From: Wietse Venema Date: Mon, 6 Sep 1999 05:00:00 +0000 (-0500) Subject: postfix-19990906 X-Git-Tag: v20010228~97 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=981562b00439673242ae10169e0d6103e3b14b04;p=thirdparty%2Fpostfix.git postfix-19990906 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index b193ae6b7..9a0eecf8d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -3031,3 +3031,11 @@ Apologies for any names omitted. Portability: the Postfix to PCRE interface now expects version 2.08. Postfix is no longer compatible with PCRE versions before 2.6. + +19990906 + + Feature: INSTALL.sh script that makes Postfix installation + a bit less painful. This script can be used for installing + and for upgrading Postfix. It replaces files instead of + overwriting them, and leaves existing configuration and + queue files intact. diff --git a/postfix/INSTALL b/postfix/INSTALL index f69202c9c..a54d68f3f 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -62,10 +62,12 @@ If your system is supported, it is one of IRIX 6.x Linux Debian 1.3.1 Linux Debian 2.x - Linux RedHat 4.2 + Linux RedHat 4.x Linux RedHat 5.x + Linux RedHat 6.x Linux Slackware 3.5 Linux SuSE 5.x + Linux SuSE 6.x Mac OS X server NEXTSTEP 3.x NetBSD 1.x @@ -155,75 +157,42 @@ again. 6 - Installing the software after successful compilation ======================================================== -There is no automated installation procedure. The Postfix system -is sufficiently complex, and UNIX systems are sufficiently different, -that I feel uncomfortable providing an out-of-the-box procedure. - -Installing Postfix by hand takes only a few steps. - -- Configuration directory. This name is wired into the programs, - but it can be overruled by setting the MAIL_CONFIG environment - variable. This text assumes that you have chosen the default - location. - - As superuser, execute the commands from the Postfix source directory: - - # mkdir /etc/postfix - # chmod 755 /etc/postfix - # cp conf/* /etc/postfix - # chmod 644 /etc/postfix/* - # chmod 755 /etc/postfix/postfix-script* - - This also installs the LICENSE file, as required. - -- Spool directory. The pathname is configurable in /etc/postfix/main.cf. - This text assumes that you have chosen the default location. - - As superuser, execute the commands: - - # mkdir /var/spool/postfix - # chmod 755 /var/spool/postfix - -- Command directory. The pathname is configurable in /etc/postfix/main.cf. - Usually I install in /usr/sbin or in /usr/etc, depending on the system. - - If you are replacing an existing sendmail installation with - Postfix, you need to keep the old sendmail program running for - some time in order to flush the mail queue. As superuser, execute - the following commands (your sendmail may be in a different place): +IMPORTANT: if you are REPLACING an existing sendmail installation +with Postfix, you may need to keep the old sendmail program running +for some time in order to flush the mail queue. As superuser, +execute the following commands (your sendmail, newaliases and mailq +programs may be in a different place): # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF - # chmod 755 /usr/sbin/sendmail.OFF - - As superuser, execute the commands from the Postfix source directory: - - # mkdir $command_directory - # cp bin/* $command_directory - - Alternative: leave the command executables in the Postfix source tree. + # mv /usr/bin/newaliases /usr/bin/newaliases.OFF + # mv /usr/bin/mailq /usr/bin/mailq.OFF + # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \ + /usr/bin/mailq.OFF -- Daemon directory. The pathname is configurable in /etc/postfix/main.cf. - Usually I install in /usr/libexec/postfix or in /usr/lib/postfix. +In order to install or upgrade Postfix: - As superuser, execute the commands from the Postfix source directory: +- Create a user "postfix" with a unique user id and group id. + Preferably, this is an account that no-one can log into. The + account does not need an executable login shell, and needs no + existing home directory. My password file entry looks like this: - # mkdir $daemon_directory - # cp libexec/* $daemon_directory + postfix:*:12345:12345:postfix:/no/where:/no/shell - Alternative: leave the daemon executables in the Postfix source tree. +- Make sure there is a corresponding alias in /etc/aliases: -- On-line manual pages: + postfix: root - # mkdir /some/where/man - # (cd man && tar cf - .) | (cd /some/where/man && tar xvf -) +- Review section 12 of this file, and decide if a world-writable + maildrop is OK, or if Postfix needs a set-gid posting agent. - Alternative: leave the manpages in the Postfix source tree. +- Run the INSTALL.sh script as the super-user: - You may wish to update your MANPATH so you can view the Postfix - manual pages. For example: + # sh INSTALL.sh - # export MANPATH - # MANPATH=/some/where/man:/usr/share/man:/usr/local/man + The INSTALL.sh script offers suggestions for pathnames that you + can override, either by editing INSTALL.sh or by specifying your + preferences interactively. INSTALL.sh stores your preferences in + the Postfix configuration directory in order to ease future installs. - Proceed to the section on how you wish to run Postfix on your particular machine: @@ -315,16 +284,8 @@ See also the "Care and feeding" section 13 below. 9 - Turning off sendmail forever ================================ -If you are going to REPLACE sendmail by Postfix, execute the -following commands. The text assumes that on your system, sendmail -is in /usr/sbin, and that mailq and newaliases are in /usr/bin. - - # mv /usr/bin/mailq /usr/bin/mailq.OFF - # mv /usr/bin/newaliases /usr/bin/newaliases.OFF - # chmod 755 /usr/bin/newaliases.OFF /usr/bin/mailq.OFF - - # ln -s /usr/sbin/sendmail /usr/bin/mailq - # ln -s /usr/sbin/sendmail /usr/bin/newaliases +Prior to installing Postfix you should save the existing sendmail +program files as described in section 6. Be sure to keep the old sendmail running for at least a couple days to flush any unsent mail. To do so, stop the sendmail daemon @@ -375,25 +336,7 @@ You can use $parameter before it is given a value. The Postfix configuration language uses lazy evaluation, and does not look at a parameter value until it is needed at runtime. -First of all you have to specify the userid that owns the Postfix -queue and most Postfix processes. The default setting, - - mail_owner = postfix - -should be appropriate for your system. I would recommend that you -create a dedicated user account "postfix", that is not in the same -group as other accounts. Preferably, this is an account that no-one -can log into. The account does not need an executable login shell, -and needs no existing home directory. My password file entry looks -like this: - - postfix:*:12345:12345:postfix:/no/where:/no/shell - -And there is a corresponding alias in /etc/aliases: - - postfix: root - -Secondly, you must specify what domain will be appended to a +First of all, you must specify what domain will be appended to a local address. The "myorigin" parameter defaults to the local hostname, but that is probably OK only for very small sites. @@ -439,18 +382,13 @@ lookups like this: disable_dns_lookups = yes -If you haven't used sendmail prior to using Postfix, you will have -to build the alias database (with: sendmail -bi, or: newaliases). - -Finally, specify the program, daemon and queue directories. For -example, +The FAQ (html/faq.html) has more hints and tips for firewalled +and/or dial-up networks. - command_directory = /usr/sbin - daemon_directory = /usr/libexec/postfix - queue_directory = /var/spool/postfix - -For further configuration information I suggest that you browse -the configuration documentation in the html subdirectory. +Finally, if you haven't used Sendmail prior to using Postfix, you +will have to build the alias database (with: sendmail -bi, or: +newaliases). Be sure to set up aliases for root and postmaster that +forward mail to a real person. 11 - To chroot or not to chroot ============================== @@ -490,32 +428,28 @@ Postfix offers a choice of submission mechanims. files have a specific format; less than one in 10^12 non-Postfix files would be recognized as a valid Postfix queue file. - In order to enable this mode, step into /etc/postfix and: + In order to enable maildrop world-write permission: - # cp postfix-script-nosgid postfix-script + - Specify "no" when asked by the INSTALL.sh script whether + Postfix needs set-gid privileges. 2 - On systems with many users it may be desirable to revoke maildrop directory world write permission, and to enable set-gid privileges - on a small "postdrop" command that is provided for this purpose. + on a small "maildrop" command that is provided for this purpose. + + In order to revoke maildrop world-write permission: - In order to revoke world-write permission, create a group - "maildrop" that is unique and that does not share its group ID - with any other user, certainly not with the postfix account, - then execute the following commands to make "postdrop" set-gid, - and to make maildrop non-writable for unprivileged users: + - Create a group "maildrop" that is unique and that does not + share its group ID with any other user, certainly not with + the postfix account, - # chgrp maildrop /var/spool/postfix/maildrop /some/where/postdrop - # chmod 1730 /var/spool/postfix/maildrop - # chmod 2755 /some/where/postdrop + - Specify "maildrop" when asked by the INSTALL.sh script whether + Postfix needs set-gid privileges. The sendmail posting program will automatically invoke the postdrop command when maildrop directory write permission is restricted. - In order to enable this mode, step into /etc/postfix and: - - # cp postfix-script-sgid postfix-script - 13 - Care and feeding of the Postfix system =========================================== diff --git a/postfix/INSTALL.sh b/postfix/INSTALL.sh new file mode 100644 index 000000000..6945c7c56 --- /dev/null +++ b/postfix/INSTALL.sh @@ -0,0 +1,244 @@ +#!/bin/sh + +# Sample Postfix installation script. Run this from the top-level +# Postfix source directory. + +PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc +umask 022 + +cat </dev/null 2>&1 || { + cp $2 junk || exit 1 + mv -f junk $3 || exit 1 + chmod $1 $3 || exit 1 + } +} + +compare_or_symlink() { + cmp $1 $2 >/dev/null 2>&1 || { + ln -s $1 junk || exit 1 + mv -f junk $2 || exit 1 + } +} + +compare_or_move() { + cmp $2 $3 >/dev/null 2>&1 || { + mv -f $2 $3 || exit 1 + chmod $1 $3 || exit 1 + } +} + +# How to supress newlines in echo + +case `echo -n` in +"") n=-n; c=;; + *) n=; c='\c';; +esac + +for name in config_directory daemon_directory command_directory \ + queue_directory sendmail_path newaliases_path mailq_path owner \ + setgid manpages +do + while : + do + eval echo \$n "$name: [\$$name]\ \$c" + read ans + case $ans in + "") break;; + *) eval $name=\$ans; break;; + esac + done +done + +# Sanity checks + +for path in $config_directory $daemon_directory $command_directory \ + $queue_directory $sendmail_path $newaliases_path $mailq_path $manpages +do + case $path in + /*) ;; + no) ;; + *) echo "$path should be an absolute path name" 1>&2; exit 1;; + esac +done + +grep "^$owner:" /etc/passwd >/dev/null || { + echo "$owner needs an entry in the passwd file" 1>&2 + echo "Remember, $owner must have a dedicated user id and group id." 1>&2 + exit 1 +} + +case $setgid in +no) ;; + *) grep "^$setgid:" /etc/group >/dev/null || { + echo "$setgid needs an entry in the group file" 1>&2 + echo "Remember, $setgid must have a dedicated group id." 1>&2 + exit 1 + } +esac + +# Create any missing directories. + +test -d $config_directory || mkdir -p $config_directory || exit 1 +test -d $daemon_directory || mkdir -p $daemon_directory || exit 1 +test -d $command_directory || mkdir -p $command_directory || exit 1 +test -d $queue_directory || mkdir -p $queue_directory || exit 1 + +# Save settings. + +(echo "# This file was generated by $0" +for name in config_directory daemon_directory command_directory \ + queue_directory sendmail_path newaliases_path mailq_path owner \ + setgid manpages +do + eval echo $name=\$$name +done) >junk || exit 1 +compare_or_move a+x,go-w junk $config_directory/install.cf || exit 1 +rm -f junk + +# Install files. Be careful to not copy over running programs. + +for file in `ls libexec` +do + compare_or_replace a+x,go-w libexec/$file $daemon_directory/$file || exit 1 +done + +for file in `ls bin | grep '^post'` +do + compare_or_replace a+x,go-w bin/$file $command_directory/$file || exit 1 +done + +test -f bin/sendmail && { + compare_or_replace a+x,go-w bin/sendmail $sendmail_path || exit 1 + compare_or_symlink $sendmail_path $newaliases_path + compare_or_symlink $sendmail_path $mailq_path +} + +compare_or_replace a+r,go-w conf/LICENSE $config_directory/LICENSE || exit 1 + +test -f $config_directory/main.cf || { + cp conf/* $config_directory || exit 1 + chmod a+r,go-w $config_directory/* || exit 1 + sed " + s;^daemon_directory .