Changes - j0ke.net Open Build Service

Changes of Revision 37

[-] [+]	Deleted	_service:download_src_package:postfix.spec
@@ -1,1052 +0,0 @@ -%bcond_without mysql -%bcond_with pgsql -%bcond_without ldap -%bcond_without pcre -%bcond_without sasl -%bcond_without tls -%bcond_without ipv6 -%bcond_without pflogsumm - -# Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own -# use. Let me know if the second gid collides with another package. -# Be careful: Redhat's 'mail' user & group isn't unique! -%define postfix_uid 89 -%define postfix_user postfix -%define postfix_gid 89 -%define postfix_group postfix -%define maildrop_group postdrop -%define maildrop_gid 90 - -%define postfix_config_dir %{_sysconfdir}/postfix -%define postfix_daemon_dir %{_libexecdir}/postfix -%define postfix_command_dir %{_sbindir} -%define postfix_queue_dir %{_var}/spool/postfix -%define postfix_data_dir %{_var}/lib/postfix -%define postfix_doc_dir %{_docdir}/%{name}-%{version} -%define postfix_sample_dir %{postfix_doc_dir}/samples -%define postfix_readme_dir %{postfix_doc_dir}/README_FILES - -Name: postfix -Summary: Postfix Mail Transport Agent -Version: 2.10.0 -Release: 1%{?dist} -Epoch: 2 -Group: System Environment/Daemons -URL: http://www.postfix.org -License: IBM -Requires(post): /sbin/chkconfig -Requires(post): %{_sbindir}/alternatives -Requires(pre): %{_sbindir}/groupadd -Requires(pre): %{_sbindir}/useradd -Requires(preun): /sbin/chkconfig -Requires(preun): /sbin/service -Requires(preun): %{_sbindir}/alternatives -Requires(postun): /sbin/service - -Provides: MTA smtpd smtpdaemon server(smtp) - -Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz -Source1: postfix-etc-init.d-postfix -Source3: README-Postfix-SASL-RedHat.txt - -# Sources 50-99 are upstream [patch] contributions - -%define pflogsumm_ver 1.1.3 - -%if %{with pflogsumm} -# Postfix Log Entry Summarizer: http://jimsun.linxnet.com/postfix_contrib.html -Source53: http://jimsun.linxnet.com/downloads/pflogsumm-%{pflogsumm_ver}.tar.gz -%endif - -# Sources >= 100 are config files - -Source100: postfix-sasl.conf -Source101: postfix-pam.conf - -# Patches - -Patch1: postfix-2.7.0-config.patch -Patch2: postfix-2.6.1-files.patch -Patch3: postfix-alternatives.patch -Patch8: postfix-large-fs.patch -Patch9: pflogsumm-1.1.3-datecalc.patch - -# Optional patches - set the appropriate environment variables to include -# them when building the package/spec file - -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - -# Determine the different packages required for building postfix -BuildRequires: db4-devel, pkgconfig, zlib-devel - -%{?with_ldap:BuildRequires: openldap-devel} -%{?with_sasl:BuildRequires: cyrus-sasl-devel} -%{?with_pcre:BuildRequires: pcre-devel} -%{?with_mysql:BuildRequires: mysql-devel} -%{?with_pgsql:BuildRequires: postgresql-devel} -%{?with_tls:BuildRequires: openssl-devel} - -%description -Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), -TLS - -%package perl-scripts -Summary: Postfix utilities written in perl -Group: Applications/System -Requires: %{name} = %{epoch}:%{version}-%{release} -# perl-scripts introduced in 2:2.5.5-2 -Obsoletes: postfix < 2:2.5.5-2 -%if %{with pflogsumm} -Provides: postfix-pflogsumm = %{epoch}:%{version}-%{release} -Obsoletes: postfix-pflogsumm < 2:2.5.5-2 -%endif -%description perl-scripts -This package contains perl scripts pflogsumm and qshape. - -Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is -designed to provide an over-view of Postfix activity. Pflogsumm -generates summaries and, in some cases, detailed reports of mail -server traffic volumes, rejected and bounced email, and server -warnings, errors and panics. - -qshape prints Postfix queue domain and age