From 55af617611a977be3a84d9af7aed3f927f531cc7 Mon Sep 17 00:00:00 2001 From: Grupa za izradu paketa Date: Sun, 21 Oct 2007 22:08:07 +0000 Subject: [PATCH 1/1] r1: [svn-inject] Installing original source of postfix-cn --- NEWS.CARNet | 27 ++++ README.CARNet | 57 +++++++ changelog.CARNet | 1 + debian/changelog | 110 +++++++++++++ debian/compat | 1 + debian/conffiles | 1 + debian/config | 23 +++ debian/control | 18 +++ debian/dirs | 3 + debian/docs | 3 + debian/install | 2 + debian/postfix-cn.cron.d | 5 + debian/postinst | 385 ++++++++++++++++++++++++++++++++++++++++++++++ debian/postrm | 12 ++ debian/rules | 86 +++++++++++ debian/templates | 17 ++ make-aliases-gecos.sh | 31 ++++ newaliases-gecos | 1 + 18 files changed, 783 insertions(+) create mode 100644 NEWS.CARNet create mode 100644 README.CARNet create mode 120000 changelog.CARNet create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/conffiles create mode 100755 debian/config create mode 100644 debian/control create mode 100644 debian/dirs create mode 100644 debian/docs create mode 100644 debian/install create mode 100644 debian/postfix-cn.cron.d create mode 100755 debian/postinst create mode 100755 debian/postrm create mode 100755 debian/rules create mode 100644 debian/templates create mode 100755 make-aliases-gecos.sh create mode 120000 newaliases-gecos diff --git a/NEWS.CARNet b/NEWS.CARNet new file mode 100644 index 0000000..159e0e5 --- /dev/null +++ b/NEWS.CARNet @@ -0,0 +1,27 @@ +postfix-cn (2.1.5-6) sarge; urgency=medium + + Napomene uz rad make-aliases-gecos.sh skripte + --------------------------------------------- + +Skripta /usr/share/postfix-cn/make-aliases-gecos.sh postavlja aliase +samo za korisnicke racune za koje su ispunjeni sljedeci uvjeti: + - uid veci od 100 ($3 >= 100) + - korisnik ima eksplicitno postavljenu grupu ($5) + - korisnicko ime nije "nobody" (uvjet postoji zbog toga sto sistemski + korisnik nobody ima uid veci od 100) + +Ukoliko imate korisnike koji ne odgovaraju ovim uvjetima morat cete +ispraviti stanje zahvacenih korisnickih racuna, ili prilagoditi +uvjete u skripti vlastitim potrebama. + +U slucaju da postoji vise korisnika sa istim imenom i prezimenom, ce +biti isporucena na prvi alias u generiranoj datoteci, sto odgovara +korisniku koji se prije pojavljuje u /etc/passwd. + +Slicno tome, ako je definirano vise datoteka u Postfix varijabli +$alias_maps, posta ce doci na prvi alias u datoteci koja je ranije +definirana u $alias_maps. + +Pogledajte /usr/share/doc/postfix-cn/README.CARNet za vise informacija. + + -- Ivan 'ico' Rako Sun, 29 Oct 2006 15:59:50 +0100 diff --git a/README.CARNet b/README.CARNet new file mode 100644 index 0000000..bd03cb4 --- /dev/null +++ b/README.CARNet @@ -0,0 +1,57 @@ +postfix-cn ++--------+ + +Paket donosi TLS i SASL (SMTP AUTH) podrsku. + +Implementacija Sendmail opcije MatchGECOS +----------------------------------------- + +U Postfixu ne postoji podrska za adrese oblika Ime.Prezime@domena.hr +analogna opciji MatchGECOS u Sendmailu. Zbog toga je za ovaj paket +pripremljena skripta koja donosi tu funkcionalnost, a koja se +poziva iz crona. Ovaj podsustav se sastoji od: + +/usr/share/postfix-cn/make-aliases-gecos.sh + + skripta koja priprema dodatnu aliases datoteku za postfix. Ukoliko + ste upravo dodali nove korisnike i zelite odmah obnoviti GECOS + aliase, pokrenite je: + + # /usr/share/postfix-cn/make-aliases-gecos.sh + +/etc/cron.d/postfix-cn + + ovdje mozete podesiti ucestalost poziva gornje skripte. Pocetne + postavke su takve da ce se aliasi oblika Ime.Prezime generirati + jedanput na sat. + +/var/lib/postfix-cn/aliases_gecos + + ova datoteka je rezultat poziva skripte. _Nemojte_ je rucno + mijenjati jer ce sve promjene biti pregazene kod iduceg poziva iz + crona. Umjesto toga, sve lokalne aliase postavljajte u /etc/aliases + (ili neku drugu datoteku definiranu u Postfix varijabli $alias_maps). + + Napomene uz rad make-aliases-gecos.sh skripte + --------------------------------------------- + +Skripta /usr/share/postfix-cn/make-aliases-gecos.sh postavlja aliase +samo za korisnicke racune za koje su ispunjeni sljedeci uvjeti: + - uid veci od 100 ($3 >= 100) + - korisnik ima eksplicitno postavljenu grupu ($5) + - korisnicko ime nije "nobody" (uvjet postoji zbog toga sto sistemski + korisnik nobody ima uid veci od 100) + +Ukoliko imate korisnike koji ne odgovaraju ovim uvjetima morat cete +ispraviti stanje zahvacenih korisnickih racuna, ili prilagoditi +uvjete u skripti vlastitim potrebama. + +U slucaju da postoji vise korisnika sa istim imenom i prezimenom, ce +biti isporucena na prvi alias u generiranoj datoteci, sto odgovara +korisniku koji se prije pojavljuje u /etc/passwd. + +Slicno tome, ako je definirano vise datoteka u Postfix varijabli +$alias_maps, posta ce doci na prvi alias u datoteci koja je ranije +definirana u $alias_maps. + + -- Ivan 'ico' Rako Sun, 29 Oct 2006 15:59:50 +0100 diff --git a/changelog.CARNet b/changelog.CARNet new file mode 120000 index 0000000..194579e --- /dev/null +++ b/changelog.CARNet @@ -0,0 +1 @@ +changelog.Debian \ No newline at end of file diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..551e9a6 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,110 @@ +postfix-cn (2.3.8-1) carnet-etch; urgency=high + + * Prva verzija za Etch + + -- Ivan Rako Mon, 22 Oct 2007 00:00:10 +0200 + +postfix-cn (2.1.5-11) sarge; urgency=low + + * Izmijenjena poruka za purganje paketa sendmail-base + + -- Ivan Rako Mon, 21 May 2007 15:27:01 +0200 + +postfix-cn (2.1.5-10) sarge; urgency=medium + + * Stavljen openssl u Depends + * Provjera da li postoji main.cf i master.cf + * Izbacen postfix-cn/upgrade-from-sendmail + * postfix-cn/matchgecos postavljen na critical + * Dodan softlink /usr/bin/make-aliases-gecos + * Postavlja START=yes u /etc/default/saslauthd + + -- Ivan Rako Wed, 25 Apr 2007 15:34:21 +0200 + +postfix-cn (2.1.5-9) sarge; urgency=medium + + * Gasi se RBL ORDB.org pa je izbacen iz paketa + * Izbacen i RBL opm.blitzed.org + * Ubacen novi RBL list.dsbl.org + + -- Ivan Rako Tue, 19 Dec 2006 10:40:46 +0100 + +postfix-cn (2.1.5-8) sarge; urgency=medium + + * Dodana provjera da li je host mx, pa postavlja ispravan mydestination + + -- Ivan 'ico' Rako Thu, 9 Nov 2006 10:19:20 +0100 + +postfix-cn (2.1.5-7) sarge; urgency=medium + + * Dodana definicija PATH-a u skripti za generiranje aliases_gecos + * Dodana opcija PA_OPTIONS="-r" u /usr/share/postfix-cn/make-aliases-gecos.sh + za skrivanje cron poruka o duplim aliasima + * Dodatni uvjet za provjeru da li postoji GECOS polje u skripti + /usr/share/postfix-cn/make-aliases-gecos.sh + + -- Ivan Rako Mon, 30 Oct 2006 13:55:28 +0100 + +postfix-cn (2.1.5-6) sarge; urgency=medium + + * Povecan prioritet za debconf pitanje postfix-cn/matchgecos + * Stavljen sendmail-base