slackware-current/patches/source/postfix/doinst.sh
Patrick J Volkerding d46ef1440f Sat Dec 23 02:48:56 UTC 2023
patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz:  Upgraded.
  Security: this release adds support to defend against an email spoofing
  attack (SMTP smuggling) on recipients at a Postfix server. Sites
  concerned about SMTP smuggling attacks should enable this feature on
  Internet-facing Postfix servers. For compatibility with non-standard
  clients, Postfix by default excludes clients in mynetworks from this
  countermeasure.
  The recommended settings are:
    # Optionally disconnect remote SMTP clients that send bare newlines,
    # but allow local clients with non-standard SMTP implementations
    # such as netcat, fax machines, or load balancer health checks.
    #
    smtpd_forbid_bare_newline = yes
    smtpd_forbid_bare_newline_exclusions = $mynetworks
  The smtpd_forbid_bare_newline feature is disabled by default.
  For more information, see:
    https://www.postfix.org/smtp-smuggling.html
  (* Security fix *)
2023-12-23 13:30:45 +01:00

76 lines
2.2 KiB
Bash

config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
# toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
preserve_perms() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
if [ -e $OLD ]; then
cp -a $OLD ${NEW}.incoming
cat $NEW > ${NEW}.incoming
mv ${NEW}.incoming $NEW
fi
config $NEW
}
# Make sure that the postfix user (UID 91, GID 91), and the
# postdrop group (GID 92) exist on this system:
if ! grep -q "^postfix:" etc/passwd ; then
echo "postfix:x:91:91:User for Postfix MTA:/dev/null:/bin/false" >> etc/passwd
fi
if ! grep -q "^postfix:" etc/group ; then
echo "postfix:x:91:" >> etc/group
fi
if ! grep -q "^postdrop:" etc/group ; then
echo "postdrop:x:92:" >> etc/group
fi
find etc/postfix -type f -name '*.new' | while read new ; do
config $new
done
preserve_perms etc/rc.d/rc.postfix.new
config etc/aliases.new
# Don't keep aliases.new. If it exists, the user already defined aliases.
rm -f etc/aliases.new
# No reason to keep these: upgrade-configuration will take care of merging
# changes needed to the existing files
rm -f etc/postfix/main.cf.new etc/postfix/master.cf.new
# This is for backward compatibility with the old Sendmail package; some
# software might still expect to find the /usr/lib/sendmail link.
if [ ! -d usr/lib ]; then
mkdir -p usr/lib
( cd usr/lib ; rm -f sendmail )
( cd usr/lib ; ln -s /usr/sbin/sendmail sendmail)
fi
## COMMENTED OUT
## (The Slackware package should ship with correct permissions)
##
## This will set the permissions on all postfix files correctly
#if [ -x usr/sbin/postfix ]; then
# chroot . /usr/sbin/postfix set-permissions
#fi
# The upgrade-configuration command will add any necessary new settings to
# existing config files (/etc/postfix/{main,master}.cf). It won't hurt
# anything on a new install.
if [ -x usr/sbin/postfix ]; then
chroot . /usr/sbin/postfix upgrade-configuration 1> /dev/null 2> /dev/null
fi
# Process /etc/aliases into a database:
if [ -x usr/bin/newaliases ]; then
chroot . /usr/bin/newaliases 1> /dev/null 2> /dev/null
fi