Commit 5e037c77 authored by Marco Mariani's avatar Marco Mariani

postfix: further patches, SR and instance

parent 9dd9d080
...@@ -12,7 +12,7 @@ recipe = hexagonit.recipe.download ...@@ -12,7 +12,7 @@ recipe = hexagonit.recipe.download
url =${:_profile_base_location_}/${:filename} url =${:_profile_base_location_}/${:filename}
filename = ${:_buildout_section_name_} filename = ${:_buildout_section_name_}
download-only = true download-only = true
md5sum = fbc07aeab024b86adf3b073fc7e00888 md5sum = 738bcc97b8044c45b58708bdf3a84b8e
[skip-libdb-check.patch] [skip-libdb-check.patch]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
...@@ -33,3 +33,5 @@ patches = ...@@ -33,3 +33,5 @@ patches =
configure-command = make configure-command = make
configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib' configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib'
make-targets = non-interactive-package install_root=${:location} make-targets = non-interactive-package install_root=${:location}
keep-compile-dir = false
...@@ -13,7 +13,7 @@ index 2d91977..0f06298 100644 ...@@ -13,7 +13,7 @@ index 2d91977..0f06298 100644
dict_db_cache_size = var_db_read_buf; dict_db_cache_size = var_db_read_buf;
#endif #endif
diff --git a/src/master/master.c b/src/master/master.c diff --git a/src/master/master.c b/src/master/master.c
index a9d5d1b..6afce2e 100644 index a9d5d1b..db88c55 100644
--- a/src/master/master.c --- a/src/master/master.c
+++ b/src/master/master.c +++ b/src/master/master.c
@@ -315,10 +315,10 @@ int main(int argc, char **argv) @@ -315,10 +315,10 @@ int main(int argc, char **argv)
...@@ -29,6 +29,17 @@ index a9d5d1b..6afce2e 100644 ...@@ -29,6 +29,17 @@ index a9d5d1b..6afce2e 100644
/* /*
* Process JCL. * Process JCL.
@@ -392,8 +392,10 @@ int main(int argc, char **argv)
* all MTA processes cleanly. Give up if we can't separate from our
* parent process. We're not supposed to blow away the parent.
*/
+ /*
if (debug_me == 0 && master_detach != 0 && setsid() == -1 && getsid(0) != getpid())
msg_fatal("unable to set session and process group ID: %m");
+ */
/*
* Make some room for plumbing with file descriptors. XXX This breaks
diff --git a/src/postfix/postfix.c b/src/postfix/postfix.c diff --git a/src/postfix/postfix.c b/src/postfix/postfix.c
index 183c825..007c805 100644 index 183c825..007c805 100644
--- a/src/postfix/postfix.c --- a/src/postfix/postfix.c
...@@ -65,6 +76,54 @@ index 9dabb5d..e678565 100644 ...@@ -65,6 +76,54 @@ index 9dabb5d..e678565 100644
/* /*
* Parse JCL. * Parse JCL.
diff --git a/src/util/chroot_uid.c b/src/util/chroot_uid.c
index 4a7660f..d5d4e67 100644
--- a/src/util/chroot_uid.c
+++ b/src/util/chroot_uid.c
@@ -55,10 +55,11 @@ void chroot_uid(const char *root_dir, const char *user_name)
msg_fatal("unknown user: %s", user_name);
uid = pwd->pw_uid;
gid = pwd->pw_gid;
+ /*
if (setgid(gid) < 0)
msg_fatal("setgid(%ld): %m", (long) gid);
if (initgroups(user_name, gid) < 0)
- msg_fatal("initgroups: %m");
+ msg_fatal("initgroups: %m");*/
}
/*
@@ -74,9 +75,11 @@ void chroot_uid(const char *root_dir, const char *user_name)
/*
* Drop the user privileges.
