From ed3d8020bcefc734e1fe958f773040bde68e63e0 Mon Sep 17 00:00:00 2001 From: Val Kulkov Date: Tue, 14 Nov 2017 21:42:55 -0500 Subject: [PATCH] postfix: fix uid/gid conflicts, general cleanup Fix uid/gid conflict with package icecast (uid=87, gid=87) and package pianod (uid=88, gid=88) by claiming uid/gid 25 for postfix instead of 87 and uid/gid 26 for postconf instead of 88. Remove main.cf.default that is not used by any Postfix module. The default configuration parameters are hardcoded into postconf and they are available via "postconf -d ". main.cf.default is therefore unnecessary. "mydomain" parameter should be deduced from the domain configuration setting in /e/c/dhcp rather than from "hostname" in /e/c/system which is often just a hostname without the domain name component. "mynetworks" parameter is unnecessary where "mynetworks_style" is defined. The change of the location of data_directory, queue_directory and mail_spool_directory from /var/lib/postfix, /var/spool/postfix and /var/mail to /data/postfix/lib, /data/postfix/spool and /data/postfix/mail has been postponed until the author of this commit and the maintainer of this package has had a meaningful opportunity to consult with LEDE/OpenWrt developers on the preferred mount point for the persistent data storage device. Change the criteria for executing the post-installation script. Invoke postinst() where the value of "myhostname" parameter in main.cf is not defined rather than where "$config_directory"/opkg_postinst is present with the value of "$config_directory" hardcoded to "$IPKG_INSTROOT"/etc/postfix in /etc/init.d/postfix. Enable PCRE support by default. Remove the code making entries in /etc/sysupgrade.conf and instead define configuration files to be saved during a sysupgrade in Makefile's Package/postfix/conffiles section. Move the creation of mail_spool_directory from host to target in order to enable change of directory ownership to 'postfix' when postinit() is executed on the target. Avoid postfix restart in postinst script that results in an error message during opkg install process. Enable Postfix autostart by creating a link in /etc/rc.d/ on installation. Make the code less verbose. Signed-off-by: Val Kulkov --- mail/postfix/Makefile | 173 +++--- mail/postfix/files/main.cf.default | 856 ----------------------------- mail/postfix/files/postfix.init | 55 +- 3 files changed, 81 insertions(+), 1003 deletions(-) delete mode 100644 mail/postfix/files/main.cf.default diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile index 0039802c4..a04af3d16 100644 --- a/mail/postfix/Makefile +++ b/mail/postfix/Makefile @@ -1,4 +1,4 @@ -# +# # Copyright (C) 2014-2015 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=postfix -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_VERSION:=3.2.3 PKG_SOURCE_URL:= \ https://cdn.postfix.johnriley.me/mirrors/postfix-release/official/ \ @@ -37,6 +37,9 @@ define Package/postfix SECTION:=mail CATEGORY:=Mail TITLE:=Postfix Mail Transmit Agent + USERID:= \ + postfix=25:postfix=25 \ + postdrop=26:postdrop=26 URL:=http://www.postfix.org/ DEPENDS:=+POSTFIX_TLS:libopenssl +POSTFIX_SASL:libsasl2 +POSTFIX_LDAP:libopenldap +POSTFIX_DB:libdb47 +POSTFIX_SQLITE:libsqlite3 +POSTFIX_PGSQL:libpq +POSTFIX_EAI:icu +POSTFIX_PCRE:libpcre endef @@ -66,7 +69,7 @@ define Package/postfix/config bool "BerkeleyDB support" default n help - Implements support for btree files using Berkeley DB. Note that hash files support is not compiled into Berkeley DB OpenWRT distribution + Implements support for btree and hash files using Berkeley DB. config POSTFIX_CDB bool "CDB support" default y @@ -84,7 +87,7 @@ define Package/postfix/config Implement support for PostgreSQL config POSTFIX_PCRE bool "PCRE support" - default n + default y help Implement support for Perl Compatible Regular Expressions config POSTFIX_EAI @@ -102,7 +105,6 @@ endef CCARGS=-DNO_NIS AUXLIBS=-L$(STAGING_DIR)/usr/lib -default_database_type=cdb ifdef CONFIG_POSTFIX_TLS CCARGS+=-DUSE_TLS @@ -122,12 +124,15 @@ endif ifdef CONFIG_POSTFIX_CDB CCARGS+=-DHAS_CDB AUXLIBS+=-lcdb + ifndef default_database_type + default_database_type=cdb + endif endif ifdef CONFIG_POSTFIX_DB AUXLIBS+=-ldb CCARGS+=-DHAS_DB - ifndef CONFIG_POSTFIX_CDB + ifndef default_database_type default_database_type=btree endif else @@ -162,13 +167,12 @@ endif CCARGS+=-DDEF_DB_TYPE=\"$(default_database_type)\" -config_directory=/etc/postfix# also add this to postfix init file +# prevent postfix-install from executing postconf at build time +# by explicitly providing the default values to postfix-install +config_directory=/etc/postfix sample_directory=/etc/postfix command_directory=/usr/sbin daemon_directory=/usr/libexec/postfix -data_directory=/usr/var/lib/postfix -queue_directory=/usr/var/spool/postfix -mail_spool_directory=/usr/var/mail html_directory=no manpage_directory=no readme_directory=no @@ -177,66 +181,38 @@ newaliases_path=/usr/bin/newaliases mailq_path=/usr/bin/mailq shlib_directory=/usr/lib/postfix meta_directory=/etc/postfix +data_directory=/usr/var/lib/postfix +queue_directory=/usr/var/spool/postfix +mail_spool_directory=/usr/var/mail ln_suffix=.postfix -ln_old_suffix=.old +ln_suffix_pre_pf=.pre-postfix +ln_suffix_legacy=.old define Package/postfix/conffiles -$(config_directory)/main.cf -$(config_directory)/master.cf -$(config_directory)/aliases -$(config_directory)/virtual +$(config_directory) endef define Build/Configure - if [ "$(CONFIG_POSTFIX_DB)" = "" -a "$(CONFIG_POSTFIX_CDB)" = "" ]; then\ - echo "Build error: You must select at least one of the DB types";\ - exit 1;\ + if [ "$(default_database_type)" = "" ]; then \ + echo "Build error: CDB or BerkeleyDB support must be enabled."; \ + exit 1; \ fi - cd $(PKG_BUILD_DIR); $(MAKE) makefiles CCARGS='$(CCARGS)' $(TARGET_CONFIGURE_OPTS) AUXLIBS="$(AUXLIBS)" endef -# Steps to regenerate files/main.cf.default: -# -# 1. Compile the package with current file -# 2. Execute the following command on target device: -# postconf -d > /tmp/main.cf.new -# 3. Transfer /tmp/main.cf.new file to the build system -# 4. Execute the following command: -# cat /tmp/main.cf.new | ( echo '# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE'; echo '# TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX.'; echo '#'; grep -v ^alias_maps\ = |grep -v ^alias_database\ = |grep -v ^command_directory\ = |grep -v ^config_directory\ = |grep -v ^daemon_directory\ = |grep -v ^data_directory\ = |grep -v ^default_database_type\ = |grep -v ^html_directory\ = |grep -v ^mail_spool_directory\ = |grep -v ^mailq_path\ = |grep -v ^manpage_directory\ = |grep -v ^meta_directory\ = |grep -v ^mydomain\ = |grep -v ^myhostname\ = |grep -v ^mynetworks\ = |grep -v ^mynetworks_style\ = |grep -v ^newaliases_path\ = |grep -v ^queue_directory\ = |grep -v ^readme_directory\ = |grep -v ^sample_directory\ = |grep -v ^sendmail_path\ = |grep -v ^shlib_directory\ = |grep -v ^smtputf8_enable\ = |grep -v ^virtual_maps\ = |grep -v ^process_id\ = ) > files/main.cf.default -# 5. Done. Now you can rebuild the package with new main.cf.default. -# - define Build/Compile # Currently postfix has a bug with Makefiles that CCARGS are not passed to the compiler, so we are copying them to CC as a workaround cd $(PKG_BUILD_DIR); $(MAKE) $(TARGET_CONFIGURE_OPTS) CC='$(TARGET_CC) $(CCARGS)' - cp ./files/main.cf.default $(PKG_BUILD_DIR)/conf/main.cf.default - echo "default_database_type = $(default_database_type)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "alias_database = $(default_database_type):$(config_directory)/aliases" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "alias_maps = $(default_database_type):$(config_directory)/aliases" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "virtual_maps = $(default_database_type):$(config_directory)/virtual" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "sendmail_path = $(sendmail_path)$(ln_suffix)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "newaliases_path = $(newaliases_path)$(ln_suffix)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "mailq_path = $(mailq_path)$(ln_suffix)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "html_directory = $(html_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "manpage_directory = $(manpage_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "sample_directory = $(sample_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "readme_directory = $(readme_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "command_directory = $(command_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "daemon_directory = $(daemon_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "data_directory = $(data_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "queue_directory = $(queue_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "config_directory = $(config_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "mail_spool_directory = $(mail_spool_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "shlib_directory = $(shlib_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "meta_directory = $(meta_directory)" >> $(PKG_BUILD_DIR)/conf/main.cf.default - echo "smtputf8_enable = $(smtputf8_conf)" >> $(PKG_BUILD_DIR)/conf/main.cf.default + $(foreach p, \ + default_database_type config_directory command_directory daemon_directory \ + shlib_directory manpage_directory data_directory queue_directory \ + mail_spool_directory, \ + echo "$(p) = $($(p))" >> $(PKG_BUILD_DIR)/conf/main.cf;) endef define Package/postfix/install cd $(PKG_BUILD_DIR); $(MAKE) install_root=$(1) command_directory=$(command_directory) daemon_directory=$(daemon_directory) data_directory=$(data_directory) html_directory=$(html_directory) mail_owner=postfix mailq_path=$(mailq_path)$(ln_suffix) manpage_directory=$(manpage_directory) newaliases_path=$(newaliases_path)$(ln_suffix) queue_directory=$(queue_directory) readme_directory=$(readme_directory) sendmail_path=$(sendmail_path)$(ln_suffix) setgid_group=postdrop sample_directory=$(sample_directory) config_directory=$(config_directory) shlib_directory=$(shlib_directory) meta_directory=$(meta_directory) mail_version=$(PKG_VERSION) non-interactive-package - $(INSTALL_DIR) $(1)$(mail_spool_directory) $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) ./files/postfix.init $(1)/etc/init.d/postfix endef @@ -244,69 +220,46 @@ endef define Package/postfix/postinst #!/bin/sh - if [ -f "$${IPKG_INSTROOT}$(sendmail_path)" -a "$$(readlink "$${IPKG_INSTROOT}$(sendmail_path)")" != "$(sendmail_path)$(ln_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(sendmail_path)" "$${IPKG_INSTROOT}$(sendmail_path)$(ln_old_suffix)" - echo "Warning: $${IPKG_INSTROOT}$(sendmail_path) saved as $${IPKG_INSTROOT}$(sendmail_path)$(ln_old_suffix)" - fi - if [ ! -f "$${IPKG_INSTROOT}$(sendmail_path)" ]; then - ln -s "$(sendmail_path)$(ln_suffix)" "$${IPKG_INSTROOT}$(sendmail_path)" - fi - - if [ -f "$${IPKG_INSTROOT}$(newaliases_path)" -a "$$(readlink "$${IPKG_INSTROOT}$(newaliases_path)")" != "$(newaliases_path)$(ln_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(newaliases_path)" "$${IPKG_INSTROOT}$(newaliases_path)$(ln_old_suffix)" - echo "Warning: $${IPKG_INSTROOT}$(newaliases_path) saved as $${IPKG_INSTROOT}$(newaliases_path)$(ln_old_suffix)" - fi - if [ ! -f "$${IPKG_INSTROOT}$(newaliases_path)" ]; then - ln -s "$(newaliases_path)$(ln_suffix)" "$${IPKG_INSTROOT}$(newaliases_path)" - fi - - if [ -f "$${IPKG_INSTROOT}$(mailq_path)" -a "$$(readlink "$${IPKG_INSTROOT}$(mailq_path)")" != "$(mailq_path)$(ln_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(mailq_path)" "$${IPKG_INSTROOT}$(mailq_path)$(ln_old_suffix)" - echo "Warning: $${IPKG_INSTROOT}$(mailq_path) saved as $${IPKG_INSTROOT}$(mailq_path)$(ln_old_suffix)" - fi - if [ ! -f "$(mailq_path)" ]; then - ln -s "$(mailq_path)$(ln_suffix)" "$${IPKG_INSTROOT}$(mailq_path)" - fi - - grep -qc main\.cf "$${IPKG_INSTROOT}"/etc/sysupgrade.conf >/dev/null || echo "$(config_directory)/main.cf" >> "$${IPKG_INSTROOT}"/etc/sysupgrade.conf - grep -qc master\.cf "$${IPKG_INSTROOT}"/etc/sysupgrade.conf >/dev/null || echo "$(config_directory)/master.cf" >> "$${IPKG_INSTROOT}"/etc/sysupgrade.conf - grep -qc aliases "$${IPKG_INSTROOT}"/etc/sysupgrade.conf >/dev/null || echo "$(config_directory)/aliases" >> "$${IPKG_INSTROOT}"/etc/sysupgrade.conf - grep -qc virtual "$${IPKG_INSTROOT}"/etc/sysupgrade.conf >/dev/null || echo "$(config_directory)/virtual" >> "$${IPKG_INSTROOT}"/etc/sysupgrade.conf - - touch "$${IPKG_INSTROOT}$(config_directory)"/opkg_postinst - - if [ -z "$${IPKG_INSTROOT}" ]; then - ps | grep "postfix/master" | grep -cvq grep >/dev/null && /etc/init.d/postfix restart - fi +for syml in $(sendmail_path) $(newaliases_path) $(mailq_path); do + file=$${IPKG_INSTROOT}$${syml} + if [ -f "$${file}$(ln_suffix_legacy)" ]; then + # update files saved by legacy versions of Postfix postinst script + mv "$${file}$(ln_suffix_legacy)" "$${file}$(ln_suffix_pre_pf)" + fi + if [ -f "$${file}" ]; then + linktarget=$$(basename $$(readlink "$${file}")) + postfixf=$$(basename "$${syml}")$(ln_suffix) + if [ $${linktarget} != $${postfixf} ]; then + mv "$${file}" "$${file}$(ln_suffix_pre_pf)" + echo "Info: $${file} saved as $${file}$(ln_suffix_pre_pf)" + fi + fi + if [ ! -f "$${file}" ]; then + ln -s "$${syml}$(ln_suffix)" "$${file}" + fi +done +# fix file/dir ownership in data_directory and queue_directory +if [ -z "$${IPKG_INSTROOT}" ]; then + postfix set-permissions +fi endef -define Package/postfix/prerm -#!/bin/sh - ps | grep "postfix/master" | grep -cvq grep >/dev/null && postfix stop - /etc/init.d/postfix disable -endef - define Package/postfix/postrm #!/bin/sh - rm -f $${IPKG_INSTROOT}$(config_directory)/aliases.cdb $${IPKG_INSTROOT}$(config_directory)/aliases.db $${IPKG_INSTROOT}$(data_directory)/master.lock - - rm -f $${IPKG_INSTROOT}$(config_directory)/virtual.cdb $${IPKG_INSTROOT}$(config_directory)/virtual.db - - rm -f "$${IPKG_INSTROOT}$(sendmail_path)" "$${IPKG_INSTROOT}$(newaliases_path)" "$${IPKG_INSTROOT}$(mailq_path)" - - if [ -f "$${IPKG_INSTROOT}$(sendmail_path)$(ln_old_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(sendmail_path)$(ln_old_suffix)" "$${IPKG_INSTROOT}$(sendmail_path)" - echo "Warning: $${IPKG_INSTROOT}$(sendmail_path) restored from $${IPKG_INSTROOT}$(sendmail_path)$(ln_old_suffix)" - fi - if [ -f "$${IPKG_INSTROOT}$(newaliases_path)$(ln_old_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(newaliases_path)$(ln_old_suffix)" "$${IPKG_INSTROOT}$(newaliases_path)" - echo "Warning: $${IPKG_INSTROOT}$(newaliases_path) restored from $${IPKG_INSTROOT}$(newaliases_path)$(ln_old_suffix)" - fi - if [ -f "$${IPKG_INSTROOT}$(mailq_path)$(ln_old_suffix)" ]; then - mv "$${IPKG_INSTROOT}$(mailq_path)$(ln_old_suffix)" "$${IPKG_INSTROOT}$(mailq_path)" - echo "Warning: $${IPKG_INSTROOT}$(mailq_path) restored from $${IPKG_INSTROOT}$(mailq_path)$(ln_old_suffix)" - fi +rm -f "$(sendmail_path)" "$(newaliases_path)" "$(mailq_path)" + +for syml in "$(sendmail_path)" "$(newaliases_path)" "$(mailq_path)"; do + file=$${IPKG_INSTROOT}$${syml} + if [ -f "$${file}$(ln_suffix_legacy)" ]; then + # update files saved by legacy versions of Postfix postinst script + mv "$${file}$(ln_suffix_legacy)" "$${file}$(ln_suffix_pre_pf)" + fi + if [ -f "$${syml}$(ln_suffix_pre_pf)" ]; then + mv "$${syml}$(ln_suffix_pre_pf)" "$${syml}" + echo "Info: $${syml}$(ln_suffix_pre_pf) restored as $${syml}" + fi +done endef $(eval $(call BuildPackage,postfix)) diff --git a/mail/postfix/files/main.cf.default b/mail/postfix/files/main.cf.default deleted file mode 100644 index 5024579bd..000000000 --- a/mail/postfix/files/main.cf.default +++ /dev/null @@ -1,856 +0,0 @@ -# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE -# TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX. -# -2bounce_notice_recipient = postmaster -access_map_defer_code = 450 -access_map_reject_code = 554 -address_verify_cache_cleanup_interval = 12h -address_verify_default_transport = $default_transport -address_verify_local_transport = $local_transport -address_verify_map = btree:$data_directory/verify_cache -address_verify_negative_cache = yes -address_verify_negative_expire_time = 3d -address_verify_negative_refresh_time = 3h -address_verify_pending_request_limit = 5000 -address_verify_poll_count = ${stress?{1}:{3}} -address_verify_poll_delay = 3s -address_verify_positive_expire_time = 31d -address_verify_positive_refresh_time = 7d -address_verify_relay_transport = $relay_transport -address_verify_relayhost = $relayhost -address_verify_sender = $double_bounce_sender -address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps -address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps -address_verify_sender_ttl = 0s -address_verify_service_name = verify -address_verify_transport_maps = $transport_maps -address_verify_virtual_transport = $virtual_transport -allow_mail_to_commands = alias, forward -allow_mail_to_files = alias, forward -allow_min_user = no -allow_percent_hack = yes -allow_untrusted_routing = no -alternate_config_directories = -always_add_missing_headers = no -always_bcc = -anvil_rate_time_unit = 60s -anvil_status_update_time = 600s -append_at_myorigin = yes -append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}} -application_event_drain_time = 100s -authorized_flush_users = static:anyone -authorized_mailq_users = static:anyone -authorized_submit_users = static:anyone -backwards_bounce_logfile_compatibility = yes -berkeley_db_create_buffer_size = 16777216 -berkeley_db_read_buffer_size = 131072 -best_mx_transport = -biff = yes -body_checks = -body_checks_size_limit = 51200 -bounce_notice_recipient = postmaster -bounce_queue_lifetime = 5d -bounce_service_name = bounce -bounce_size_limit = 50000 -bounce_template_file = -broken_sasl_auth_clients = no -canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient -canonical_maps = -cleanup_service_name = cleanup -command_execution_directory = -command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -command_time_limit = 1000s -compatibility_level = 0 -confirm_delay_cleared = no -connection_cache_protocol_timeout = 5s -connection_cache_service_name = scache -connection_cache_status_update_time = 600s -connection_cache_ttl_limit = 2s -content_filter = -cyrus_sasl_config_path = -daemon_table_open_error_is_fatal = no -daemon_timeout = 18000s -debug_peer_level = 2 -debug_peer_list = -debugger_command = -default_delivery_slot_cost = 5 -default_delivery_slot_discount = 50 -default_delivery_slot_loan = 3 -default_delivery_status_filter = -default_destination_concurrency_failed_cohort_limit = 1 -default_destination_concurrency_limit = 20 -default_destination_concurrency_negative_feedback = 1 -default_destination_concurrency_positive_feedback = 1 -default_destination_rate_delay = 0s -default_destination_recipient_limit = 50 -default_extra_recipient_limit = 1000 -default_filter_nexthop = -default_minimum_delivery_slots = 3 -default_privs = nobody -default_process_limit = 100 -default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} -default_recipient_limit = 20000 -default_recipient_refill_delay = 5s -default_recipient_refill_limit = 100 -default_transport = smtp -default_transport_rate_delay = 0s -default_verp_delimiters = += -defer_code = 450 -defer_service_name = defer -defer_transports = -delay_logging_resolution_limit = 2 -delay_notice_recipient = postmaster -delay_warning_time = 0h -deliver_lock_attempts = 20 -deliver_lock_delay = 1s -destination_concurrency_feedback_debug = no -detect_8bit_encoding_header = yes -disable_dns_lookups = no -disable_mime_input_processing = no -disable_mime_output_conversion = no -disable_verp_bounces = no -disable_vrfy_command = no -dns_ncache_ttl_fix_enable = no -dnsblog_reply_delay = 0s -dnsblog_service_name = dnsblog -dont_remove = 0 -double_bounce_sender = double-bounce -duplicate_filter_limit = 1000 -empty_address_default_transport_maps_lookup_key = <> -empty_address_recipient = MAILER-DAEMON -empty_address_relayhost_maps_lookup_key = <> -enable_long_queue_ids = no -enable_original_recipient = yes -error_delivery_slot_cost = $default_delivery_slot_cost -error_delivery_slot_discount = $default_delivery_slot_discount -error_delivery_slot_loan = $default_delivery_slot_loan -error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -error_destination_concurrency_limit = $default_destination_concurrency_limit -error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -error_destination_rate_delay = $default_destination_rate_delay -error_destination_recipient_limit = $default_destination_recipient_limit -error_extra_recipient_limit = $default_extra_recipient_limit -error_initial_destination_concurrency = $initial_destination_concurrency -error_minimum_delivery_slots = $default_minimum_delivery_slots -error_notice_recipient = postmaster -error_recipient_limit = $default_recipient_limit -error_recipient_refill_delay = $default_recipient_refill_delay -error_recipient_refill_limit = $default_recipient_refill_limit -error_service_name = error -error_transport_rate_delay = $default_transport_rate_delay -execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -expand_owner_alias = no -export_environment = TZ MAIL_CONFIG LANG -fallback_transport = -fallback_transport_maps = -fast_flush_domains = $relay_domains -fast_flush_purge_time = 7d -fast_flush_refresh_time = 12h -fault_injection_code = 0 -flush_service_name = flush -fork_attempts = 5 -fork_delay = 1s -forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward -frozen_delivered_to = yes -hash_queue_depth = 1 -hash_queue_names = deferred, defer -header_address_token_limit = 10240 -header_checks = -header_size_limit = 102400 -helpful_warnings = yes -home_mailbox = -hopcount_limit = 50 -ignore_mx_lookup_error = no -import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C -in_flow_delay = 1s -inet_interfaces = all -inet_protocols = all -initial_destination_concurrency = 5 -internal_mail_filter_classes = -invalid_hostname_reject_code = 501 -ipc_idle = 5s -ipc_timeout = 3600s -ipc_ttl = 1000s -line_length_limit = 2048 -lmdb_map_size = 16777216 -lmtp_address_preference = any -lmtp_address_verify_target = rcpt -lmtp_assume_final = no -lmtp_bind_address = -lmtp_bind_address6 = -lmtp_body_checks = -lmtp_cname_overrides_servername = no -lmtp_connect_timeout = 0s -lmtp_connection_cache_destinations = -lmtp_connection_cache_on_demand = yes -lmtp_connection_cache_time_limit = 2s -lmtp_connection_reuse_count_limit = 0 -lmtp_connection_reuse_time_limit = 300s -lmtp_data_done_timeout = 600s -lmtp_data_init_timeout = 120s -lmtp_data_xfer_timeout = 180s -lmtp_defer_if_no_mx_address_found = no -lmtp_delivery_slot_cost = $default_delivery_slot_cost -lmtp_delivery_slot_discount = $default_delivery_slot_discount -lmtp_delivery_slot_loan = $default_delivery_slot_loan -lmtp_delivery_status_filter = $default_delivery_status_filter -lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -lmtp_destination_concurrency_limit = $default_destination_concurrency_limit -lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -lmtp_destination_rate_delay = $default_destination_rate_delay -lmtp_destination_recipient_limit = $default_destination_recipient_limit -lmtp_discard_lhlo_keyword_address_maps = -lmtp_discard_lhlo_keywords = -lmtp_dns_reply_filter = -lmtp_dns_resolver_options = -lmtp_dns_support_level = -lmtp_enforce_tls = no -lmtp_extra_recipient_limit = $default_extra_recipient_limit -lmtp_fallback_relay = -lmtp_generic_maps = -lmtp_header_checks = -lmtp_host_lookup = dns -lmtp_initial_destination_concurrency = $initial_destination_concurrency -lmtp_lhlo_name = $myhostname -lmtp_lhlo_timeout = 300s -lmtp_line_length_limit = 998 -lmtp_mail_timeout = 300s -lmtp_mime_header_checks = -lmtp_minimum_delivery_slots = $default_minimum_delivery_slots -lmtp_mx_address_limit = 5 -lmtp_mx_session_limit = 2 -lmtp_nested_header_checks = -lmtp_per_record_deadline = no -lmtp_pix_workaround_delay_time = 10s -lmtp_pix_workaround_maps = -lmtp_pix_workaround_threshold_time = 500s -lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf -lmtp_quit_timeout = 300s -lmtp_quote_rfc821_envelope = yes -lmtp_randomize_addresses = yes -lmtp_rcpt_timeout = 300s -lmtp_recipient_limit = $default_recipient_limit -lmtp_recipient_refill_delay = $default_recipient_refill_delay -lmtp_recipient_refill_limit = $default_recipient_refill_limit -lmtp_reply_filter = -lmtp_rset_timeout = 20s -lmtp_sasl_auth_cache_name = -lmtp_sasl_auth_cache_time = 90d -lmtp_sasl_auth_enable = no -lmtp_sasl_auth_soft_bounce = yes -lmtp_sasl_mechanism_filter = -lmtp_sasl_password_maps = -lmtp_sasl_path = -lmtp_sasl_security_options = noplaintext, noanonymous -lmtp_sasl_tls_security_options = $lmtp_sasl_security_options -lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options -lmtp_sasl_type = cyrus -lmtp_send_dummy_mail_auth = no -lmtp_send_xforward_command = no -lmtp_sender_dependent_authentication = no -lmtp_skip_5xx_greeting = yes -lmtp_skip_quit_response = no -lmtp_starttls_timeout = 300s -lmtp_tcp_port = 24 -lmtp_tls_CAfile = -lmtp_tls_CApath = -lmtp_tls_block_early_mail_reply = no -lmtp_tls_cert_file = -lmtp_tls_ciphers = medium -lmtp_tls_dcert_file = -lmtp_tls_dkey_file = $lmtp_tls_dcert_file -lmtp_tls_eccert_file = -lmtp_tls_eckey_file = $lmtp_tls_eccert_file -lmtp_tls_enforce_peername = yes -lmtp_tls_exclude_ciphers = -lmtp_tls_fingerprint_cert_match = -lmtp_tls_fingerprint_digest = md5 -lmtp_tls_force_insecure_host_tlsa_lookup = no -lmtp_tls_key_file = $lmtp_tls_cert_file -lmtp_tls_loglevel = 0 -lmtp_tls_mandatory_ciphers = medium -lmtp_tls_mandatory_exclude_ciphers = -lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 -lmtp_tls_note_starttls_offer = no -lmtp_tls_per_site = -lmtp_tls_policy_maps = -lmtp_tls_protocols = !SSLv2, !SSLv3 -lmtp_tls_scert_verifydepth = 9 -lmtp_tls_secure_cert_match = nexthop -lmtp_tls_security_level = -lmtp_tls_session_cache_database = -lmtp_tls_session_cache_timeout = 3600s -lmtp_tls_trust_anchor_file = -lmtp_tls_verify_cert_match = hostname -lmtp_tls_wrappermode = no -lmtp_transport_rate_delay = $default_transport_rate_delay -lmtp_use_tls = no -lmtp_xforward_timeout = 300s -local_command_shell = -local_delivery_slot_cost = $default_delivery_slot_cost -local_delivery_slot_discount = $default_delivery_slot_discount -local_delivery_slot_loan = $default_delivery_slot_loan -local_delivery_status_filter = $default_delivery_status_filter -local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -local_destination_concurrency_limit = 2 -local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -local_destination_rate_delay = $default_destination_rate_delay -local_destination_recipient_limit = 1 -local_extra_recipient_limit = $default_extra_recipient_limit -local_header_rewrite_clients = permit_inet_interfaces -local_initial_destination_concurrency = $initial_destination_concurrency -local_minimum_delivery_slots = $default_minimum_delivery_slots -local_recipient_limit = $default_recipient_limit -local_recipient_maps = proxy:unix:passwd.byname $alias_maps -local_recipient_refill_delay = $default_recipient_refill_delay -local_recipient_refill_limit = $default_recipient_refill_limit -local_transport = local:$myhostname -local_transport_rate_delay = $default_transport_rate_delay -luser_relay = -mail_name = Postfix -mail_owner = postfix -mail_release_date = 20161001 -mail_version = 3.1.3 -mailbox_command = -mailbox_command_maps = -mailbox_delivery_lock = fcntl, dotlock -mailbox_size_limit = 51200000 -mailbox_transport = -mailbox_transport_maps = -maps_rbl_domains = -maps_rbl_reject_code = 554 -masquerade_classes = envelope_sender, header_sender, header_recipient -masquerade_domains = -masquerade_exceptions = -master_service_disable = -max_idle = 100s -max_use = 100 -maximal_backoff_time = 4000s -maximal_queue_lifetime = 5d -message_drop_headers = bcc, content-length, resent-bcc, return-path -message_reject_characters = -message_size_limit = 10240000 -message_strip_characters = -milter_command_timeout = 30s -milter_connect_macros = j {daemon_name} v -milter_connect_timeout = 30s -milter_content_timeout = 300s -milter_data_macros = i -milter_default_action = tempfail -milter_end_of_data_macros = i -milter_end_of_header_macros = i -milter_header_checks = -milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} -milter_macro_daemon_name = $myhostname -milter_macro_defaults = -milter_macro_v = $mail_name $mail_version -milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} -milter_protocol = 6 -milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} -milter_unknown_command_macros = -mime_boundary_length_limit = 2048 -mime_header_checks = $header_checks -mime_nesting_limit = 100 -minimal_backoff_time = 300s -multi_instance_directories = -multi_instance_enable = no -multi_instance_group = -multi_instance_name = -multi_instance_wrapper = -multi_recipient_bounce_reject_code = 550 -mydestination = $myhostname, localhost.$mydomain, localhost -myorigin = $myhostname -nested_header_checks = $header_checks -non_fqdn_reject_code = 504 -non_smtpd_milters = -notify_classes = resource, software -openssl_path = openssl -owner_request_special = yes -parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps -permit_mx_backup_networks = -pickup_service_name = pickup -pipe_delivery_status_filter = $default_delivery_status_filter -plaintext_reject_code = 450 -postmulti_control_commands = reload flush -postmulti_start_commands = start -postmulti_stop_commands = stop abort drain quick-stop -postscreen_access_list = permit_mynetworks -postscreen_bare_newline_action = ignore -postscreen_bare_newline_enable = no -postscreen_bare_newline_ttl = 30d -postscreen_blacklist_action = ignore -postscreen_cache_cleanup_interval = 12h -postscreen_cache_map = btree:$data_directory/postscreen_cache -postscreen_cache_retention_time = 7d -postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit -postscreen_command_count_limit = 20 -postscreen_command_filter = -postscreen_command_time_limit = ${stress?{10}:{300}}s -postscreen_disable_vrfy_command = $disable_vrfy_command -postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps -postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords -postscreen_dnsbl_action = ignore -postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h -postscreen_dnsbl_min_ttl = 60s -postscreen_dnsbl_reply_map = -postscreen_dnsbl_sites = -postscreen_dnsbl_threshold = 1 -postscreen_dnsbl_timeout = 10s -postscreen_dnsbl_whitelist_threshold = 0 -postscreen_enforce_tls = $smtpd_enforce_tls -postscreen_expansion_filter = $smtpd_expansion_filter -postscreen_forbidden_commands = $smtpd_forbidden_commands -postscreen_greet_action = ignore -postscreen_greet_banner = $smtpd_banner -postscreen_greet_ttl = 1d -postscreen_greet_wait = ${stress?{2}:{6}}s -postscreen_helo_required = $smtpd_helo_required -postscreen_non_smtp_command_action = drop -postscreen_non_smtp_command_enable = no -postscreen_non_smtp_command_ttl = 30d -postscreen_pipelining_action = enforce -postscreen_pipelining_enable = no -postscreen_pipelining_ttl = 30d -postscreen_post_queue_limit = $default_process_limit -postscreen_pre_queue_limit = $default_process_limit -postscreen_reject_footer = $smtpd_reject_footer -postscreen_tls_security_level = $smtpd_tls_security_level -postscreen_upstream_proxy_protocol = -postscreen_upstream_proxy_timeout = 5s -postscreen_use_tls = $smtpd_use_tls -postscreen_watchdog_timeout = 10s -postscreen_whitelist_interfaces = static:all -prepend_delivered_header = command, file, forward -process_id_directory = pid -process_name = postconf -propagate_unmatched_extensions = canonical, virtual -proxy_interfaces = -proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions -proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map -proxymap_service_name = proxymap -proxywrite_service_name = proxywrite -qmgr_clog_warn_time = 300s -qmgr_daemon_timeout = 1000s -qmgr_fudge_factor = 100 -qmgr_ipc_timeout = 60s -qmgr_message_active_limit = 20000 -qmgr_message_recipient_limit = 20000 -qmgr_message_recipient_minimum = 10 -qmqpd_authorized_clients = -qmqpd_client_port_logging = no -qmqpd_error_delay = 1s -qmqpd_timeout = 300s -queue_file_attribute_count_limit = 100 -queue_minfree = 0 -queue_run_delay = 300s -queue_service_name = qmgr -rbl_reply_maps = -receive_override_options = -recipient_bcc_maps = -recipient_canonical_classes = envelope_recipient, header_recipient -recipient_canonical_maps = -recipient_delimiter = -reject_code = 554 -reject_tempfail_action = defer_if_permit -relay_clientcerts = -relay_delivery_slot_cost = $default_delivery_slot_cost -relay_delivery_slot_discount = $default_delivery_slot_discount -relay_delivery_slot_loan = $default_delivery_slot_loan -relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -relay_destination_concurrency_limit = $default_destination_concurrency_limit -relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -relay_destination_rate_delay = $default_destination_rate_delay -relay_destination_recipient_limit = $default_destination_recipient_limit -relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} -relay_domains_reject_code = 554 -relay_extra_recipient_limit = $default_extra_recipient_limit -relay_initial_destination_concurrency = $initial_destination_concurrency -relay_minimum_delivery_slots = $default_minimum_delivery_slots -relay_recipient_limit = $default_recipient_limit -relay_recipient_maps = -relay_recipient_refill_delay = $default_recipient_refill_delay -relay_recipient_refill_limit = $default_recipient_refill_limit -relay_transport = relay -relay_transport_rate_delay = $default_transport_rate_delay -relayhost = -relocated_maps = -remote_header_rewrite_domain = -require_home_directory = no -reset_owner_alias = no -resolve_dequoted_address = yes -resolve_null_domain = no -resolve_numeric_domain = no -retry_delivery_slot_cost = $default_delivery_slot_cost -retry_delivery_slot_discount = $default_delivery_slot_discount -retry_delivery_slot_loan = $default_delivery_slot_loan -retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -retry_destination_concurrency_limit = $default_destination_concurrency_limit -retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -retry_destination_rate_delay = $default_destination_rate_delay -retry_destination_recipient_limit = $default_destination_recipient_limit -retry_extra_recipient_limit = $default_extra_recipient_limit -retry_initial_destination_concurrency = $initial_destination_concurrency -retry_minimum_delivery_slots = $default_minimum_delivery_slots -retry_recipient_limit = $default_recipient_limit -retry_recipient_refill_delay = $default_recipient_refill_delay -retry_recipient_refill_limit = $default_recipient_refill_limit -retry_transport_rate_delay = $default_transport_rate_delay -rewrite_service_name = rewrite -send_cyrus_sasl_authzid = no -sender_bcc_maps = -sender_canonical_classes = envelope_sender, header_sender -sender_canonical_maps = -sender_dependent_default_transport_maps = -sender_dependent_relayhost_maps = -sendmail_fix_line_endings = always -service_throttle_time = 60s -setgid_group = postdrop -show_user_unknown_table_name = yes -showq_service_name = showq -smtp_address_preference = any -smtp_address_verify_target = rcpt -smtp_always_send_ehlo = yes -smtp_bind_address = -smtp_bind_address6 = -smtp_body_checks = -smtp_cname_overrides_servername = no -smtp_connect_timeout = 30s -smtp_connection_cache_destinations = -smtp_connection_cache_on_demand = no -smtp_connection_cache_time_limit = 2s -smtp_connection_reuse_count_limit = 0 -smtp_connection_reuse_time_limit = 300s -smtp_data_done_timeout = 600s -smtp_data_init_timeout = 120s -smtp_data_xfer_timeout = 180s -smtp_defer_if_no_mx_address_found = no -smtp_delivery_slot_cost = $default_delivery_slot_cost -smtp_delivery_slot_discount = $default_delivery_slot_discount -smtp_delivery_slot_loan = $default_delivery_slot_loan -smtp_delivery_status_filter = $default_delivery_status_filter -smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -smtp_destination_concurrency_limit = $default_destination_concurrency_limit -smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -smtp_destination_rate_delay = $default_destination_rate_delay -smtp_destination_recipient_limit = $default_destination_recipient_limit -smtp_discard_ehlo_keyword_address_maps = -smtp_discard_ehlo_keywords = -smtp_dns_reply_filter = -smtp_dns_resolver_options = -smtp_dns_support_level = -smtp_enforce_tls = no -smtp_extra_recipient_limit = $default_extra_recipient_limit -smtp_fallback_relay = $fallback_relay -smtp_generic_maps = -smtp_header_checks = -smtp_helo_name = $myhostname -smtp_helo_timeout = 300s -smtp_host_lookup = dns -smtp_initial_destination_concurrency = $initial_destination_concurrency -smtp_line_length_limit = 998 -smtp_mail_timeout = 300s -smtp_mime_header_checks = -smtp_minimum_delivery_slots = $default_minimum_delivery_slots -smtp_mx_address_limit = 5 -smtp_mx_session_limit = 2 -smtp_nested_header_checks = -smtp_never_send_ehlo = no -smtp_per_record_deadline = no -smtp_pix_workaround_delay_time = 10s -smtp_pix_workaround_maps = -smtp_pix_workaround_threshold_time = 500s -smtp_pix_workarounds = disable_esmtp,delay_dotcrlf -smtp_quit_timeout = 300s -smtp_quote_rfc821_envelope = yes -smtp_randomize_addresses = yes -smtp_rcpt_timeout = 300s -smtp_recipient_limit = $default_recipient_limit -smtp_recipient_refill_delay = $default_recipient_refill_delay -smtp_recipient_refill_limit = $default_recipient_refill_limit -smtp_reply_filter = -smtp_rset_timeout = 20s -smtp_sasl_auth_cache_name = -smtp_sasl_auth_cache_time = 90d -smtp_sasl_auth_enable = no -smtp_sasl_auth_soft_bounce = yes -smtp_sasl_mechanism_filter = -smtp_sasl_password_maps = -smtp_sasl_path = -smtp_sasl_security_options = noplaintext, noanonymous -smtp_sasl_tls_security_options = $smtp_sasl_security_options -smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options -smtp_sasl_type = cyrus -smtp_send_dummy_mail_auth = no -smtp_send_xforward_command = no -smtp_sender_dependent_authentication = no -smtp_skip_5xx_greeting = yes -smtp_skip_quit_response = yes -smtp_starttls_timeout = 300s -smtp_tls_CAfile = -smtp_tls_CApath = -smtp_tls_block_early_mail_reply = no -smtp_tls_cert_file = -smtp_tls_ciphers = medium -smtp_tls_dane_insecure_mx_policy = dane -smtp_tls_dcert_file = -smtp_tls_dkey_file = $smtp_tls_dcert_file -smtp_tls_eccert_file = -smtp_tls_eckey_file = $smtp_tls_eccert_file -smtp_tls_enforce_peername = yes -smtp_tls_exclude_ciphers = -smtp_tls_fingerprint_cert_match = -smtp_tls_fingerprint_digest = md5 -smtp_tls_force_insecure_host_tlsa_lookup = no -smtp_tls_key_file = $smtp_tls_cert_file -smtp_tls_loglevel = 0 -smtp_tls_mandatory_ciphers = medium -smtp_tls_mandatory_exclude_ciphers = -smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 -smtp_tls_note_starttls_offer = no -smtp_tls_per_site = -smtp_tls_policy_maps = -smtp_tls_protocols = !SSLv2, !SSLv3 -smtp_tls_scert_verifydepth = 9 -smtp_tls_secure_cert_match = nexthop, dot-nexthop -smtp_tls_security_level = -smtp_tls_session_cache_database = -smtp_tls_session_cache_timeout = 3600s -smtp_tls_trust_anchor_file = -smtp_tls_verify_cert_match = hostname -smtp_tls_wrappermode = no -smtp_transport_rate_delay = $default_transport_rate_delay -smtp_use_tls = no -smtp_xforward_timeout = 300s -smtpd_authorized_verp_clients = $authorized_verp_clients -smtpd_authorized_xclient_hosts = -smtpd_authorized_xforward_hosts = -smtpd_banner = $myhostname ESMTP $mail_name -smtpd_client_auth_rate_limit = 0 -smtpd_client_connection_count_limit = 50 -smtpd_client_connection_rate_limit = 0 -smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} -smtpd_client_message_rate_limit = 0 -smtpd_client_new_tls_session_rate_limit = 0 -smtpd_client_port_logging = no -smtpd_client_recipient_rate_limit = 0 -smtpd_client_restrictions = -smtpd_command_filter = -smtpd_data_restrictions = -smtpd_delay_open_until_valid_rcpt = yes -smtpd_delay_reject = yes -smtpd_discard_ehlo_keyword_address_maps = -smtpd_discard_ehlo_keywords = -smtpd_dns_reply_filter = -smtpd_end_of_data_restrictions = -smtpd_enforce_tls = no -smtpd_error_sleep_time = 1s -smtpd_etrn_restrictions = -smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ -smtpd_forbidden_commands = CONNECT GET POST -smtpd_hard_error_limit = ${stress?