distribution. - -%prep -%setup -q -# Apply obligatory patches -%patch1 -p1 -b .config -%patch2 -p1 -b .files -%patch3 -p1 -b .alternatives -%patch8 -p1 -b .large-fs - -%if %{with pflogsumm} -gzip -dc %{SOURCE53} \| tar xf - -pushd pflogsumm-%{pflogsumm_ver} -%patch9 -p1 -b .datecalc -popd -%endif - -for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do - iconv -f iso8859-1 -t utf8 -o ${f}{_,} && - touch -r ${f}{,_} && mv -f ${f}{_,} -done - -%build -CCARGS=-fPIC -AUXLIBS= - -%ifarch s390 s390x ppc -CCARGS="${CCARGS} -fsigned-char" -%endif - -%if %{with ldap} - CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1" - AUXLIBS="${AUXLIBS} -lldap -llber" -%endif -%if %{with pcre} - # -I option required for pcre 3.4 (and later?) - CCARGS="${CCARGS} -DHAS_PCRE -I%{_includedir}/pcre" - AUXLIBS="${AUXLIBS} -lpcre" -%endif -%if %{with mysql} - CCARGS="${CCARGS} -DHAS_MYSQL -I%{_includedir}/mysql" - AUXLIBS="${AUXLIBS} -L%{_libdir}/mysql -lmysqlclient -lm" -%endif -%if %{with pgsql} - CCARGS="${CCARGS} -DHAS_PGSQL -I%{_includedir}/pgsql" - AUXLIBS="${AUXLIBS} -lpq" -%endif -%if %{with sasl} - CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" - AUXLIBS="${AUXLIBS} -L%{_libdir}/sasl2 -lsasl2" - %global sasl_config_dir %{_sysconfdir}/sasl2 -%endif -%if %{with tls} - if pkg-config openssl ; then - CCARGS="${CCARGS} -DUSE_TLS `pkg-config --cflags openssl`" - AUXLIBS="${AUXLIBS} `pkg-config --libs openssl`" - else - CCARGS="${CCARGS} -DUSE_TLS -I/usr/include/openssl" - AUXLIBS="${AUXLIBS} -lssl -lcrypto" - fi -%endif -%if ! %{with ipv6} - CCARGS="${CCARGS} -DNO_IPV6" -%endif - -CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\"" -CCARGS="${CCARGS} $(getconf LFS_CFLAGS)" - -AUXLIBS="${AUXLIBS} -pie -Wl,-z,relro" - -make -f Makefile.init makefiles CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" \ - DEBUG="" OPT="$RPM_OPT_FLAGS -Wno-comment" - -make %{?_smp_mflags} - -%install -rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT - -# install postfix into $RPM_BUILD_ROOT - -# Move stuff around so we don't conflict with sendmail -for i in man1/mailq.1 man1/newaliases.1 man1/sendmail.1 man5/aliases.5; do - dest=$(echo $i \| sed 's\|\.[1-9]$\|.postfix\0\|') - mv man/$i man/$dest - sed -i "s\|^\.so $i\|\.so $dest\|" man/man?/*.[1-9] -done -
[-] [+]	Deleted	_service:download_src_package:pflogsumm-1.1.3-datecalc.patch ^
@@ -1,14 +0,0 @@ -diff -up pflogsumm-1.1.3/pflogsumm.pl.datecalc pflogsumm-1.1.3/pflogsumm.pl ---- pflogsumm-1.1.3/pflogsumm.pl.datecalc 2010-03-20 21:00:42.000000000 +0100 -+++ pflogsumm-1.1.3/pflogsumm.pl 2010-06-10 15:57:27.000000000 +0200 -@@ -400,8 +400,8 @@ Copyright (C) 1998-2010 by James S. Seym - use strict; - use locale; - use Getopt::Long; --eval { require Date::Calc }; --my $hasDateCalc = $@ ? 0 : 1; -+require Date::Calc; -+my $hasDateCalc = 1; - - my $mailqCmd = "mailq"; - my $release = "1.1.3";
[-] [+]	Deleted	_service:download_src_package:postfix-2.6.1-files.patch ^
@@ -1,47 +0,0 @@ -diff -up postfix-2.6.1/conf/postfix-files.files postfix-2.6.1/conf/postfix-files ---- postfix-2.6.1/conf/postfix-files.files 2009-02-14 03:08:16.000000000 +0100 -+++ postfix-2.6.1/conf/postfix-files 2009-05-26 11:29:57.000000000 +0200 -@@ -111,20 +111,14 @@ $command_directory/postqueue:f:root:$set - $sendmail_path:f:root:-:755 - $newaliases_path:l:$sendmail_path - $mailq_path:l:$sendmail_path --$config_directory/LICENSE:f:root:-:644:1 --$config_directory/TLS_LICENSE:f:root:-:644:1 - $config_directory/access:f:root:-:644:p1 --$config_directory/aliases:f:root:-:644:p1 --$config_directory/bounce.cf.default:f:root:-:644:1 - $config_directory/canonical:f:root:-:644:p1 - $config_directory/cidr_table:f:root:-:644:o - $config_directory/generic:f:root:-:644:p1 - $config_directory/generics:f:root:-:644:o - $config_directory/header_checks:f:root:-:644:p1 - $config_directory/install.cf:f:root:-:644:o --$config_directory/main.cf.default:f:root:-:644:1 - $config_directory/main.cf:f:root:-:644:p --$config_directory/makedefs.out:f:root:-:644:1 - $config_directory/master.cf:f:root:-:644:p - $config_directory/pcre_table:f:root:-:644:o - $config_directory/postfix-files:f:root:-:644:o -@@ -137,8 +131,8 @@ $config_directory/postfix-script:f:root: - $config_directory/postfix-script-sgid:f:root:-:755:o - $config_directory/postfix-script-nosgid:f:root:-:755:o - $config_directory/post-install:f:root:-:755:o --$manpage_directory/man1/mailq.1:f:root:-:644 --$manpage_directory/man1/newaliases.1:f:root:-:644 -+$manpage_directory/man1/mailq.postfix.1:f:root:-:644 -+$manpage_directory/man1/newaliases.postfix.1:f:root:-:644 - $manpage_directory/man1/postalias.1:f:root:-:644 - $manpage_directory/man1/postcat.1:f:root:-:644 - $manpage_directory/man1/postconf.1:f:root:-:644 -@@ -151,9 +145,9 @@ $manpage_directory/man1/postmap.1:f:root - $manpage_directory/man1/postmulti.1:f:root:-:644 - $manpage_directory/man1/postqueue.1:f:root:-:644 - $manpage_directory/man1/postsuper.1:f:root:-:644 --$manpage_directory/man1/sendmail.1:f:root:-:644 -+$manpage_directory/man1/sendmail.postfix.1:f:root:-:644 - $manpage_directory/man5/access.5:f:root:-:644 --$manpage_directory/man5/aliases.5:f:root:-:644 -+$manpage_directory/man5/aliases.postfix.5:f:root:-:644 - $manpage_directory/man5/body_checks.5:f:root:-:644 - $manpage_directory/man5/bounce.5:f:root:-:644 - $manpage_directory/man5/canonical.5:f:root:-:644
[-] [+]	Deleted	_service:download_src_package:postfix-2.7.0-config.patch ^
@@ -1,100 +0,0 @@ -diff -up postfix-2.7.0/conf/main.cf.config postfix-2.7.0/conf/main.cf ---- postfix-2.7.0/conf/main.cf.config 2007-12-18 14:50:25.000000000 +0100 -+++ postfix-2.7.0/conf/main.cf 2010-02-26 12:28:14.000000000 +0100 -@@ -113,6 +113,10 @@ mail_owner = postfix - #inet_interfaces = all - #inet_interfaces = $myhostname - #inet_interfaces = $myhostname, localhost -+inet_interfaces = localhost -+ -+# Enable IPv4, and IPv6 if supported -+inet_protocols = all - - # The proxy_interfaces parameter specifies the network interface - # addresses that this mail system receives mail on by way of a -@@ -157,7 +161,7 @@ mail_owner = postfix - # - # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". - # --#mydestination = $myhostname, localhost.$mydomain, localhost -+mydestination = $myhostname, localhost.$mydomain, localhost - #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain - #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, - # mail.$mydomain, www.$mydomain, ftp.$mydomain -@@ -379,7 +383,7 @@ unknown_local_recipient_reject_code = 55 - # "postfix reload" to eliminate the delay. - # - #alias_maps = dbm:/etc/aliases --#alias_maps = hash:/etc/aliases -+alias_maps = hash:/etc/aliases - #alias_maps = hash:/etc/aliases, nis:mail.aliases - #alias_maps = netinfo:/aliases - -@@ -390,7 +394,7 @@ unknown_local_recipient_reject_code = 55 - # - #alias_database = dbm:/etc/aliases - #alias_database = dbm:/etc/mail/aliases --#alias_database = hash:/etc/aliases -+alias_database = hash:/etc/aliases - #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - - # ADDRESS EXTENSIONS (e.g., user+foo) -@@ -458,7 +462,27 @@ unknown_local_recipient_reject_code = 55 - # - # Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" - # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. --#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp -+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -+ -+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -+# server