u Conflicts + * Dodana poruka za purge-anje paketa sendmail-base + * Nadopunjena lista CARNetovih mail exchangera u + /etc/postgrey/whitelist_clients + * Smanjen bounce_queue_lifetime i maximal_queue_lifetime na 5 dana + * Ako su vec postavljeni smtp_tls_cert_file i smtp_tls_cert_file, + onda postinst vise ne dira + * Uvjet za kreiranje aliases_gecos je samo po uid-u (> 100) + * /etc/cron.daily/postfix-cn -> /etc/cron.d/postfix-cn + * Postgrey delay postavljen na 58 sekundi + * Izmjenijena varijabla local_recipient_maps + + -- Ivan 'ico' Rako Sat, 28 Oct 2006 21:15:28 +0200 + +postfix-cn (2.1.5-5) + + * Privremeno dodano u Postfix konfiguraciju zbog problema u radu sa + Squirrelmail-om: + append_dot_mydomain = yes + append_at_myorigin = yes + + -- Ivan 'ico' Rako Thu, 31 Aug 2006 17:11:09 +0200 + +postfix-cn (2.1.5-4) + + * ispravan poredak kod postfix varijable smtpd_recipient_restrictions + * sitne ispravke kod prebacivanje /var/run/saslauthd -> + /var/spool/postfix/var/run/saslauthd + * dodaje CARNetove mail exchangere u /etc/postgrey/whitelist_clients + + -- Ivan 'ico' Rako Tue, 11 Jul 2006 19:27:46 +0200 + +postfix-cn (2.1.5-3) + + * dodaje korisnika postfix u grupu sasl + + -- Ivan 'ico' Rako Tue, 4 Jul 2006 14:52:15 +0200 + +postfix-cn (2.1.5-2) + + * dodana skripta za kreiranje aliasa na osnovu GECOS polja + (/etc/cron.daily/postfix-cn) + * dodan hash:/var/lib/postfix-cn/aliases_gecos u $alias_maps + * dopune za sasl (/etc/postfix/sasl/smtpd.conf, ...) + * privremene datoteke za tlsmgr premjestene iz /etc/postfix u + /var/spool/postfix + + -- Ivan 'ico' Rako Tue, 4 Jul 2006 14:52:15 +0200 + +postfix-cn (2.1.5-1) + + * backup zatecenog stanja konfiguracijskih datoteka + + -- Ivan 'ico' Rako Sat, 1 Jul 2006 09:50:09 +0200 + +postfix-cn (2.1.5-0) + + * inicijalna verzija paketa + + -- Ivan 'ico' Rako Wed, 31 May 2006 19:34:29 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..5f85af8 --- /dev/null +++ b/debian/conffiles @@ -0,0 +1 @@ +/usr/share/postfix-cn/make-aliases-gecos.sh diff --git a/debian/config b/debian/config new file mode 100755 index 0000000..5d7e58a --- /dev/null +++ b/debian/config @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +# Load debconf +. /usr/share/debconf/confmodule + +db_input high postfix-cn/rbl || true +if dpkg --compare-versions "$2" lt 2.1.5-8; then + db_fset postfix-cn/matchgecos seen false + db_go +fi +db_input critical postfix-cn/matchgecos || true + +db_get postfix-cn/upgrade-from-sendmail || true +upgrade_yes="$RET" + +if [ "$upgrade_yes" = "false" ]; then + exit 1 +fi + +db_go || true +db_stop || true diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..94c9e8c --- /dev/null +++ b/debian/control @@ -0,0 +1,18 @@ +Source: postfix-cn +Section: mail +Priority: optional +Maintainer: Ivan Rako +Build-Depends: debhelper (>= 4.0.0) +Standards-Version: 3.6.1 + +Package: postfix-cn +Architecture: all +Depends: postfix, postfix-tls, carnet-tools-cn (>= 2.7), sasl2-bin, libsasl2-modules, postgrey, debconf, openssl +Conflicts: sendmail-cn, amavisd-cn (<< 2:20030616p10-10), amavisd-new-milter, sendmail-base +Suggests: amavisd-cn +Description: A high-performance mail transport agent + Postfix is Wietse Venema's mail transport agent that started life as an + alternative to the widely-used Sendmail program. Postfix attempts to + be fast, easy to administer, and secure, while at the same time being + sendmail compatible enough to not upset existing users. Thus, the outside + has a sendmail-ish flavor, but the inside is completely different. diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..3cb79eb --- /dev/null +++ b/debian/dirs @@ -0,0 +1,3 @@ +var/lib/postfix-cn +usr/share/postfix-cn +usr/sbin diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..8872287 --- /dev/null +++ b/debian/docs @@ -0,0 +1,3 @@ +README.CARNet +NEWS.CARNet +changelog.CARNet diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..4058213 --- /dev/null +++ b/debian/install @@ -0,0 +1,2 @@ +make-aliases-gecos.sh usr/share/postfix-cn +newaliases-gecos usr/sbin diff --git a/debian/postfix-cn.cron.d b/debian/postfix-cn.cron.d new file mode 100644 index 0000000..b492840 --- /dev/null +++ b/debian/postfix-cn.cron.d @@ -0,0 +1,5 @@ +# /etc/cron.d/postfix-cn: crontab fragment for postfix-cn + +PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH + +0 0-23/1 * * * root if [ -x /usr/share/postfix-cn/make-aliases-gecos.sh ]; then /usr/share/postfix-cn/make-aliases-gecos.sh; fi diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..f43a818 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,385 @@ +#!/bin/sh -e + +[ "$1" = "configure" ] || exit 0 + +# Load CARNet Tools +. /usr/share/carnet-tools/functions.sh +# Load Debconf +. /usr/share/debconf/confmodule + +db_get postfix-cn/rbl || true +rbl="$RET" + +# Tue, 19 Dec 2006 10:31:01 +0100 +# relays.ordb.org se gasi 2006-12-31 +if echo $rbl | grep -q relays.ordb.org; then + rbl="`echo $rbl | sed 's/relays.ordb.org, //g'`" + # za svaki slucaj, ako je na kraju + rbl="`echo $rbl | sed 's/relays.ordb.org//g'`" + db_set postfix-cn/rbl "$rbl" || true +fi + +# Thu, 21 Dec 2006 09:03:50 +0100 +# opm.blitzed.org je ugasen 2006-05 +if echo $rbl | grep -q opm.blitzed.org; then + rbl="`echo $rbl | sed 's/opm.blitzed.org, //g'`" + # za svaki slucaj, ako je na kraju + rbl="`echo $rbl | sed 's/opm.blitzed.org//g'`" + db_set postfix-cn/rbl "$rbl" || true +fi + +db_get postfix-cn/matchgecos || true +matchgecos="$RET" + +hostname="`hostname`" +fqdn="`hostname --fqdn`" +domain="`dnsdomainname`" +mailname="`cat /etc/mailname 2> /dev/null || hostname --fqdn`" +cp_get_netaddr || true +netaddr="$RET" + +# ako ne postoje konfiguracijske datoteke, napravi ih +[ -f /etc/postfix/master.cf ] || touch /etc/postfix/master.cf +[ -f /etc/postfix/main.cf ] || touch /etc/postfix/main.cf + +# spremi pocetnu verziju +cp -pf /etc/postfix/master.cf /etc/postfix/master.cf.dpkg-tmp.$$ +cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.dpkg-tmp.$$ + +# srediti master.cf za TLS +if [ -f /etc/postfix/master.cf ]; then + cp_check_and_sed '^#tlsmgr' \ + 's/^#tlsmgr/tlsmgr/g' \ + /etc/postfix/master.cf || true + + cp_check_and_sed '^#smtps' \ + 's/^#smtps/smtps/g' \ + /etc/postfix/master.cf || true +fi + +# ovo manje/vise uzima kao default, ali u slucaju da je multihomed stroj, +# i eventualno je sprckan, mozda nesto nece raditi kako spada pa cemo konfigurirati +postconf -e myhostname="$fqdn" +postconf -e mydomain="$domain" +postconf -e myorigin="$mailname" + +# zbog problema sa squirrelmailom +postconf -e append_dot_mydomain="yes" +postconf -e append_at_myorigin="yes" + +# dodaj 127.0.0.0/8 i netaddr +mynetworks="`postconf -h mynetworks`" +for i in "127.0.0.0/8" "$netaddr"; do + if ! echo $mynetworks | grep -q $i; then + mynetworks="$mynetworks, $i" + fi +done +postconf -e mynetworks="$mynetworks" + +# obrisati $mydomain, ako je upgrade sa starije verzije +# te srediti mydestination +if dpkg --compare-versions "$2" lt 2.1.5-8; then + mydestination="`postconf -h mydestination`" + if echo $mydestination | grep -q ", \$mydomain"; then + mydestination="`echo $mydestination | sed 's/, \$mydomain//g'`" + fi + postconf -e mydestination="$mydestination" +fi + +# default je: $myhostname, localhost.