{1}:{20}} -smtpd_helo_required = no -smtpd_helo_restrictions = -smtpd_history_flush_threshold = 100 -smtpd_junk_command_limit = ${stress?{1}:{100}} -smtpd_log_access_permit_actions = -smtpd_milters = -smtpd_noop_commands = -smtpd_null_access_lookup_key = <> -smtpd_peername_lookup = yes -smtpd_per_record_deadline = ${stress?{yes}:{no}} -smtpd_policy_service_default_action = 451 4.3.5 Server configuration problem -smtpd_policy_service_max_idle = 300s -smtpd_policy_service_max_ttl = 1000s -smtpd_policy_service_policy_context = -smtpd_policy_service_request_limit = 0 -smtpd_policy_service_retry_delay = 1s -smtpd_policy_service_timeout = 100s -smtpd_policy_service_try_limit = 2 -smtpd_proxy_ehlo = $myhostname -smtpd_proxy_filter = -smtpd_proxy_options = -smtpd_proxy_timeout = 100s -smtpd_recipient_limit = 1000 -smtpd_recipient_overshoot_limit = 1000 -smtpd_recipient_restrictions = -smtpd_reject_footer = -smtpd_reject_unlisted_recipient = yes -smtpd_reject_unlisted_sender = no -smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination -smtpd_restriction_classes = -smtpd_sasl_auth_enable = no -smtpd_sasl_authenticated_header = no -smtpd_sasl_exceptions_networks = -smtpd_sasl_local_domain = -smtpd_sasl_path = smtpd -smtpd_sasl_security_options = noanonymous -smtpd_sasl_service = smtp -smtpd_sasl_tls_security_options = $smtpd_sasl_security_options -smtpd_sasl_type = cyrus -smtpd_sender_login_maps = -smtpd_sender_restrictions = -smtpd_service_name = smtpd -smtpd_soft_error_limit = 10 -smtpd_starttls_timeout = ${stress?{10}:{300}}s -smtpd_timeout = ${stress?{10}:{300}}s -smtpd_tls_CAfile = -smtpd_tls_CApath = -smtpd_tls_always_issue_session_ids = yes -smtpd_tls_ask_ccert = no -smtpd_tls_auth_only = no -smtpd_tls_ccert_verifydepth = 9 -smtpd_tls_cert_file = -smtpd_tls_ciphers = medium -smtpd_tls_dcert_file = -smtpd_tls_dh1024_param_file = -smtpd_tls_dh512_param_file = -smtpd_tls_dkey_file = $smtpd_tls_dcert_file -smtpd_tls_eccert_file = -smtpd_tls_eckey_file = $smtpd_tls_eccert_file -smtpd_tls_eecdh_grade = strong -smtpd_tls_exclude_ciphers = -smtpd_tls_fingerprint_digest = md5 -smtpd_tls_key_file = $smtpd_tls_cert_file -smtpd_tls_loglevel = 0 -smtpd_tls_mandatory_ciphers = medium -smtpd_tls_mandatory_exclude_ciphers = -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 -smtpd_tls_protocols = !SSLv2, !SSLv3 -smtpd_tls_received_header = no -smtpd_tls_req_ccert = no -smtpd_tls_security_level = -smtpd_tls_session_cache_database = -smtpd_tls_session_cache_timeout = 3600s -smtpd_tls_wrappermode = no -smtpd_upstream_proxy_protocol = -smtpd_upstream_proxy_timeout = 5s -smtpd_use_tls = no -smtputf8_autodetect_classes = sendmail, verify -soft_bounce = no -stale_lock_time = 500s -stress = -strict_7bit_headers = no -strict_8bitmime = no -strict_8bitmime_body = no -strict_mailbox_ownership = yes -strict_mime_encoding_domain = no -strict_rfc821_envelopes = no -strict_smtputf8 = no -sun_mailtool_compatibility = no -swap_bangpath = yes -syslog_facility = mail -syslog_name = ${multi_instance_name?{$multi_instance_name}:{postfix}} -tcp_windowsize = 0 -tls_append_default_CA = no -tls_daemon_random_bytes = 32 -tls_dane_digest_agility = on -tls_dane_digests = sha512 sha256 -tls_dane_trust_anchor_digest_enable = yes -tls_disable_workarounds = -tls_eecdh_strong_curve = prime256v1 -tls_eecdh_ultra_curve = secp384r1 -tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH -tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH -tls_legacy_public_key_fingerprints = no -tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH -tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH -tls_null_cipherlist = eNULL:!aNULL -tls_preempt_cipherlist = no -tls_random_bytes = 32 -tls_random_exchange_name = ${data_directory}/prng_exch -tls_random_prng_update_period = 3600s -tls_random_reseed_period = 3600s -tls_random_source = dev:/dev/urandom -tls_session_ticket_cipher = aes-256-cbc -tls_ssl_options = -tls_wildcard_matches_multiple_labels = yes -tlsmgr_service_name = tlsmgr -tlsproxy_enforce_tls = $smtpd_enforce_tls -tlsproxy_service_name = tlsproxy -tlsproxy_tls_CAfile = $smtpd_tls_CAfile -tlsproxy_tls_CApath = $smtpd_tls_CApath -tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids -tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert -tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth -tlsproxy_tls_cert_file = $smtpd_tls_cert_file -tlsproxy_tls_ciphers = $smtpd_tls_ciphers -tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file -tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file -tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file -tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file -tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file -tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file -tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade -tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers -tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest -tlsproxy_tls_key_file = $smtpd_tls_key_file -tlsproxy_tls_loglevel = $smtpd_tls_loglevel -tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers -tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers -tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols -tlsproxy_tls_protocols = $smtpd_tls_protocols -tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert -tlsproxy_tls_security_level = $smtpd_tls_security_level -tlsproxy_use_tls = $smtpd_use_tls -tlsproxy_watchdog_timeout = 10s -trace_service_name = trace -transport_maps = -transport_retry_time = 60s -trigger_timeout = 10s -undisclosed_recipients_header = -unknown_address_reject_code = 450 -unknown_address_tempfail_action = $reject_tempfail_action -unknown_client_reject_code = 450 -unknown_helo_hostname_tempfail_action = $reject_tempfail_action -unknown_hostname_reject_code = 450 -unknown_local_recipient_reject_code = 550 -unknown_relay_recipient_reject_code = 550 -unknown_virtual_alias_reject_code = 550 -unknown_virtual_mailbox_reject_code = 550 -unverified_recipient_defer_code = 450 -unverified_recipient_reject_code = 450 -unverified_recipient_reject_reason = -unverified_recipient_tempfail_action = $reject_tempfail_action -unverified_sender_defer_code = 450 -unverified_sender_reject_code = 450 -unverified_sender_reject_reason = -unverified_sender_tempfail_action = $reject_tempfail_action -verp_delimiter_filter = -=+ -virtual_alias_address_length_limit = 1000 -virtual_alias_domains = $virtual_alias_maps -virtual_alias_expansion_limit = 1000 -virtual_alias_maps = $virtual_maps -virtual_alias_recursion_limit = 1000 -virtual_delivery_slot_cost = $default_delivery_slot_cost -virtual_delivery_slot_discount = $default_delivery_slot_discount -virtual_delivery_slot_loan = $default_delivery_slot_loan -virtual_delivery_status_filter = $default_delivery_status_filter -virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit -virtual_destination_concurrency_limit = $default_destination_concurrency_limit -virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback -virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback -virtual_destination_rate_delay = $default_destination_rate_delay -virtual_destination_recipient_limit = $default_destination_recipient_limit -virtual_extra_recipient_limit = $default_extra_recipient_limit -virtual_gid_maps = -virtual_initial_destination_concurrency = $initial_destination_concurrency -virtual_mailbox_base = -virtual_mailbox_domains = $virtual_mailbox_maps -virtual_mailbox_limit = 51200000 -virtual_mailbox_lock = fcntl, dotlock -virtual_mailbox_maps = -virtual_minimum_delivery_slots = $default_minimum_delivery_slots -virtual_minimum_uid = 100 -virtual_recipient_limit = $default_recipient_limit -virtual_recipient_refill_delay = $default_recipient_refill_delay -virtual_recipient_refill_limit = $default_recipient_refill_limit -virtual_transport = virtual -virtual_transport_rate_delay = $default_transport_rate_delay -virtual_uid_maps = diff --git a/mail/postfix/files/postfix.init b/mail/postfix/files/postfix.init index 912f8fcf2..e33c3cfab 100644 --- a/mail/postfix/files/postfix.init +++ b/mail/postfix/files/postfix.init @@ -9,53 +9,35 @@ EXTRA_HELP=" status Display the service status flush Force delivery: attempt to deliver every message in the deferred mail queue postinst Force running a script that checks for users, group, configuration, permissions, etc" -config_directory="$IPKG_INSTROOT"/etc/postfix postinst() { - rm -f "$config_directory"/opkg_postinst - - group_exists postfix || group_add postfix 87 - user_exists postfix || user_add postfix 87 - group_exists postdrop || group_add postdrop 88 - - echo "myhostname = $(uci get system.@system[0].hostname)" >> "$config_directory"/main.cf.default - echo "mydomain = $(uci get system.@system[0].hostname|sed -e "s/[^\.]*\.\(.*\)/\1/")" >> "$config_directory"/main.cf.default - (eval $(ipcalc.sh $(uci get network.lan.ipaddr) $(uci get network.lan.netmask)); echo mynetworks = 127.0.0.0/8 $NETWORK/$PREFIX) >> "$config_directory"/main.cf.default - echo "mynetworks_style = subnet" >> "$config_directory"/main.cf.default - - grep -qc "^sendmail_path[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^sendmail_path =" "$config_directory"/main.cf.default)" - grep -qc "^newaliases_path[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^newaliases_path =" "$config_directory"/main.cf.default)" - grep -qc "^mailq_path[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mailq_path =" "$config_directory"/main.cf.default)" - grep -qc "^html_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^html_directory =" "$config_directory"/main.cf.default)" - grep -qc "^manpage_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^manpage_directory =" "$config_directory"/main.cf.default)" - grep -qc "^sample_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^sample_directory =" "$config_directory"/main.cf.default)" - grep -qc "^readme_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^readme_directory =" "$config_directory"/main.cf.default)" - grep -qc "^command_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^command_directory =" "$config_directory"/main.cf.default)" - grep -qc "^daemon_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^daemon_directory =" "$config_directory"/main.cf.default)" - grep -qc "^data_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^data_directory =" "$config_directory"/main.cf.default)" - grep -qc "^queue_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^queue_directory =" "$config_directory"/main.cf.default)" - grep -qc "^config_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^config_directory =" "$config_directory"/main.cf.default)" - grep -qc "^mail_spool_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mail_spool_directory =" "$config_directory"/main.cf.default)" - grep -qc "^mail_owner[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mail_owner =" "$config_directory"/main.cf.default)" - grep -qc "^setgid_group[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^setgid_group =" "$config_directory"/main.cf.default)" - grep -qc "^myhostname[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^myhostname =" "$config_directory"/main.cf.default)" - grep -qc "^mydomain[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mydomain =" "$config_directory"/main.cf.default)" - #grep -qc "^mynetworks[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mynetworks =" "$config_directory"/main.cf.default)" #Setting mynetworks_style is enough - grep -qc "^mynetworks_style[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^mynetworks_style =" "$config_directory"/main.cf.default)" - grep -qc "^shlib_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^shlib_directory =" "$config_directory"/main.cf.default)" - grep -qc "^meta_directory[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^meta_directory =" "$config_directory"/main.cf.default)" - grep -qc "^smtputf8_enable[^_]" "$config_directory"/main.cf >/dev/null || postconf -e "$(grep "^smtputf8_enable =" "$config_directory"/main.cf.default)" + if [ -z "$(postconf -nh myhostname)" ]; then + postconf -e "myhostname = $(uci get system.@system[0].hostname)" + fi + if [ -z "$(postconf -nh mydomain)" ]; then + postconf -e "mydomain = $(uci get dhcp.@dnsmasq[0].domain)" + fi + if [ -z "$(postconf -nh mynetworks_style)" ]; then + postconf -e "mynetworks_style = subnet" + fi + mail_spool_directory=$(postconf -h mail_spool_directory) + if [ ! -d $mail_spool_directory ]; then + mkdir -p -m 0755 $mail_spool_directory + chown -R postfix $mail_spool_directory + fi postfix set-permissions postfix post-install upgrade-source postfix upgrade-configuration newaliases - postmap "$config_directory"/virtual + postmap $(postconf -h config_directory)/virtual postfix check } start() { - test -f "$config_directory"/opkg_postinst && postinst + if [ -z "$(postconf -nh myhostname)" ]; then + postinst + fi postfix start } @@ -64,7 +46,6 @@ stop() { } reload() { - test -f "$config_directory"/opkg_postinst && postinst postfix reload }