using LMTP (Local Mail Transport Protocol), this is prefered -+# over the older cyrus deliver program by setting the -+# mailbox_transport as below: -+# -+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -+# -+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -+# these settings. -+# -+# local_destination_recipient_limit = 300 -+# local_destination_concurrency_limit = 5 -+# -+# Of course you should adjust these settings as appropriate for the -+# capacity of the hardware you are using. The recipient limit setting -+# can be used to take advantage of the single instance message store -+# capability of Cyrus. The concurrency limit can be used to control -+# how many simultaneous LMTP sessions will be permitted to the Cyrus -+# message store. - # - # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and - # subsequent line in master.cf. -@@ -475,8 +501,7 @@ unknown_local_recipient_reject_code = 55 - # the main.cf file, otherwise the SMTP server will reject mail for - # non-UNIX accounts with "User unknown in local recipient table". - # --#fallback_transport = lmtp:unix:/file/name --#fallback_transport = cyrus -+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp - #fallback_transport = - - # The luser_relay parameter specifies an optional destination address -diff -up postfix-2.7.0/conf/master.cf.config postfix-2.7.0/conf/master.cf ---- postfix-2.7.0/conf/master.cf.config 2010-02-03 22:01:27.000000000 +0100 -+++ postfix-2.7.0/conf/master.cf 2010-02-26 12:31:55.000000000 +0100 -@@ -80,14 +80,14 @@ scache unix - - n - # Also specify in main.cf: cyrus_destination_recipient_limit=1 - # - #cyrus unix - n n - - pipe --# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -+# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} - # - # ==================================================================== - # - # Old example of delivery via Cyrus. - # - #old-cyrus unix - n n - - pipe --# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -+# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} - # - # ==================================================================== - #
[-] [+]	Deleted	_service:download_src_package:postfix-alternatives.patch ^
@@ -1,22 +0,0 @@ -Changing the postfix-files config file won't work right on upgrades because -it's a noreplace configuration (the new version with the right paths in it is -installed as postfix-files.rpmnew), so we just munge the post-install script. ---- postfix-1.1.3/conf/post-install Thu Feb 28 16:15:08 2002 -+++ postfix-1.1.3/conf/post-install Thu Feb 28 16:14:54 2002 -@@ -429,6 +429,16 @@ - case $path in - no\|no/) continue;; - esac -+ # Munge paths for alternatives. -+ case $path in -+ /usr/bin/mailq) path=$path.postfix ;; -+ /usr/bin/newaliases) path=$path.postfix ;; -+ /usr/bin/rmail) path=$path.postfix ;; -+ /usr/sbin/sendmail) path=$path.postfix ;; -+ /usr/share/man/man1/mailq.1.gz) path=/usr/share/man/man1/mailq.postfix.1.gz ;; -+ /usr/share/man/man1/newaliases.1.gz) path=/usr/share/man/man1/newaliases.postfix.1.gz ;; -+ /usr/share/man/man5/aliases.5.gz) path=/usr/share/man/man5/aliases.postfix.5.gz ;; -+ esac - # Pick up the flags. - case $flags in u) upgrade_flag=1;; ) upgrade_flag=;; esac - case $flags in c) create_flag=1;; *) create_flag=;; esac
[-] [+]	Deleted	_service:download_src_package:postfix-large-fs.patch ^