$mydomain, localhost +# treba dodati jos ", $mydomain", ako je host mx +cp_get_mx_domain || true +mx_domain="$RET" +if [ "$mx_domain" != "$fqdn" ]; then + mydestination="`postconf -h mydestination`" + if ! echo $mydestination | grep -q ", \$mydomain"; then + postconf -e mydestination="$mydestination, \$mydomain" + fi + postconf -e relay_domains="\$mydestination" + if [ "$mx_domain" != "$domain" ]; then + if dpkg --compare-versions "$2" lt 2.1.5-8; then + cp_echo "CN: This host is MX for more than one domain! postfix-cn package will" + cp_echo "CN only set up $mx_domain, you HAVE TO add the other domains manually" + cp_echo "CN to mydestination variable in /etc/postfix/main.cf, if you haven't" + cp_echo "CN done that already or you may lose mail." + fi + fi +fi + +# sredi $alias_maps +if [ "$matchgecos" = "true" ]; then + aliasmaps="hash:/etc/aliases hash:/var/lib/postfix-cn/aliases_gecos" +elif [ "$matchgecos" = "false" ]; then + aliasmaps="hash:/etc/aliases" + alias_maps="`postconf -h alias_maps | \ + sed -e 's#hash:/var/lib/postfix-cn/aliases_gecos,*##g' -e 's/,*[[:space:]]*$//g'`" + postconf -e alias_maps="$alias_maps" +fi + +for i in $aliasmaps; do + alias_maps="`postconf -h alias_maps`" + if ! echo $alias_maps | grep -q "$i"; then + postconf -e alias_maps="$alias_maps, $i" + fi +done + +postconf -e alias_database="hash:/etc/aliases" +postconf -e local_recipient_maps="proxy:unix:passwd.byname \$alias_maps" + +# jos malo +postconf -e recipient_delimiter="+" +postconf -e smtpd_helo_required="yes" +postconf -e smtpd_helo_restrictions="permit_mynetworks" +postconf -e in_flow_delay="2s" +postconf -e initial_destination_concurrency="10" +postconf -e default_destination_concurrency_limit="30" +postconf -e smtpd_recipient_limit="400" +postconf -e hash_queue_depth="3" + +if dpkg --compare-versions "$2" lt 2.1.5-6; then + postconf -e bounce_queue_lifetime="5d" + postconf -e maximal_queue_lifetime="5d" +fi + +# ako netko zeli maknuti maskiranje, da mu ga nova verzija ne doda +if dpkg --compare-versions "$2" lt 2.1.5-2; then + postconf -e masquerade_domains="\$mydomain" +fi + +# sredi smtpd_recipient_restrictions +smtpd_recipient_restrictions="reject_invalid_hostname, \ + reject_unknown_sender_domain, \ + reject_unknown_recipient_domain, \ + reject_unauth_pipelining, \ + permit_sasl_authenticated, \ + permit_mynetworks, \ + reject_unauth_destination" + +# dodaj samo rbl-ove iz debconfa +if [ "$rbl" ]; then + for i in `echo $rbl | tr -d ,`; do + smtpd_recipient_restrictions="$smtpd_recipient_restrictions, reject_rbl_client $i" + done +fi + +# dodaj check_policy_service i permit na kraj +smtpd_recipient_restrictions="$smtpd_recipient_restrictions, check_policy_service inet:127.0.0.1:60000, permit" +postconf -e smtpd_recipient_restrictions="$smtpd_recipient_restrictions" + +# SASL stuff +postconf -e smtpd_sasl_auth_enable="yes" +postconf -e smtpd_sasl_security_options="noanonymous" +postconf -e smtpd_sasl_local_domain="\$myhostname" +postconf -e broken_sasl_auth_clients="yes" + +[ -d /etc/postfix/sasl/ ] || mkdir -p /etc/postfix/sasl/ +if [ ! -f /etc/postfix/sasl/smtpd.conf ]; then + cat - > /etc/postfix/sasl/smtpd.conf <> /etc/default/saslauthd + restart_saslauthd="yes" + fi + if ! grep -q "^PARAMS.*/var/spool/postfix/var/run/saslauthd" /etc/default/saslauthd; then + echo "PARAMS=\"-m /var/spool/postfix/var/run/saslauthd\"" >> /etc/default/saslauthd + restart_saslauthd="yes" + fi + if ! grep -q "^PIDFILE.*/var/spool/postfix/var/run/saslauthd/saslauthd.pid" /etc/default/saslauthd; then + echo "PIDFILE=\"/var/spool/postfix/var/run/saslauthd/saslauthd.pid\"" >> /etc/default/saslauthd + restart_saslauthd="yes" + fi + if ! grep -q "^PWDIR.*/var/spool/postfix/var/run/saslauthd" /etc/default/saslauthd; then + echo "PWDIR=\"/var/spool/postfix/var/run/saslauthd\"" >> /etc/default/saslauthd + restart_saslauthd="yes" + fi + if ! grep -q "&& ln -s" /etc/default/saslauthd; then + echo "[ ! -L /var/run/saslauthd -a -d /var/spool/postfix/var/run/saslauthd -a ! -d /var/run/saslauthd ] && ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd || true" >> /etc/default/saslauthd + restart_saslauthd="yes" + fi + if [ ! -L /var/run/saslauthd ]; then + mkdir -p /var/spool/postfix/var/run/ + if [ -d /var/run/saslauthd -a ! -d /var/spool/postfix/var/run/saslauthd ]; then + mv /var/run/saslauthd /var/spool/postfix/var/run/ + elif [ -d /var/run/saslauthd -a -d /var/spool/postfix/var/run/saslauthd ]; then + rm -rf /var/run/saslauthd/ + fi + + # XXX jos kad bi ln -s u /var/run/ radio (bootclean.sh) + if [ -d /var/spool/postfix/var/run/saslauthd -a ! -d /var/run/saslauthd ]; then + ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd + fi + + restart_saslauthd="yes" + fi + if [ ! -d /var/spool/postfix/var/run/saslauthd ]; then + mkdir -p /var/spool/postfix/var/run/saslauthd + restart_saslauthd="yes" + fi + if ! dpkg-statoverride --list /var/spool/postfix/var/run/saslauthd > /dev/null; then + dpkg-statoverride --update --add root sasl 710 /var/spool/postfix/var/run/saslauthd + fi +fi + +# restart saslauthd +if [ "$restart_saslauthd" = "yes" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + [ -x /etc/init.d/saslauthd ] && invoke-rc.d saslauthd restart + else + [ -x /etc/init.d/saslauthd ] && /etc/init.d/saslauthd restart + fi +fi + +# izgenerirati certifikate +cert="postfix" # basename of certificate +description="Postfix SMTP daemon" # descriptive text +cd /etc/ssl/certs +PATH=$PATH:/usr/bin/ssl +if [ -f "$cert.pem" ]; then + echo "CN: You already have /etc/ssl/certs/$cert.pem" +else + echo "CN: Creating generic self-signed certificate: /etc/ssl/certs/$cert.pem" + echo "CN: (replace with hand-crafted or authorized one if needed)." + HOSTNAME=`hostname -s` + FQDN=`hostname -f` + openssl req -new -x509 -days 365 -nodes -out "$cert.pem" -keyout "$cert.pem" > /dev/null 2>&1 <<+ +. +. +. +$description +$hostname +$fqdn +root@$mailname ++ + ln -sf "$cert.pem" `openssl x509 -noout -hash < "$cert.pem"`.0 + chown root.root "/etc/ssl/certs/$cert.pem" + chmod 0640 "/etc/ssl/certs/$cert.pem" +fi + +# TLS stuff +postconf -e smtp_use_tls="yes" +postconf -e smtp_tls_key_file="\$smtp_tls_cert_file" +postconf -e smtp_tls_session_cache_database="sdbm:/var/spool/postfix/smtp_scache" +postconf -e smtp_tls_session_cache_timeout="3600s" +postconf -e smtpd_use_tls="yes" +postconf -e smtpd_tls_key_file="\$smtpd_tls_cert_file" +postconf -e smtpd_tls_session_cache_database="sdbm:/var/spool/postfix/smtpd_scache" +postconf -e smtpd_tls_session_cache_timeout="3600s" +postconf -e tls_random_source="dev:/dev/urandom" +# ako je postavljen neki drugi certifikat, ne diraj +smtp_tls_cert_file="`postconf -h smtp_tls_cert_file`" +if [ -z "$smtp_tls_cert_file" ]; then + postconf -e smtp_tls_cert_file="/etc/ssl/certs/$cert.pem" +fi +smtpd_tls_cert_file="`postconf -h smtpd_tls_cert_file`" +if [ -z "$smtpd_tls_cert_file" ]; then + postconf -e smtpd_tls_cert_file="/etc/ssl/certs/$cert.pem" +fi + +# prije bilo u /etc/postfix/, od verzije 2.1.5-2 je u /var/spool/postfix +[ -f /etc/postfix/smtp_scache.dir ] && rm -f /etc/postfix/smtp_scache.dir +[ -f /etc/postfix/smtp_scache.pag ] && rm -f /etc/postfix/smtp_scache.pag +[ -f /etc/postfix/smtpd_scache.dir ] && rm -f /etc/postfix/smtpd_scache.dir +[ -f /etc/postfix/smtpd_scache.pag ] && rm -f /etc/postfix/smtpd_scache.pag + +# debconf stop +db_go || true +db_stop || true + +# ako postoji amavis, sredi +if [ -x /usr/share/amavisd-cn/postfixize.sh ]; then + /usr/share/amavisd-cn/postfixize.sh +fi + +# provjeri da li postoji sendmail-base +if ! dpkg -l sendmail-base | grep -q '^.n'; then + cp_echo "" + cp_echo "CN: Package sendmail-base detected." + cp_echo "CN: Please, purge this package with command:" + cp_echo "CN: # dpkg --purge sendmail-base" + cp_echo "" +fi + +# sendmailov /etc/mail/access +if [ -f /etc/mail/access -a /etc/mail/access.db ]; then + cp_echo "" + cp_echo "CN: Sendmail's access file (/etc/mail/access) detected." + cp_echo "CN: Please, upgrade your's /etc/postfix/access." + cp_echo "CN: http://www.postfix.org/SMTPD_ACCESS_README.html" + cp_echo "" +fi + +if ! id postfix | grep -q sasl; then + adduser postfix sasl > /dev/null + restart_postfix="yes" +fi + +# ako ima razlika, backupiraj stari, ako ne, obrisi privremeni backup +if ! cmp -s /etc/postfix/master.cf /etc/postfix/master.cf.dpkg-tmp.$$; then + cp_echo "CN: Backing up old version of /etc/postfix/master.cf in /var/backups/..." + cp_backup_conffile /etc/postfix/master.cf.dpkg-tmp.$$ master.cf + restart_postfix="yes" +fi +rm -f /etc/postfix/master.cf.dpkg-tmp.$$ + +if ! cmp -s /etc/postfix/main.cf /etc/postfix/main.cf.dpkg-tmp.$$; then + cp_echo "CN: Backing up old version of /etc/postfix/main.cf in /var/backups/..." + cp_backup_conffile /etc/postfix/main.cf.dpkg-tmp.$$ main.cf + restart_postfix="yes" +fi +rm -f /etc/postfix/main.cf.dpkg-tmp.$$ + +# kreiraj aliases_gecos +if [ -x /usr/share/postfix-cn/make-aliases-gecos.sh ]; then + if [ "$matchgecos" = "true" ]; then + echo "CN: Creating GECOS alias map..." + /usr/share/postfix-cn/make-aliases-gecos.sh + fi +fi + +if dpkg --compare-versions "$2" lt 2.1.5-6 && \ + [ -f /etc/postgrey/whitelist_clients ]; then + # dodaj CARNet MX u /etc/postgrey/whitelist_clients + cp-update postfix-cn /etc/postgrey/whitelist_clients < /usr/share/postfix-cn/carnet_whitelist_clients + restart_postgrey="yes" +fi + +if [ -f /etc/default/postgrey ]; then + if ! grep -q "^POSTGREY_OPTS=.