*/
+ /*
if (user_name != 0)
if (setuid(uid) < 0)
msg_fatal("setuid(%ld): %m", (long) uid);
+ */
/*
* Give the desperate developer a clue of what is happening.
diff --git a/src/util/set_eugid.c b/src/util/set_eugid.c
index ef35380..ed96a69 100644
--- a/src/util/set_eugid.c
+++ b/src/util/set_eugid.c
@@ -53,7 +53,7 @@
void set_eugid(uid_t euid, gid_t egid)
{
- int saved_errno = errno;
+/* int saved_errno = errno;
if (geteuid() != 0)
if (seteuid(0))
@@ -67,4 +67,4 @@ void set_eugid(uid_t euid, gid_t egid)
if (msg_verbose)
msg_info("set_eugid: euid %ld egid %ld", (long) euid, (long) egid);
errno = saved_errno;
-}
+*/}
diff --git a/src/util/set_ugid.c b/src/util/set_ugid.c diff --git a/src/util/set_ugid.c b/src/util/set_ugid.c
index bbcb901..5a7a48b 100644 index bbcb901..5a7a48b 100644
--- a/src/util/set_ugid.c --- a/src/util/set_ugid.c
......
...@@ -5,11 +5,34 @@ extends = ...@@ -5,11 +5,34 @@ extends =
parts = parts =
template template
postfix-main-cf-template
slapos-cookbook slapos-cookbook
[postfix-main-cf-template]
recipe = hexagonit.recipe.download
filename = main.cf.jinja2
url = ${:_profile_base_location_}/etc/${:filename}
mode = 644
#md5sum =
download-only = true
on-update = true
[postfix-master-cf-template]
recipe = hexagonit.recipe.download
filename = master.cf.jinja2
url = ${:_profile_base_location_}/etc/${:filename}
mode = 644
#md5sum =
download-only = true
on-update = true
[template] [template]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg url = ${:_profile_base_location_}/instance.cfg
output = ${buildout:directory}/template.cfg output = ${buildout:directory}/template.cfg
mode = 0644 mode = 0644
#md5sum = 5307e4200f044ae57b504ad68444491c #md5sum =
This diff is collapsed.
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
[buildout] [buildout]
parts = parts =
directory directories
postfix-main-cf
postfix-master-cf
postfix-symlinks-bin
postfix-symlinks-sbin
postfix-symlinks-libexec
service-postfix-master
sh-postfix-environment
# publish-connection-parameter # publish-connection-parameter
...@@ -18,36 +25,121 @@ key = $${slap_connection:key_file} ...@@ -18,36 +25,121 @@ key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file} cert = $${slap_connection:cert_file}
[directory] [directories]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc etc = $${buildout:directory}/etc
script = $${:etc}/run/ etc_postfix = $${:etc}/postfix
script = $${:etc}/run
service = $${:etc}/service service = $${:etc}/service
promise = $${:etc}/promise/ promise = $${:etc}/promise
usr = $${buildout:directory}/usr
usr_bin = $${:usr}/bin
usr_sbin = $${:usr}/sbin
var = $${buildout:directory}/var
var_spool = $${:var}/spool
var_spool_postfix = $${:var_spool}/postfix
var_spool_postfix_active = $${:var_spool_postfix}/active
var_spool_postfix_bounce = $${:var_spool_postfix}/bounce
var_spool_postfix_corrupt = $${:var_spool_postfix}/corrupt
var_spool_postfix_defer = $${:var_spool_postfix}/defer
var_spool_postfix_deferred = $${:var_spool_postfix}/deferred
var_spool_postfix_flush = $${:var_spool_postfix}/flush
var_spool_postfix_hold = $${:var_spool_postfix}/hold
var_spool_postfix_incoming = $${:var_spool_postfix}/incoming
var_spool_postfix_maildrop = $${:var_spool_postfix}/maildrop
var_spool_postfix_pid = $${:var_spool_postfix}/pid
var_spool_postfix_private = $${:var_spool_postfix}/private
var_spool_postfix_public = $${:var_spool_postfix}/public
var_spool_postfix_saved = $${:var_spool_postfix}/saved