*;daemon_directory = $daemon_directory; + s;^command_directory .*;command_directory = $command_directory; + s;^queue_directory .*;queue_directory = $queue_directory; + s;^mail_owner .*;mail_owner = $mail_owner; + " conf/main.cf >$config_directory/main.cf || exit 1 + + echo "Warning: you still need to edit myorigin/mydestination in" 1>&2 + echo "$config_directory/main.cf. See also html/faq.html for dialup" 1>&2 + echo "sites or for sites inside a firewalled network." 1>&2 + echo "" 1>&2 + echo "BTW, Edit your alias database and be sure to set up aliases" 1>&2 + echo "for root and postmaster, then run the newaliases command." 1>&2 +} + +# Use set-gid privileges instead of writable maildrop (optional). + +test -d $queue_directory/maildrop || { + mkdir -p $queue_directory/maildrop || exit 1 + chown $owner $queue_directory/maildrop || exit 1 +} + +case $setgid in +no) + chmod 1733 $queue_directory/maildrop || exit 1 + chmod g-s $command_directory/postdrop || exit 1 + postfix_script=conf/postfix-script-nosgid + ;; + *) + chgrp $setgid $command_directory/postdrop || exit 1 + chmod g+s $command_directory/postdrop || exit 1 + chgrp $setgid $queue_directory/maildrop || exit 1 + chmod 1730 $queue_directory/maildrop || exit 1 + postfix_script=conf/postfix-script-sgid + ;; +esac + +compare_or_replace a+x,go-w $postfix_script $config_directory/postfix-script || + exit 1 + +# Install manual pages (optional). We just clobber whatever is there. + +case $manpages in +no) ;; + *) test -d $manpages || mkdir -p $manpages || exit 1 + (cd man && tar cf - man?) | (cd $manpages && tar xf -) +esac diff --git a/postfix/Makefile.in b/postfix/Makefile.in index af3c9ba81..9c14f10a5 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -1,7 +1,7 @@ SHELL = /bin/sh WARN = -Wmissing-prototypes OPTS = "CC=$(CC)" -DIRS = util global dns master postfix smtpstone fsstone sendmail error \ +DIRS = util global dns master postfix smtpstone sendmail error \ pickup cleanup smtpd local trivial-rewrite qmgr smtp bounce pipe \ showq postalias postcat postconf postdrop postkick postlock postlog \ postmap postsuper # man html diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 23bdccade..6b58ef79d 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,4 +1,4 @@ -Incompatible changes with postfix-19990904 +Incompatible changes with postfix-19990906 ========================================== - On systems that use user.lock files to protect system mailboxes @@ -14,7 +14,7 @@ restore previous behavior. - The Postfix to PCRE interface now expects PCRE version 2.08. Postfix is no longer compatible with PCRE versions prior to 2.06. -Major changes with postfix-19990904 +Major changes with postfix-19990906 =================================== Several bugfixes, none related to security. See the HISTORY file @@ -25,6 +25,10 @@ which does not carry the controversial termination clause. The new license does have a requirement that contributors make source code available. +- INSTALL.sh install/upgrade procedure that replaces existing +programs and shell scripts instead of overwriting them, and that +leaves existing queue files and configuration files alone. + - The ugly Delivered-To: header can now be turned off selectively. The default setting is: "prepend_delivered_header = command, file, forward". Turning off the Delivered-To: header when forwarding diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index b686c373a..f845634c9 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -23,14 +23,14 @@ program_directory = /some/where/postfix/bin # The command_directory parameter specifies the location of all # postXXX commands. The default value is $program_directory. # -#command_directory = /usr/sbin +command_directory = /usr/sbin # The daemon_directory parameter specifies the location of all Postfix # daemon programs (i.e. programs listed in the master.cf file). The # default value is $program_directory. This directory must be owned # by root. # -#daemon_directory = /usr/libexec/postfix +daemon_directory = /usr/libexec/postfix # QUEUE AND PROCESS OWNERSHIP # @@ -40,7 +40,7 @@ program_directory = /some/where/postfix/bin # OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In particular, # don't specify nobody or daemon. PLEASE USE A DEDICATED USER. # -#mail_owner = postfix +mail_owner = postfix # The default_privs parameter specifies the default rights used by # the local delivery agent for delivery to external file or command. diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index 99323fe9d..f2989510c 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -190,6 +190,7 @@ smtpd_sender_restrictions = # reject_unknown_sender_domain: reject sender domain without A or MX record. # check_relay_domains: permit only mail from/to domains in $relay_domains. # reject_unauth_destination: reject mail not to domains in $relay_domains. +# reject_unauth_pipelining: reject mail from improperly pipelining spamware # permit_mx_backup: accept mail for sites that list me as MX host. # reject_unknown_recipient_domain: reject domains without A or MX record. # check_recipient_access maptype:mapname diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index 4526e758c..aca279b43 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-19990905" +#define DEF_MAIL_VERSION "Postfix-19990906" extern char *var_mail_version; /* LICENSE diff --git a/postfix/html/uce.html b/postfix/html/uce.html index a35d91f3b..6e113edfe 100644 --- a/postfix/html/uce.html +++ b/postfix/html/uce.html @@ -211,6 +211,8 @@ rejected requests (default: 554).
reject +
reject_unauth_pipelining +
See generic restrictions. @@ -358,6 +360,8 @@ code for REJECT results (default: 554).
reject +
reject_unauth_pipelining +
See generic restrictions. @@ -470,6 +474,8 @@ response code to rejected requests (default: 504).
reject +
reject_unauth_pipelining +
See generic restrictions. @@ -538,10 +544,10 @@ parameter specifies the response code for rejected requests (default:
reject_unauth_destination
Ignore the client -hostname. Permit the request when the resolved destination address -matches $relay_domains, otherwise -reject. The relay_domains_reject_code parameter specifies -the response code for rejected requests (default: 554). +hostname. Reject the request when the resolved destination address +does not match $relay_domains. The +relay_domains_reject_code parameter specifies the response +code for rejected requests (default: 554).

@@ -627,6 +633,8 @@ response code to rejected requests (default: 504).

reject +
reject_unauth_pipelining +
See generic restrictions. @@ -717,6 +725,8 @@ the request if the result is anything else. The access_map_reject_code
reject +
reject_unauth_pipelining +
See generic restrictions. @@ -755,6 +765,16 @@ policy explicit. The reject_code configuration parameter specifies the response code to rejected requests (default: 554). +

+ + + +

reject_unauth_pipelining
Reject the request when +the client sends SMTP commands ahead of time without knowing that +Postfix actually supports SMTP command pipelining. This stops mail +from bulk mail software that improperly uses SMTP command pipelining +to speed up deliveries. + diff --git a/postfix/smtpstone/throughput b/postfix/smtpstone/throughput new file mode 100644 index 000000000..4853d7588 --- /dev/null +++ b/postfix/smtpstone/throughput @@ -0,0 +1,28 @@ +Host: P233 BSD/OS 3.1 smtp-source and smtp-sink on the same host, +100 msgs in 10 sessions. + +send = time to send 100 msgs into postfix +rest = time for Postfix to finish +total = total elapsed time + +19990627 + +send rest total +14 10 25 +10 8 18 + 9 10 19 + 9 17 26 + 8 11 19 + 8 9 17 + +19990906 + +send rest total +10 15 25 + 9 10 19 + 8 9 17 + 9 8 17 + 8 9 17 + 9 8 17 + 8 9 17 + 8 8 16