@@ -1,35 +0,0 @@ -diff -up postfix-2.5.5/src/util/sys_defs.h.large-fs postfix-2.5.5/src/util/sys_defs.h ---- postfix-2.5.5/src/util/sys_defs.h.large-fs 2008-01-15 01:51:44.000000000 +0100 -+++ postfix-2.5.5/src/util/sys_defs.h 2008-10-21 17:55:29.000000000 +0200 -@@ -709,8 +709,8 @@ extern int initgroups(const char , int) - #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone ) 0) - #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" - #define FIONREAD_IN_TERMIOS_H --#define USE_STATFS --#define STATFS_IN_SYS_VFS_H -+#define USE_STATVFS -+#define STATVFS_IN_SYS_STATVFS_H - #define PREPEND_PLUS_TO_OPTSTRING - #define HAS_POSIX_REGEXP - #define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail" -diff -up postfix-2.5.5/src/util/fsspace.c.large-fs postfix-2.5.5/src/util/fsspace.c ---- postfix-2.5.5/src/util/fsspace.c.large-fs 2006-06-15 20:07:16.000000000 +0200 -+++ postfix-2.5.5/src/util/fsspace.c 2008-10-21 17:56:29.000000000 +0200 -@@ -91,8 +91,15 @@ void fsspace(const char path, struct - - if (statvfs(path, &fsbuf) < 0) - msg_fatal("statvfs %s: %m", path); -- sp->block_size = fsbuf.f_frsize; -- sp->block_free = fsbuf.f_bavail; -+ if (fsbuf.f_frsize > 0) -+ sp->block_size = fsbuf.f_frsize; -+ else -+ sp->block_size = fsbuf.f_bsize; -+ / 4G of FS blocks is surely enough space to put a mail in */ -+ sp->block_free = 0; -+ sp->block_free = ~sp->block_free; -+ if (fsbuf.f_bavail < sp->block_free) -+ sp->block_free = fsbuf.f_bavail; - #endif - if (msg_verbose) - msg_info("%s: %s: block size %lu, blocks free %lu",
[-] [+]	Changed	_service ^
@@ -1,3 +1,3 @@ <services> -<service name="download_url"><param name="host">de.postfix.org</param><param name="protocol">http</param><param name="path">/ftpmirror/official/postfix-2.10.1.tar.gz</param></service><service name="download_src_package"><param name="host">mstevens.fedorapeople.org</param><param name="path">/el6/postfix/2.10/2.10.0/SRPMS/postfix-2.10.0-1.el6.src.rpm</param></service></services> \ No newline at end of file +<service name="download_url"><param name="host">de.postfix.org</param><param name="protocol">http</param><param name="path">/ftpmirror/official/postfix-2.10.1.tar.gz</param></service></services> \ No newline at end of file
[-] [+]	Deleted	_service:download_src_package:README-Postfix-SASL-RedHat.txt ^
@@ -1,440 +0,0 @@ -Quick Start to Authenticate with SASL and PAM: ----------------------------------------------- - -If you don't need the details and are an experienced system -administrator you can just do this, otherwise read on. - -1) Edit /etc/postfix/main.cf and set this: - -smtpd_sasl_auth_enable = yes -smtpd_sasl_security_options = noanonymous -broken_sasl_auth_clients = yes - -smtpd_recipient_restrictions = - permit_sasl_authenticated, - permit_mynetworks, - reject_unauth_destination - -2) Turn on saslauthd: - - /sbin/chkconfig --level 345 saslauthd on - /sbin/service saslauthd start - -3) Edit /etc/sysconfig/saslauthd and set this: - - MECH=pam - -4) Restart Postfix: - - /sbin/service postfix restart - -A crash course in using SASL with Postfix: ------------------------------------------- - -Red Hat's Postfix RPMs include support for both SASL and TLS. SASL, the -Simple Authentication and Security Layer, allows Postfix to implement RFC -2554, which defines an extension to ESMTP, SMTP AUTH, which compliant -ESMTP clients can use to authenticate themselves to ESMTP servers. -Typically, this is used to allow roaming users to relay mail through a -server safely without configuring the SMTP server to be an open relay. -Inclusion of TLS support allows Postfix to implement RFC 2487, which -defines an extension to ESMTP, SMTP STARTTLS, which compliant ESMTP -clients and servers can use to encrypt the SMTP session. This is a -security enhancement -- normally SMTP is transmitted as cleartext over the -wire, making it vulnerable to both passive sniffing and active alteration -via monkey-in-the-middle attacks. In addition, STARTTLS can also be -used by either or both server and client to verify the identity of the -other end, making it useful