var_spool_postfix_trace = $${:var_spool_postfix}/trace
var_lib = $${:var}/lib
var_mail = $${:var}/mail
var_lib_postfix = $${:var_lib}/postfix
[postfix-main-cf]
recipe = slapos.recipe.template:jinja2
template = ${postfix-main-cf-template:location}/${postfix-main-cf-template:filename}
rendered = $${buildout:directory}/etc/postfix/main.cf
extensions = jinja2.ext.do
context =
raw queue_directory $${directories:var_spool_postfix}
raw command_directory $${directories:usr_sbin}
raw daemon_directory ${postfix:location}/usr/libexec/postfix
raw data_directory $${directories:var_lib_postfix}
raw mail_owner postfix
raw alias_database hash:$${directories:etc}/aliases
raw alias_maps hash:$${directories:etc}/aliases, nis:mail.aliases
raw mail_spool_directory $${directories:var_mail}
raw mydomain localdomain
raw myhostname test.localdomain
raw setgid_group slapuser12
mode = 0644
# Create all postfix-related files
[postfix-master-cf] [postfix-master-cf]
recipe = slapos.recipe.template:jinja2
template = ${postfix-master-cf-template:location}/${postfix-master-cf-template:filename}
rendered = $${buildout:directory}/etc/postfix/master.cf
extensions = jinja2.ext.do
#context =
mode = 0644
# Create all postfix-related wrappers [postfix-environment]
[postfix-qmgr] MAIL_CONFIG=$${directories:etc_postfix}
recipe = slapos.cookbook:wrapper
postfix-executable = ${postfix:location}/bin/postfix
command-line = $${:postfix-executable}
wrapper-path = $${directory:service}/qmgr
[postfix-master]
recipe = slapos.cookbook:wrapper
postfix-executable = ${postfix:location}/bin/postfix
command-line = $${:postfix-executable}
wrapper-path = $${directory:service}/master
[postfix-pickup] [sh-postfix-environment]
recipe = slapos.recipe.template:jinja2
template = inline:
export MAIL_CONFIG="{{ postfix_environment['MAIL_CONFIG'] }}"
rendered = $${buildout:directory}/postfix-environment.sh
context =
section postfix_environment postfix-environment
mode = 755
[service-postfix-master]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
postfix-executable = ${postfix:location}/bin/postfix command-line = ${postfix:location}/usr/libexec/postfix/master
command-line = $${:postfix-executable} wrapper-path = $${directories:service}/start-postfix-master
wrapper-path = $${directory:service}/pickup environment = MAIL_CONFIG=$${directories:etc_postfix}
[postfix-symlinks-bin]
recipe = slapos.cookbook:symbolic.link
target-directory = $${directories:usr_bin}
link-binary =
${postfix:location}/usr/bin/mailq
${postfix:location}/usr/bin/newaliases
[postfix-symlinks-sbin]
recipe = slapos.cookbook:symbolic.link
target-directory = $${directories:usr_sbin}
link-binary =
${postfix:location}/usr/sbin/postalias
${postfix:location}/usr/sbin/postcat
${postfix:location}/usr/sbin/postconf
${postfix:location}/usr/sbin/postdrop
${postfix:location}/usr/sbin/postfix
${postfix:location}/usr/sbin/postkick
${postfix:location}/usr/sbin/postlock
${postfix:location}/usr/sbin/postlog
${postfix:location}/usr/sbin/postmap
${postfix:location}/usr/sbin/postmulti
${postfix:location}/usr/sbin/postqueue
${postfix:location}/usr/sbin/postsuper
${postfix:location}/usr/sbin/sendmail
[postfix-symlinks-libexec]
recipe = slapos.cookbook:symbolic.link
target-directory = $${directories:usr}
link-binary =
${postfix:location}/usr/libexec
#[publish-connection-parameter] #[publish-connection-parameter]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment