgrey
Recommends: libapache-mod-gzip, apache-ssl Recommends: libapache-mod-gzip, apache-ssl
Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4), alternc
Provides: alternc Provides: alternc

45
etc/alternc/templates/postfix/main.cf → etc/alternc/postfix.cf
View File

@ -1,31 +1,9 @@
#
# Fichier de configuration de Postfix pour AlternC
# $Id: main.cf,v 1.17 2006/01/12 06:50:15 anarcat Exp $
#
# %%warning_message%%
# pour postfix SARGE v2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
# recipient_delimiter = +
home_mailbox = Maildir/ home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP smtpd_banner = $myhostname ESMTP
header_checks = regexp:/etc/postfix/header_checks header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks body_checks = regexp:/etc/postfix/body_checks
local_destination_concurrency_limit = 8 local_destination_concurrency_limit = 8
default_destination_concurrency_limit = 10 default_destination_concurrency_limit = 10
myhostname = %%fqdn%%
myorigin = %%fqdn%%
# Configuration TLS pour le serveur smtp :
smtpd_use_tls = yes smtpd_use_tls = yes
smtpd_tls_dcert_file = /etc/courier/pop3d.pem smtpd_tls_dcert_file = /etc/courier/pop3d.pem
smtpd_tls_dkey_file = $smtpd_tls_dcert_file smtpd_tls_dkey_file = $smtpd_tls_dcert_file
@ -35,43 +13,22 @@ smtpd_tls_cert_file = $smtpd_tls_dcert_file
smtpd_tls_loglevel = 0 smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# Configuration TLS pour le client smtp
smtp_use_tls = yes smtp_use_tls = yes
smtp_tls_dcert_file = $smtpd_tls_dcert_file smtp_tls_dcert_file = $smtpd_tls_dcert_file
smtp_tls_dkey_file = $smtpd_tls_dcert_file smtp_tls_dkey_file = $smtpd_tls_dcert_file
smtp_tls_CApath = $smtpd_tls_CApath smtp_tls_CApath = $smtpd_tls_CApath
# Configuration SASL via sasldb (/etc/sasldb) uniquement en TLS.
# Sinon le pass passe en clair et c'est mal !
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = postfix smtpd_sasl_local_domain = postfix
smtpd_sasl_security_options = noanonymous smtpd_sasl_security_options = noanonymous
enable_sasl_authentification = yes enable_sasl_authentification = yes
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
#queue_directory = /var/spool/postfix
#command_directory = /usr/sbin
#daemon_directory = /usr/lib/postfix
#mail_owner = postfix
#recipient_delimiter = +
# Pour éviter certains vieux spammeurs.
disable_vrfy_command = yes
# On autorise le relai à : les authentifiés en saslet nos domaines.
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination
alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases alias_maps = mysql:/etc/postfix/myalias.cf hash:/etc/aliases
virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
virtual_mailbox_base = / virtual_mailbox_base = /
virtual_minimum_uid = 1000 virtual_minimum_uid = 1000
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf
virtual_uid_maps = static:33 virtual_uid_maps = static:33
default_privs = www-data default_privs = www-data
program_directory = /usr/lib/postfix smtpd_recipient_restrictions = reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, reject_rbl_client zen.spamhaus.org

16
install/alternc.install
View File

@ -32,7 +32,7 @@ if [ -e /etc/courier/authdaemonrc ]; then
etc/courier/authmysqlrc" etc/courier/authmysqlrc"
fi fi
if [ -d /etc/postfix ]; then if [ -d /etc/postfix ]; then
CONFIG_FILES="$CONFIG_FILES etc/postfix/main.cf etc/postfix/myalias.cf CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf
etc/postfix/mydomain.cf etc/postfix/mygid.cf etc/postfix/mydomain.cf etc/postfix/mygid.cf
etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf" etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
fi fi
@ -213,6 +213,20 @@ if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfi
chmod 640 /etc/postfix/my* chmod 640 /etc/postfix/my*
fi fi
# configure postfix appropriatly for our needs"
while read line
do
postconf -e $line
done < /etc/alternc/postfix.cf
while read line
do
postconf -e $line
done <<EOF
myhostname = $FQDN
myorigin = $FQDN
EOF
if [ -e /etc/courier/authmysqlrc ] ; then if [ -e /etc/courier/authmysqlrc ] ; then
chown root:root /etc/courier/authmysqlrc chown root:root /etc/courier/authmysqlrc
chmod 640 /etc/courier/authmysqlrc chmod 640 /etc/courier/authmysqlrc