for the same sorts of purposes as SMTP AUTH. -The two can even be combined. Typically, this is done by first starting -TLS, to encrypt the SMTP session, and then issuing the SMTP AUTH command, -to authenticate the client; this combination ensures that the username -and password transferred as part of the SMTP AUTH are protected by the -TLS encrypted session. - -SMTP AUTH is implemented using SASL, an abstraction layer which can -authenticate against a variety of sources. On Red Hat, SASL can use -the /etc/shadow file, or it can use PAM libraries, or it can use its own -password database (/etc/sasldb), or it can do various more exotic things. - -Authentication raises a number of security concerns for obvious -reasons. As a consequence authentication services on Red Hat systems -are restricted to processes running with root privileges. However for -security reasons it is also essential that a mail server such as -Postfix run without root privileges so that mail operations cannot -compromise the host system. This means that Postfix cannot directly -use authentication services because it does not execute with root -privileges. The answer to this this problem is to introduce an -intermediary process that runs with root privileges which Postfix can -communicate with and will perform authentication on behalf of -Postfix. The SASL package includes an authentication daemon called -saslauthd which provided this service, think of it as an -authentication proxy. - -Using Saslauthd: ----------------- - -To use saslauthd there are several things you must assure are -configured. - -Selecting an Authentication Method: ------------------------------------ - -Recall that it is saslauthd which is authenticating, not -Postfix. To start with you must tell Postfix to use saslauthd, in -main.cf edit this configuration parameter: - - smtpd_sasl_auth_enable = yes - -It is also recommended that you disable anonymous logins otherwise -you've left your system open, so also add this configuration -parameter. - - smtpd_sasl_security_options = noanonymous - -Now you must tell saslauthd which authentication method to use. To -determine the authentication methods currently supported by saslauthd -invoke saslauthd with the -v parameter, it will print its version and -its list of methods and then exit, for example: - - /usr/sbin/saslauthd -v - saslauthd 2.1.10 - authentication mechanisms: getpwent kerberos5 pam rimap shadow - -When saslauthd starts up it reads its configuration options from the -file /etc/sysconfig/saslauthd. Currently there are two parameters -which can be set in this file, MECH and FLAGS. MECH is the -authentication mechanism and FLAGS is any command line flags you may -wish to pass to saslauthd. To tell saslauthd to use a specific -mechanism edit /etc/sysconfig/saslauthd and set the MECH parameter, -for example to use PAM it would look like this: - - MECH=pam - -Of course you may use any of the other authentication mechanisms that -saslauthd reported it supports. PAM is an excellent choice as PAM -supports many of the same authentication methods that saslauthd does, -but by using PAM you will have centralized all of your authentication -configuration under PAM which is one of PAM's greatest assets. - -How Postfix Interacts with SASL to Name its Authentication Services: --------------------------------------------------------------------- - -It can be very helpful to understand how Postfix communicates with -SASL to name its authentication services. Knowing this will let you -identify the configuration files the various components will access. - -When Postfix invokes SASL it must give SASL an application name that -SASL will use among other things to locate a