*--delay" /etc/default/postgrey; then + cp_check_and_sed 'POSTGREY_OPTS=' \ + 's/^POSTGREY_OPTS="/POSTGREY_OPTS="--delay=58 /g' \ + /etc/default/postgrey || true + restart_postgrey="yes" + fi +fi + +if [ "$restart_postgrey" = "yes" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + [ -x /etc/init.d/postgrey ] && invoke-rc.d postgrey restart + else + [ -x /etc/init.d/postgrey ] && /etc/init.d/postgrey restart + fi +fi + +# restart +if [ "$restart_postfix" = "yes" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + [ -x /etc/init.d/postfix ] && invoke-rc.d postfix restart + else + [ -x /etc/init.d/postfix ] && /etc/init.d/postfix restart + fi +fi +cp_mail postfix-cn diff --git a/debian/postrm b/debian/postrm new file mode 100755 index 0000000..84cf490 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,12 @@ +#!/bin/sh -e + +set -e + +[ "$1" = "purge" ] || exit 0 + +# Load debconf +. /usr/share/debconf/confmodule + +db_purge || true + +cp-update -r postfix-cn /etc/postgrey/whitelist_clients diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..0a1877b --- /dev/null +++ b/debian/rules @@ -0,0 +1,86 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + # $(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + # -$(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/ntp-cn. + # $(MAKE) install DESTDIR=$(CURDIR)/debian/ntp-cn + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs -k + dh_installdocs +# dh_installexamples + dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit + dh_installcron +# dh_installinfo + dh_installman +# dh_link +# dh_strip +# dh_compress + dh_fixperms +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb +# dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..3739b3b --- /dev/null +++ b/debian/templates @@ -0,0 +1,17 @@ +Template: postfix-cn/rbl +Type: multiselect +Choices: bl.spamcop.net, dnsbl.njabl.org, sbl-xbl.spamhaus.org, list.dsbl.org +Description: Koje RBL zelite? + Postfix moze prilikom provjere primanja e-mail poruka provjeriti da li + je posiljatelj zavrsio na nekoj od RBL (Realtime Blackhole List) listi. + +Template: postfix-cn/matchgecos +Type: boolean +Default: false +Description: Zelite li MatchGECOS podrsku? + U Postfixu ne postoji podrska da prima poruke za adrese oblika + Ime.Prezime@domena.hr (opcija MatchGECOS u Sendmailu). Zbog toga + ovaj paket donosi 'cron job' koji je zamjena za to. Datoteka + /etc/cron.daily/postfix-cn ce se izvrsavati jedanput dnevno, i + generirat ce datoteku /var/lib/postfix-cn/aliases_gecos sa aliasima + oblika Ime.Prezime@domena.hr. diff --git a/make-aliases-gecos.sh b/make-aliases-gecos.sh new file mode 100755 index 0000000..f54fe9a --- /dev/null +++ b/make-aliases-gecos.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +# ovo se moze otkomentirati, ako se ne zele poruke o duplim GECOS aliasima +#PA_OPTIONS="-r" + +PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH + +[ -x /usr/sbin/postalias ] || exit 0 +[ -f /etc/postfix/main.cf ] || exit 0 +gecos="/var/lib/postfix-cn/aliases_gecos" +grep -q "hash:$gecos" /etc/postfix/main.cf || exit 0 + +[ -d /var/lib/postfix-cn/ ] || exit 0 + +# Load CARNet Tools +. /usr/share/carnet-tools/functions.sh + +getent passwd | awk -F: ' + $3 >= 100 && $1 != "nobody" && $5 \ + { + split($5, g, ","); + if (g[1]=="") {next}; + gsub(/ /, ".", g[1]); + print tolower(g[1]) ": " $1; + }' > $gecos.dpkg-tmp.$$ + + +cp_mv $gecos.dpkg-tmp.$$ $gecos +postalias $PA_OPTIONS hash:$gecos diff --git a/newaliases-gecos b/newaliases-gecos new file mode 120000 index 0000000..05fbd6f --- /dev/null +++ b/newaliases-gecos @@ -0,0 +1 @@ +../share/postfix-cn/make-aliases-gecos.sh \ No newline at end of file -- 1.7.10.4