configuration file for -the application. The application name Postfix identifies itself as is -"smtpd". SASL will append ".conf" to the application name and look for -a config file in its library and config directories. Thus SASL will -read Postfix's configuration from - - /etc/sasl2/smtpd.conf - -This file names the authentication method SASL will use for Postfix -(actually for smtpd, other MTA's such as sendmail may use the same -file). Because we want to use the saslauthd authentication proxy -daemon the contents of this file is: - - pwcheck_method: saslauthd - -This tells SASL when being invoked to authentication for Postfix that -it should use saslauthd. Saslauthd's mechanism is set in -/etc/sysconfig/saslauthd (see below). - -When Postfix calls on SASL to authenticate it passes to SASL a service -name. This service name is used in authentication method specific -way. The service name Postfix passes to SASL is "smtp" (note this is -not the same as the application name which is "smtpd"). To understand -this better consider the case of using PAM authentication. When SASL, -or in our case saslauthd, invokes PAM it passes the service name of -"smtp" to PAM which means that when PAM wants to read configuration -information for this client it will find it under the name of "smtp". - -Turning on the Authentication Daemon: -------------------------------------- - -Red Hat security policy is not to automatically enable services -belonging to a package when the package is installed. The system -administrator must explicitly enable the service. To enable saslauthd -do the following: - -1) Tell the init process to launch saslauthd when entering various run - levels. Assuming you want saslauthd to run at run levels 3,4,5 - invoke chkconfig. - - /sbin/chkconfig --level 345 saslauthd on - -2) You will probably want to start saslauthd now without having to - reboot, to do this: - - /sbin/service saslauthd start - -Trouble Shooting Authentication: --------------------------------- - -The best way to debug authentication problems is to examine log -messages from the authentication components. However, normally these -log messages are suppressed. There are two principle reasons the -messages are suppressed. The first is that they are typically logged -at the DEBUG logging priority level which is the lowest priority and -the syslog configuration typically logs only higher priority -messages. The second reason is that for security reasons authentication -logging is considered a risk. Authentication logging has been divided -into two different facilities, auth and authpriv. authpriv is private -and is typically shunted off to a different log file with higher -protection. You will want to be able to see both auth and authpriv -messages at all priorities. To do this as root edit /etc/syslog.conf -file, find the following line - -authpriv.* /var/log/secure - -edit the line to: - -authpriv.;auth. /var/log/secure - -Then restart syslogd so the syslog configuration changes will be -picked up: -
	Deleted	_service:download_src_package:pflogsumm-1.1.3.tar.gz ^
	Deleted	_service:download_src_package:postfix-2.10.0.tar.gz ^
[-] [+]	Deleted	_service:download_src_package:postfix-etc-init.d-postfix ^
@@ -1,164 +0,0 @@ -#!/bin/bash -# -# postfix Postfix Mail Transfer Agent -# -# chkconfig: - 80 30 -# description: Postfix is a Mail Transport Agent, which is the program \ -# that moves mail from one machine to another. -# processname: master -# pidfile: /var/spool/postfix/pid/master.pid -# config: /etc/postfix/main.cf -# config: /etc/postfix/master.cf -# -# Based on startup script from Simon J Mudd <sjmudd@pobox.com> -# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <jam@jamux.com> -# 23/11/00: Changes & suggestions by Ajay Ramaswamy <ajayr@bigfoot.com> -# 20/01/01: Changes to fall in line with RedHat 7.0 style -# 23/02/01: Fix a few untidy problems with help from Daniel Roesen. - -### BEGIN INIT INFO -# Provides: postfix $mail-transfer-agent -# Required-Start: $local_fs $network $remote_fs -# Required-Stop: $local_fs $network $remote_fs -# Short-Description: start and stop postfix -# Description: Postfix is a Mail Transport Agent, which is the program that -# moves mail from one machine to another. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -RETVAL=0 -prog="postfix" -lockfile=/var/lock/subsys/$prog -pidfile=/var/spool/postfix/pid/master.pid - -ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp - -# Script to update chroot environment -CHROOT_UPDATE=/etc/postfix/chroot-update - -status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1 -running=$? - -conf_check() { - [ -x /usr/sbin/postfix ] \|\| exit 5 - [ -d /etc/postfix ] \|\| exit 6 - [ -d /var/spool/postfix ] \|\| exit 5 -} - -make_aliasesdb() { - if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ] - then - # /etc/aliases.db may be used by other MTA, make sure nothing - # has touched it since our last newaliases call - [ /etc/aliases -nt /etc/aliases.db ] \|\| - [ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] \|\| - [ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] \|\| return - /usr/bin/newaliases - touch -r /etc/aliases.db "$ALIASESDB_STAMP" - else - /usr/bin/newaliases - fi -} - -start() { - [ "$EUID" != "0" ] && exit 4 - # Check that networking is up. - [ ${NETWORKING} = "no" ] && exit 1 - conf_check - # Start daemons. - echo -n $"Starting postfix: " - make_aliasesdb >/dev/null 2>&1 - [ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE - /usr/sbin/postfix start 2>/dev/null 1>&2 && success \|\| failure $"$prog start" - RETVAL=$? - [ $RETVAL -eq 0 ] && touch $lockfile - echo - return $RETVAL -} - -stop() { - [ "$EUID" != "0" ] && exit 4 - conf_check - # Stop daemons. - echo -n $"Shutting down postfix: " - /usr/sbin/postfix stop 2>/dev/null 1>&2 && success \|\| failure $"$prog stop" - RETVAL=$? - [ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile - echo - return $RETVAL -} - -reload() { - conf_check - echo -n $"Reloading postfix: " - [ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE - /usr/sbin/postfix reload 2>/dev/null 1>&2 && success \|\| failure $"$prog reload" - RETVAL=$? - echo - return $RETVAL -} - -abort() { - conf_check - /usr/sbin/postfix abort 2>/dev/null 1>&2 && success \|\| failure $"$prog abort" - return $? -} - -flush() { - conf_check - /usr/sbin/postfix flush 2>/dev/null 1>&2 && success \|\| failure $"$prog flush" - return $? -} - -check() { - conf_check - /usr/sbin/postfix check 2>/dev/null 1>&2 && success \|\| failure $"$prog check" - return $? -} - -# See how we were called. -case "$1" in - start) - [ $running -eq 0 ] && exit 0 - start - ;; - stop) - [ $running -eq 0 ] \|\| exit 0 - stop - ;; - restart\|force-reload) - stop - start - ;; - reload) - [ $running -eq 0 ] \|\| exit 7 - reload - ;; - abort) - abort - ;; - flush) - flush - ;; - check) - check - ;; - status) - status -p $pidfile -l $(basename $lockfile) master - ;; - condrestart) - [ $running -eq 0 ] \|\| exit 0 - stop - start - ;; - *) - echo $"Usage: $0 {start\|stop\|restart\|reload\|abort\|flush\|check\|status\|condrestart}" - exit 2 -esac - -exit $?
[-] [+]	Deleted	_service:download_src_package:postfix-pam.conf ^
@@ -1,3 +0,0 @@ -#%PAM-1.0 -auth include password-auth -account include password-auth
[-] [+]	Deleted	_service:download_src_package:postfix-sasl.conf ^
@@ -1,2 +0,0 @@ -pwcheck_method: saslauthd -mech_list: plain login